Wireless LAN Intrusion Detection and Prevention

System for Malicious Access Point

Sandeep B. Vanjale P. B. Mane Sandip V. Patil
Ph.D. Research Scholar, Ph.D. Research Guide, BVU Pune. M.Tech Scholar,
Department of Computer Professor ,Department of Electronics Department of Computer
Engineering, BVUCOE, Engineering, AISSMSs IOIT, Engineering, BVUCOE
Pune, INDIA. Pune, INDIA. Pune, INDIA.
Email Id: sbvanjale@bvucoep.edu.in Email Id: pbmane6829@rediffmail.com Email Id: sandippatil82@gmaill.com

Abstract - In current trends, A Malicious AP might be set in 3. We implement efficiently to detect and prevent Malicious
any open spaces so as to imitate honest to goodness APs for APs on the network.
adaptation. Existing malicious AP detection methods analyze
wireless traffic by using extra devices, and the data of traffic II. BACKGROUND
is collected by servers. Malicious Access Points, if undetected,
So many highly security technique is necessary in order to
can take important data from the network. So many attackers
avoid threats against Wireless Local Networks (WLANs).
took advantages of the undetected Malicious Access Points in
Various threats are available on the Wireless Network; first on
ventures to not just get free Internet. In this paper, we
the serious threat is Malicious APs. A Malicious attack is
consider the problem of malicious attacks in wireless local
quick and easy to set as shown in fig. 1, attacker can easily set
area networks (WLANs). A Malicious is essentially a rogue
malicious access point. Usually Malicious Access Point uses
(phishing) Wi-Fi access point (AP) that looks like a legitimate
very strong wireless signals then the authorized Access Point
one (with the same SSID) and we consider an unprotected
inside the range. The attacker can bring out more serious
client, other networks client to avoid wireless unauthorized
attacks like DOS, MIMTM, SYN Attack, and FIN Attack. Its
clients.
mean that, malicious attack is a very bad threat to the WLAN
Security.
Keywords WLAN, RAP, Malicious Attacker, Evil Twin
Attack.

I. INTRODUCTION
Wireless LAN has a wide range of applications due to its easily
available in market. While users (especially smart phone users)
can access Wi-Fi wireless internet hotspot connections in
Fig. 1. Malicious
public more easily, they become to be more vulnerable to fraud
and identity theft, referred to as Malicious attacks. Malicious is III. ANALYSIS
a term for a rogue Wi-Fi access point that appears to be a A. Architecture
legitimate one offered on the premises, but actually has been
set up by a hacker to eavesdrop on wireless communications Solution is run on any type of network. For example wired and
among Internet surfers. The main things are what many papers wireless network. Our result for client and server side also. So
in only client side or server side is protecting not all systems. results is automatically detects malicious access points on the
So our solution automatically detects malicious access points network and block them.
on the network and block. We have created the white list
containing authorized clients. We compare their IP Address, B. Skin Texture
SSID and MAC Address then find out the unauthorized AP or
Automatically Detection of Malicious AP.
clients.
Two to Three ms detect the Malicious AP.
We focus some important points are as follows:
Highly secure.
1. We observed and analyzed different types of techniques
To save the less bandwidth of the network.
to detect Malicious APs.
2. We implement a new lightweight server and client side
C. System Architecture
malicious detection solution.

978-9-3805-4416-8/15/$31.00 2015
c IEEE 487
 If doesnt match with white list info then Malicious AP
detected;
If step 3 is true then invoke prevention;
Send De-Authorized to Malicious AP;
Go to step 1
Do nothing;
Display message Malicious AP is not present;
End
Main formula
Bernoulli statistical trial probability.

N N r N-x
P detection = p (1-P)
r=1 x

Parameters,

Interval - The period of time between sending two

beacon frames.
t on time (on time phase) - The activity interval during which
an attempt to connect client to AP.
NP Number of messages.
1-Pn Reply to malicious AP beacon frame

