A Signature-Based Wireless Intrusion Detection System Framework for
Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks
One of the advanced Man-in-the-Middle (MitM) attacks is the
Multi-Channel MitM (MC-MitM) attack, which is capable of manipulating
encrypted wireless frames between clients and the Access Point (AP) in a
Wireless LAN (WLAN). MC-MitM attacks are possible on any client no
matter how the client authenticates with the AP. Key reinstallation
attacks (KRACK) in 2017-18, and the latest FragAttacks in 2021 are
frontline MC-MitM attacks that widely impacted millions of Wi-Fi
systems, especially those with Internet of Things (IoT) devices.
Although there are security patches against some attacks, they are not
applicable on every Wi-Fi or IoT device. In addition, existing defense
mechanisms to combat MC-MitM attacks are not feasible because of two
reasons: they either require stringent firmware modifications on all the
devices in a system, or they mandate the use of several advanced
hardware and software for deployment. On top of that, high technical
overhead is imposed on users in terms of network setup and maintenance.
In this paper, we present a lightweight and signature-based intrusion
detection system framework to detect MC-MitM attacks. Our solution is a
centralized, online passive monitoring system for Wi-Fi-based IoT
environments without modifying any network settings or existing devices.
The evaluation results show that our proposed framework can detect
MC-MitM attacks with a maximum delay of 60 seconds and a minimum
accuracy of 90% by short-distance detectors and 84% by long-distance
detectors under normal network scenarios. Lastly, we identify our future
research works to conclude this paper.