New approach in detection MAC spoofing in a WiFi LAN

Abstract EN

Medium Access Control (MAC) spoofing attacks relate to an attacker altering the manufacturer assigned MAC address to any other value.

MAC spoofing attacks in Wireless Fidelity (WiFi) network are simple because of the ease of access to the tools of the MAC fraud on the Internet like MAC Makeup, and in addition to that the MAC address can be changed manually without software.

MAC spoofing attacks are considered one of the most intensive attacks in the WiFi network ; as result for that, many MAC spoofing detection systems were built, each of which comes with its strength and weak points.

This paper logically identifies and recognizes the weak points and masquerading paths that penetrate the up-to-date existing detection systems.

Then the most effective features of the existing detection systems are extracted, modified and combined together to develop more powerful detection system called Sequence Number with Rate and Signal Strength detection method (SN-R-SS).

SN-R-SS consists from three phases.

First phase is Window Sequence Numbers ; to detect suspicious spoofed frames in the network.

Second phase is Transmission Rate Analysis ; to reduce the amount of the suspicious spoofed frames that are generated from the first phase.

Finally, the third phase is Received Signal Strength ; this phase is decisive phase because it decides whether the suspicious spoofed frames are spoofed or not.

Commview for WiFi network monitor and analyzer is used to capturing frames from the radio channals.

Matlab software has been used to implement various computational and mathematical relations in SN-R-SS.

This detection method does not work in a real time because it needs a lot of computation.