dc.description.abstract | Network spoofing is becoming a common attack in wireless networks. Similarly, there is a
rapid growth of numbers in mobile devices in the working environments. The trends pose a
huge threat to users since they become the prime target of attackers. More unfortunately,
mobile devices have weak security measures due to their limited computational powers,
making them an easy target for attackers. Current approaches to detect spoofing attacks focus
on personal computers and rely on the network hosts’ capacity, leaving users with mobile
devices at risk. Furthermore, some approaches on Android-based devices demand root
privilege, which is highly discouraged. This research aims to study users' susceptibility to
network spoofing attacks and propose a detection solution in Android-based devices. The
presented approach considers the difference in security information and signal levels of an
access point to determine its legitimacy. On the other hand, it tests the legitimacy of the captive
portal with fake login credentials since, usually, fake captive portals do not authenticate users.
The detection approaches are presented in three networks: (a) open networks, (b) closed
networks and (c) networks with captive portals. As a departure from existing works, this
solution does not require root access for detection, and it is developed for portability and better
performance. Experimental results show that this approach can detect fake access points with
an accuracy of 98% and 99% at an average of 24.64 and 7.78 milliseconds in open and closed
networks, respectively. On the other hand, it can detect the existence of a fake captive portal at
an accuracy of 88%. Despite achieving this performance, the presented detection approach does
not cover APs that do not mimic legitimate APs. As an improvement, future work may focus
on pcap files which is rich of information to be used in detection. | en_US |