| With the rapid development of mobile Internet and wireless networks,malicious WiFi has become one of the main threats to wireless network security,which seriously affects public safety.Due to the lack of effective solutions,the key to improving wireless network security is to prevent its threat behavior in real time and accurately.Malicious WiFi attacks include Sybil attacks and evil twin attacks.The attack features mainly aim to steal user information and consume network bandwidth resources by forging APs or clients with the same id in the wireless network.Attackers can modify the content of the network protocol to avoid attack detection.Therefore,how to distinguish malicious APs from the physical layer is an important challenge.This paper analyzes the existing malicious WiFi attack detection methods at home and abroad,and the traditional attack detection algorithm consumes a lot of equipment and human resources.Combined with the physical layer Channel State Information(CSI),a detection system for Sybil attacks and malicious twin attacks is proposed respectively.The system solves the problems of multipath effect interference,angle of arrival calibration,etc.,and can realize physical layer fine-grained detection in commercial network card devices.The main work and innovations of this paper include the following four aspects:(1)This paper proposes an adaptive multi-signal classification algorithm for Sybil attack wave angle deviation problem.The algorithm adaptively eliminates phase deviation between antennas by setting an evaluation function.At the same time,it achieves better detection performance than the traditional multiple signal classification(MUSIC)algorithm.Through the angle detection combined with the attack space location model of the Sybil client,the malicious client can be distinguished to some extent from the physical layer.(2)This paper proposes a Sybil attack detection algorithm for the dynamic feature behavior and spatial position invariance of malicious nodes.This algorithm detects attacks simultaneously from both static and dynamic aspects.The static aspect combines the adaptive MUSIC algorithm to determine the angle,and the CSI amplitude and the Received Signal Strength Indication(RSSI)distinguish the location to determine the malicious node or the malicious AP.According to the amplitude characteristics of the attacker's motion,the dynamic aspect is effectively combined with the DBSCAN clustering algorithm to achieve dynamic attack detection.The system can be implemented on a common commercial network card,and a large number of experiments show that the attack detection system has a high detection rate.(3)This paper proposes an evil twin detection algorithm based on crowd senseing,in order to solve the problem of actively collecting a large amount of location information based on fingerprints.This algorithm proposes a location model based on AoA technology on the physical layer.The model only needs to collect a small number of CSI and RSSI features of specific Landmarks,and implement attack detection from Landmarks and Evil twin AP perspective.The crowd-senseing data collection method can upload the location information of the connected AP without an incentive mechanism,which simplifies the data collection process.(4)Because the traditional detection algorithm is unstable and the attacker can forge the transmission information of the network layer,according to the above theory,this paper detects the different attack types of the malicious WiFi.And this paper separately designed and verified different attack behavior experiments.It is verified that the detection error of the indoor adaptive multi-signal classification algorithm is 6.3 degrees.The average detection accuracy of static Sybil attacks is 98.5%,which verifies the stability and feasibility of physical layer detection.For different groups of Landmark areas,the detection accuracy of evil twin attacks can reach 94.7%,which effectively reduces fingerprint collection and enables detection of malicious WiFi from multiple locations. |
PDF Full Text Request