基于无线设备指纹的伪AP检测技术研究

信息安全研究 ›› 2020, Vol. 6 ›› Issue (5): 441-447.

基于无线设备指纹的伪AP检测技术研究

郑瑞环¹,潘亚雄²,胡勇³

1. 四川大学网络空间安全学院
2. 中物院成都科学技术发展中心
3. 四川大学

收稿日期:2020-04-29 出版日期:2020-05-15 发布日期:2020-04-29
通讯作者: 郑瑞环
作者简介:郑瑞环硕士研究生，主要研究方向为网络数据分析与信息安全. ruihuan.zheng@foxmail.com 潘亚雄硕士、高级工程师，主要研究方向为信息系统安全. panyaxiong@163.com 胡勇博士、研究员，主要研究方向为信息系统安全. huyong@scu.edu.cn

Research on Rogue AP Detection Based on Wireless Device Fingerprinting

Received:2020-04-29 Online:2020-05-15 Published:2020-04-29

摘要/Abstract

摘要： 随着移动互联网的普及，大量的设备通过无线接入点连接互联网．然而，频繁发生的无线网络攻击使得无线安全问题成为研究的热点之一．目前，伪AP是无线网络攻击的主要方式之一．当前检测伪AP的方式主要存在特征易被伪造、部署成本较高等问题．提出一种基于无线设备指纹的伪AP检测方法，该方法使用的特征难以被伪造，训练时仅需要合法AP的数据即可在检测阶段实现对伪AP的检测．首先收集合法AP的CSI数据，通过数据预处理，提取基于CSI相位信息的无线设备指纹；然后，基于提取的设备指纹生成样本对，训练Siamese网络并生成AP指纹库；在检测阶段，将待测样本与样本库中的指纹通过Siamese网络进行比对以实现伪AP的检测．实验对比了基于传统深度神经网络结构和卷积神经网络结构的Siamese网络在不同时间窗口下的合法AP分类准确率以及伪AP检测率．实验结果表明，提出的方法具有良好的前景，且基于卷积神经网络实现的Siamese网络具有更高的检测率．

关键词: 无线安全, 伪AP检测, 信道状态信息, 无线设备指纹, Siamese网络

Abstract: With the popularity of mobile Internet, a large number of devices are connected to the Internet through wireless access points. However, wireless security has been one of the hot research topics because of the frequent wireless network attacks. Currently, rogue AP attack is one of the popular methods of wireless network attacks. The current methods for detecting rogue AP have flaws such as features being easily forged and high deployment costs. A new method for detecting rogue AP based on wireless device fingerprinting was proposed. The features used in this method can hardly be forged, and the training data only need the data of legitimate AP for rogue AP detection. CSI data of legitimate AP were collected, and wireless device fingerprints based on CSI phase information were extracted after data preprocessing. Then, sample pairs were generated based on the extracted device fingerprints, the Siamese network was trained by the sample pairs and AP fingerprint database was created. During the detection phase, the AP to be tested was compared with the corresponding fingerprints in the fingerprint database by the Siamese network to detect rogue AP. The experiments compared the accuracy rate of legitimate AP test set classification and rogue AP detection rate of Siamese network based on traditional deep neural network structure and convolutional neural network structure under different time windows. The experimental results showed that the method proposed in this paper has good prospects, and the Siamese network based on convolutional neural network has a higher detection rate.

Key words: wireless security, rogue AP detection, channel state information, wireless device fingerprinting, Siamese network

郑瑞环潘亚雄胡勇. 基于无线设备指纹的伪AP检测技术研究[J]. 信息安全研究, 2020, 6(5): 441-447.

参考文献

[1]Kim M, Kwon S, Elmazi D, et al. A technical survey on methods for detecting rogue access points[C]// Proc of Int Conf on Innovative Mobile and Internet Services in Ubiquitous Computing. Berlin: Springer, 2019: 215-226 [2]Alotaibi B, Elleithy K. Rogue access point detection: Taxonomy, challenges, and future directions[J]. Wireless Personal Communications, 2016, 90(3): 1261-1290 [3]Github.Aircrack-ng[EB/OL].[2018-12-10].https://github.com/aircrack-ng/aircrack-ng [4]Github.WiFi-Pumpkin[EB/OL].[2019-04-07].https://github.com/P0cL4bs/WiFi-Pumpkin [5]Sriram V S S, Sahoo G, Agrawal K K. Detecting and eliminating rogue access points in IEEE-802.11 WLAN-a multi-agent sourcing methodology[C]//Proc of the 2nd Int Advance Computing Conf (IACC). Piscataway, NJ: IEEE, 2010: 256-260 [6]Nikbakhsh S, Manaf A B A, Zamani M, et al. A novel approach for rogue access point detection on the client-side[C]// Proc of the 26th Int Conf on Advanced Information Networking and Applications Workshops. Piscataway, NJ: IEEE, 2012: 684-687 [7]金双齐, 凌捷. 无线网络钓鱼 AP 攻击检测技术研究[J]. 计算机应用与软件, 2016, 33(10): 307-310 [8]冯鑫,胡勇.在智能家居环境下基于CSI的伪AP检测研究[J].信息安全研究, 2018, 4(2):163-169 [9]赵方圆. 基于EMD的射频指纹提取和识别算法研究[D].成都：电子科技大学,2019 [10]Jana S, Kasera S K. On fast and accurate detection of unauthorized wireless access points using clock skews[J]. IEEE Trans on Mobile Computing, 2009, 9(3): 449-462 [11]李雨珊.基于射频特征的接入认证研究[D].成都：电子科技大学,2019 [12]Hua J, Sun H, Shen Z, et al. Accurate and efficient wireless device fingerprinting using channel state information[C]//Proc of IEEE Conf on Computer Communications. Piscataway, NJ: IEEE, 2018: 1700-1708 [13]Adamsky F, Retunskaia T, Schiffner S, et al. WLAN device fingerprinting using channel state information (CSI)[C]//Proc of the 11th ACM Conf on Security & Privacy in Wireless and Mobile Networks. New York: ACM, 2018: 277-278 [14]Halperin D, Hu W, Sheth A, et al. Tool release: Gathering 802.11n traces with channel state information[J]. ACM SIGCOMM Computer Communication Review, 2011, 41(1): 53-53 [15] Bromley J , Guyon I , Lecun Y , et al. Signature verification using a siamese time delay neural network[C]//Proc of the 6th Int Conf on Neural Information Processing Systems. San Francisco, CA: Morgan Kaufmann, 1993: 737-744