NP = floor t on time +1

Fig.2. System Architecture Overhead (O) is calculated as follows,

C1, C2, C3, C4, C5 Wired Device, C6 Wireless Devices, AP: O = floor t on time + 1 + (1-pn)
Access Point, MAP: Malicious AP, WLAN wireless network.
System Architecture in that we consider the wired network C1 Using set theory,
to C5 are wired client and one is the wireless client C6. They Let,
are connected to authorize access point like AP, and other WA = White list of APs where {a0, a1 an}
things WLAN also create malicious access point like MAP. So WD = Detected APs List {d0, d1dn}
they trying to connect authorized client system and connect WM = Malicious AP detected list.
successfully. And with our system that detect the malicious WM = WD WA
access point and prevent De-Authentication rule and avoid that We used Authentication and De-Authentication rules and
client. create the one white list (WA) in that our authorized client IP,
SSID, MAC address is store. Only they can access the
D. Implementation. wireless network. WD is detected access point list, and WM is
malicious access point detected list. As per set theory we get
We have implemented our approach using Python development
an unauthorized client lists.
Kit. We have created the white list of authorized clients.
Compare their IP Address, SSID and MAC Address then find
F. Results
out the unauthorized clients. Our approach on a computer with
an Intel Processors CPU and 2GB RAM, running Linux. We We tested this application with two AP with one AP as
have used Three Access Points. malicious AP and one AP as authorized AP.

E. Algorithm
Input : Beacon Frames, Provide the authorized AP lists
Output: IP, SSID and MAC address of Malicious AP
Begin
Scan for beacon frames-Extract SSID & APs MAC from it;
Check captured info with white list it match then go to steps 6;

488 2015 2nd International Conference on Computing for Sustainable Global Development (INDIACom)
 Fig.3.Interface Fig.5. Preventions

Interface in that to enable the interface card by some command. Preventions in that show the malicious access point with IP
Address, SSID, and MAC Address and detection time in
milliseconds.

No of Packets

Time in millisecond

Fig.6.AP Detection Overhead.

In above graph to access point detect the overhead in various

timing and no of packets. For example Morning, Afternoon
and Evening.

Fig.4.Detection

Detection in that to run our system and detection mode is start.

So they will show white list or authorized AP and unauthorized
AP.

2015 2nd International Conference on Computing for Sustainable Global Development (INDIACom) 489
 No of Packets
Science and Management Studies, Vol 11, Issue 02,
Aug 2011, IJCSMS, ISSN (Online) 2231-5268,
www.ijcsms.com.
[5] Sandeep Vanjale, Dr. P.B.Mane A Novel approach for
Fake Access point Detection and Prevention in
Wireless Network in International Journal of
Computer Science Engineering and Information
Technology(IJCSEITR)/Vol.-4/ Issue-1/Feb
2014.ISSN:2249-7943(Online) and ISSN:2249-
6831(Print).
[6] Sandeep Vanjale, Dr. P.B.Mane Integrated Rogue
Time in millisecond Access Point Detection System And Counter Attack In
Wireless LAN in Journal of Emerging Technologies
Fig.7.AP Prevention Overhead. And Applications In Engineering Technology And
Science.(IJ-ETA-ETS).ISSN-0974-3588 January
In above graph to access point prevent the overhead in various June 2011. Vol.4, Issue 1, Page No-210-13.
timing and no of packets. For example Morning, Afternoon and
Evening.

G. Blocking Mechanism
To achieve this, we used IEEE 802.1 Authentication and De-
Authentication algorithms and create the one white list in that
our authorized clients IP address, SSID, MAC addresses are
stored. Only they can access the wireless network. Otherwise
out of white list IP detected they are not connected because of
De-Authentication scenario. Show the IP, SSID and MAC
Address as result and also show the detection time.

H. Effectiveness
To detect the malicious access point to various networks.

IV. CONCLUSION
In our solution, we have presented the simple Intrusion
Detection and Prevention approach for malicious Access Points
in Wireless LAN. The growing acceptance of wireless local
area networks (WLAN) presented different risks of wireless
security attacks. Malicious access points, if unnoticed, can
pinch sensitive information on the network.

REFERENCES
Journal References
[1] Sandeep Vanjale, Sandip Patil, Dr. P.B.Mane, Wireless
LAN Intrusion Detection System (WLIDS) for
Malicious Access Point: Goa Conference IRAJ, and 13
July 2014.
[2] Sandeep Vanjale and, Sandip Patil, A Survey on
Malicious Access Point Detection Methods for Wireless
Local Area Network, IJCSE (E-ISSN: 2347-2693)
Vol.2, Issue 3, March 2014.
[3] Sandeep Vanjale, Swati Jadhav, Dr. P.B.Mane Illegal
Access Point Detection Using Clock Skews Method in
Wireless LAN, IEEE 2014.
[4] Sandeep Vanjale, Dr. P.B.Mane WLAN Intrusion
Detection System in International Journal of Computer

490 2015 2nd International Conference on Computing for Sustainable Global Development (INDIACom)