Title: Lightweight MAC-spoof detection exploiting received signal power and median filtering

Authors: Davide Papini

Addresses: DTU Informatics, Asmussens Alle, 2800 Kgs. Lyngby, Denmark

Abstract: IEEE 802.11 networks are subject to MAC-spoof attacks. With this an attacker can steal the identity of a legitimate station, even access points, enabling him to take full control over network basic mechanisms and possibly access restricted resources. In this paper, we propose a new method to detect this, based on signal power monitoring. The main contribution of our work is the introduction of a median filter that enables the detection of the attack by looking at the variance of the signal power. We take into account two types of references for the samples: 1) time; 2) number of frames, and compare their detection capabilities. Our experimental results show that the spoofing attack is successfully detected with both types of references. Moreover the median filter helps to reject false positives.

Keywords: intrusion detection systems; network security; IEEE 802.11; wireless LANs; signal power monitoring; signal distribution; signal power variance; median filters; MAC spoof; medium access control; local area networks; wireless networks; spoofing attacks.

DOI: 10.1504/IJCCBS.2012.053204

International Journal of Critical Computer-Based Systems, 2012 Vol.3 No.4, pp.247 - 261

Published online: 16 Aug 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article