Detecting Evil-Twin Attack with the Crowd Sensing of Landmark in Physical Layer

  • Chundong Wang
  • Likun Zhu
  • Liangyi GongEmail author
  • Zheli Liu
  • Xiuliang Mo
  • Wenjun Yang
  • Min Li
  • Zhaoyang Li
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11337)


With the popularity of mobile computing, WiFi has become one of the essential technologies for people to access the Internet, and WiFi security has also become a major threat for mobile computing. The Evil-Twin attack can steal a large amount of private data by forging the same SSID as the real Access Point. This paper proposes a passive Evil-Twin attack detection scheme through CSI in physical layer. First of all, we propose a location model based on the edge of landmark area. In this model, the improved MUSIC algorithm is used to calculate each AP’s AoA by CSI phase. Secondly, it proposes an algorithm for simplifying the generation of location model files, which is the dataset of a small number of AoA and RSSI samples. Finally, according to location model, attack detection algorithm combines a large number of crowd sensing data to determine whether it is a malicious AP. Experiments show that our attack detection system achieves a higher detection rate.



Our work was supported by the Foundation of the Educational Commission of Tianjin, China (Grant No.2013080), the General Project of Tianjin Municipal Science and Technology Commission under Grant (No.15JCYBJC15600), the Major Project of Tianjin Municipal Science and Technology Commission under Grant (No. 15ZXDSGX00030), and NSFC: The United Foundation of General Technology and Fundamental Research (No. U1536122). The authors would like to give thanks to all the pioneers in this field, and also gratefully acknowledge the helpful comments and suggestions of the reviewers, which have improved the presentation.


  1. 1.
    Alotaibi, B., Elleithy, K.: An empirical fingerprint framework to detect rogue access points. In: Systems, Applications and Technology Conference, pp. 1–7 (2015)Google Scholar
  2. 2.
    Bahl, P., et al.: Enhancing the security of corporate Wi-Fi networks using DAIR. In: International Conference on Mobile Systems, Applications, and Services, pp. 1–14 (2006)Google Scholar
  3. 3.
    Beyah, R., Kangude, S., Yu, G., Strickland, B.: Rogue access point detection using temporal traffic characteristics. In: Global Telecommunications Conference, GLOBECOM 2004, vol. 4, pp. 2271–2275. IEEE (2004)Google Scholar
  4. 4.
    Burns, A., Wu, L., Du, X., Zhu, L.: A novel traceroute-based detection scheme for Wi-Fi evil twin attacks. In: 2017 IEEE Global Communications Conference, GLOBECOM 2017 (2018)Google Scholar
  5. 5.
    Desmond, L.C.C., Yuan, C.C., Tan, C.P., Lee, R.S.: Identifying unique devices through wireless fingerprinting. In: ACM Conference on Wireless Network Security, WISEC 2008, Alexandria, VA, USA, 31 March–April, pp. 46–55 (2008)Google Scholar
  6. 6.
    Elleithy, K., Alotaibi, B.: A passive fingerprint technique to detect fake access points. In: IEEE Wireless Telecommunications Symposium (2015)Google Scholar
  7. 7.
    Han, H., Sheng, B., Tan, C.C., Li, Q., Lu, S.: A timing-based scheme for rogue ap detection. IEEE Trans. Parallel Distrib. Syst. 22(11), 1912–1925 (2011)CrossRefGoogle Scholar
  8. 8.
    Hsu, F.H., Wang, C.S., Hsu, Y.L., Cheng, Y.P., Hsneh, Y.H.: A client-side detection mechanism for evil twins. Comput. Electr. Eng. 59, 76–85 (2015)CrossRefGoogle Scholar
  9. 9.
    Jang, R.H., Kang, J., Mohaisen, A., Nyang, D.H.: Rogue access point detector using characteristics of channel overlapping in 802.11n. In: IEEE International Conference on Distributed Computing Systems, pp. 2515–2520 (2017)Google Scholar
  10. 10.
    Kaushal, P.K.: Survey on evil twin attack. Int. J. Sci. Eng. Res. 4(4), 54–58 (2016)Google Scholar
  11. 11.
    Kremer, I., Mansour, Y., Perry, M.: Implementing the “wisdom of the crowd”. In: Fourteenth ACM Conference on Electronic Commerce, pp. 605–606 (2013)Google Scholar
  12. 12.
    Li, M., Liu, Z., Li, J., Jia, C.: Format-preserving encryption for character data. J. Netw. 7(8), 1239 (2012)Google Scholar
  13. 13.
    Liu, Z., Li, T., Li, P., Jia, C., Li, J.: Verifiable searchable encryption with aggregate keys for data sharing system. Future Gener. Comput. Syst. 78, 778–788 (2018)CrossRefGoogle Scholar
  14. 14.
    Liu, Z., Luo, D., Li, J., Chen, X., Jia, C.: N-Mobishare: new privacy-preserving location-sharing system for mobile online social networks. Int. J. Comput. Math. 93(2), 384–400 (2016)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Mustafa, H., Xu, W.: CETAD: detecting evil twin access point attacks in wireless hotspots. In: Communications and Network Security, pp. 238–246 (2014)Google Scholar
  16. 16.
    Nivangune, M.K., Vanjale, S., Vanjale, M.: A survey on unauthorized AP detection in WLAN by measuring DNS RTT 4 (2013)Google Scholar
  17. 17.
    Jana, S., Kasera, S.K.: On fast and accurate detection of unauthorized wireless access points using clock skews. IEEE Trans. Mob. Comput. 9(3), 449–462 (2012). Mobicom 2008CrossRefGoogle Scholar
  18. 18.
    Tang, Z., et al.: Exploiting wireless received signal strength indicators to detect evil-twin attacks in smart homes. Mob. Inf. Syst. 2017(4), 1–14 (2017)Google Scholar
  19. 19.
    Wei, W., Jaiswal, S., Kurose, J., Towsley, D., Suh, K., Wang, B.: Identifying 802.11 traffic from passive measurements using iterative bayesian inference. IEEE/ACM Trans. Network. 20(2), 325–338 (2012)CrossRefGoogle Scholar
  20. 20.
    Yan, W., Wang, Q., Gao, Z.: Smart home implementation based on internet and WiFi technology. In: Control Conference, pp. 9072–9077 (2015)Google Scholar
  21. 21.
    Yang, C., Song, Y., Gu, G.: Active user-side evil twin access point detection using statistical techniques. IEEE Trans. Inf. Forensics Secur. 7(5), 1638–1651 (2012)CrossRefGoogle Scholar
  22. 22.
    Yang, Z., Zhou, Z., Liu, Y.: From RSSI to CSI: Indoor localization via channel response. ACM Comput. Surv. 46(2), 1–32 (2014)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Chundong Wang
    • 1
    • 2
  • Likun Zhu
    • 1
    • 2
  • Liangyi Gong
    • 1
    • 2
    Email author
  • Zheli Liu
    • 3
  • Xiuliang Mo
    • 1
    • 2
  • Wenjun Yang
    • 1
    • 2
  • Min Li
    • 3
  • Zhaoyang Li
    • 3
  1. 1.Key Laboratory of Computer Vision and System, Ministry of EducationTianjin University of TechnologyTianjinChina
  2. 2.Tianjin Key Laboratory of Intelligence Computing and Novel Software Technology, Ministry of EducationTianjin University of TechnologyTianjinChina
  3. 3.Nankai UniversityTianjinChina

Personalised recommendations