Detection of MAC Spoofing Attacks in IEEE 802.11 Networks Using Signal Strength from Attackers’ Devices

  • R. Banakh
  • A. Piskozub
  • I. Opirskyy
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 754)


The main goal of this project is to improve intrusion detection process in IEEE 802.11 based networks in order to provide conditions for further interaction between attackers and honeypot. In order to gather metadata from clients’ devices, part of Wi-Fi Honeypot as a Service model was applied in the experiment, and for the first time ever. MAC addresses of access points and clients’ devices, probe requests, beacons and power of signal were used as basic data for further processing. Gathered metadata was used to detect malicious activities against network which is under defense and its clients. Several modifications of MAC spoofing attack were provided by authors in order to find attacks’ fingerprints in Wi-Fi ether. Besides base MAC spoofing attack authors suggested a method which allows to identify modification of MAC spoofing where attacker uses power antenna. Also, the new synchronization method for external elements of honeypot was proposed. It is based on centralized random message generation and allows to avoid detection from attackers’ side.


IEEE 802.11 Wi-Fi Intrusion detection MAC address Machine learning 


  1. 1.
    Medjadba, Y., Sahraoui, S.: Intrusion detection system to overcome a novel form of replay attack (data replay) in wireless sensor networks. Int. J. Comput. Netw. Inf. Secur. (IJCNIS) 8(7), 50–60 (2016). Scholar
  2. 2.
    Sobh, T.S.: Wi-Fi networks security and accessing control. Int. J. Comput. Netw. Inf. Secur. (IJCNIS) 5(7), 9–20 (2013). Scholar
  3. 3.
    Gaur, T., Sharma, D.: A secure and efficient client-side encryption scheme in cloud computing. Int. Wirel. Microwave Technol. (IJWMT) 6(1), 23–33 (2016). Scholar
  4. 4.
    Banakh, R., Stefinko, Y.: Single-board workstation as a component of honeypot in Wi-Fi networks. In: Proceedings of the 1st International Conference on Information Security in Modern Society, Lviv, Ukraine, 26 November 2015, pp. 6–7 (2015)Google Scholar
  5. 5.
    Banakh, R., Piskozub, A., Stefinko, Y.: External elements of honeypot for wireless network. In: Modern Proceedings of the XIIIth International Conference TCSET 2016, Lviv-Slavsko, Ukraine, pp. 480–482 (2016)Google Scholar
  6. 6.
    Banakh, R.: Wi-Fi honeypot as a service: conception of business model. In: Proceedings of VI International Conference on “Engineer of XXI Century”, Poland, Bielsko-Biała, 02 December 2016, pp. 59–64 (2016)Google Scholar
  7. 7.
    Shah, I.A., Hayat, S., Khan, I., Alam, I., Ullah, S., Afridi, A.: A compact, tri-band and 9-shape reconfigurable antenna for WiFi, WiMAX and WLAN applications. Int. J. Wirel. Microwave Technol. (IJWMT) 6(5), 45–53 (2016). Scholar
  8. 8.
    Varadharajan, V., Tupakula, U.: Security as a service model for cloud environment. IEEE Trans. Netw. Serv. Manag. 11(1), 60–75 (2014)CrossRefGoogle Scholar
  9. 9.
    Banakh, R., Piskozub, A., Stefinko, Y.: Concept of secured cloud infrastructure using honeypots. Autom. Measur. Control 821, 74–78 (2015)Google Scholar
  10. 10.
    Tao, Z., Nath, B., Lonie, A.: An optimal sensor architecture for Wi-Fi intrusion detection. Int. J. Comput. Sci. Netw. Secur. (IJCSNS) 8(2), 10–19 (2008)Google Scholar
  11. 11.
    Sruthi B, M., Jayanthy, S.: Development of cloud based incubator monitoring system using raspberry Pi. Int. J. Educ. Manag. Eng. (IJEME) 7(5), 35–44 (2017).
  12. 12.
    Stefinko, Y., Piskozub, A., Banakh, R.: Concept and model for cloud infrastructure protection by using containers. In: Proceedings of VIII International Conference on Computer Science and Engineering, Ukraine, Lviv, pp. 81–82 (2016)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Lviv Polytechnic National UniversityLvivUkraine

Personalised recommendations