Abstract

A great variety of well-known attacks exist for the IEEE 802.11 protocol. The lack of mechanisms for management frame authentication and the complexity of the protocol itself have derived into a considerable number of denial of service and identity spoofing attacks. As most denial of service attacks are based on spoofing of MAC addresses, spoofed frame detection schemes have gained attentions. Currently the most efficient techniques to detect this kind of attacks are based on the creation of profiles for the wireless nodes and behavior based protocol anomaly detection. However, these techniques tend to generate too many of false positives. This is caused by the unstable nature of the wireless medium and also because of the difficulty to model the behaviour of the diverse implementations from different manufacturers. One way to reduce false positives is to combine different techniques to carry out the analysis. We propose a novel method that identifies the impersonation of certain management frames, which helps to reduce the number of false positives within other existing MAC spoofing detection techniques.