Detecting IEEE 802.11 Client Device Impersonation on a Wireless Access Point

The ability to effortlessly construct and broadcast false messages makes IEEE 802.11 wireless networks particularly vulnerable to attack. False frame generation allows rogue devices to impersonate an au-thorized user and issue commands that impact the user’s network connection or possibly the entire network’s security. Unfortunately, the current device impersonation detection methods are unsuitable for small devices or real-time applications. Our contribution is to demonstrate that a rule-based learning classifier using several random forest (RF) features from an IEEE 802.11 frame can de-termine the probability that an impersonating device has generated that frame in real time. Our main innovation is a processing pipeline, and the algorithm that implements concurrent one-class classifiers on a per device basis yet is lightweight enough to run directly on a wireless access point (WAP) and produce real-time outputs.