Unlock instant, AI-driven research and patent intelligence for your innovation.

Multi-model pseudo AP detection method and device based on bidirectional SYN reflection

A detection method and reflection detection technology, which are applied in the field of communication security, can solve the problems of judging the type of phishing APs without a solution, identifying obstacles to the attack types of phishing APs, etc., and achieve the effect of maintaining network security and protecting user privacy.

Active Publication Date: 2019-09-06
OCEAN UNIV OF CHINA
View PDF7 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the above methods can identify phishing APs, no solution has been proposed for judging the type of phishing APs. There are technical obstacles in the existing technology for identifying the attack types of phishing APs.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-model pseudo AP detection method and device based on bidirectional SYN reflection
  • Multi-model pseudo AP detection method and device based on bidirectional SYN reflection
  • Multi-model pseudo AP detection method and device based on bidirectional SYN reflection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] Such as figure 1 As shown, the multi-model false AP detection method based on two-way SYN reflection includes:

[0042] Step S110, judging whether the AP detection set designated by the user has two or more APs with the same SSID, and if so, judging that the AP is a target AP.

[0043] Specifically, it is determined whether the wireless network environment to be detected contains two or more APs with the same SSID, if not, it indicates that there is no phishing risk in the wireless network environment to be detected, and the user can safely access any AP; If yes, it means that there is a suspicious AP in the wireless network environment to be detected. When the user accesses the suspicious AP, there will be a phishing risk, and further judgment is required to confirm whether the user can access it.

[0044] As an embodiment of the present invention, the Wi-Fi corresponding to the AP specified by the user is the detection range specified by the user according to the req...

Embodiment 2

[0065] see figure 2 As shown, the present invention provides the detection device of the multi-model false AP based on two-way SYN reflection, comprising:

[0066] The selection module is used to screen whether the AP detection set specified by the user has two or more APs with the same SSID, and if so, then determine that the AP is a target AP;

[0067] The reflection module is used to perform two-way SYN reflection detection, including constructing a SYN handshake packet to perform forward SYN reflection detection, and constructing a SYN handshake packet to perform reverse SYN reflection detection;

[0068] The judging module is used to judge whether there is a phishing AP attack and an attack model in the target network according to the situation of the received SYN-ACK packet. If two expected SYN-ACK packets are received, it is determined that the target AP is a legitimate AP. If only one expected SYN-ACK packet is received, it is determined that there is a serial phishi...

Embodiment 3

[0071] see image 3 As shown, the present invention also provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented:

[0072] First, through the selection module, the client selects the Wi-Fi to be connected or the Wi-Fi to be detected, and generates a valid set of APs to be detected. A valid AP to be detected refers to a different AP with the same SSID, that is, a target AP (suspect AP).

[0073] Then, through the reflection module, the two-way SYN reflection detection is performed. This step specifically includes three operations.

[0074] First, connect two network cards to two suspicious APs and obtain IP addresses.

[0075] Second, NIC one performs forward SYN reflection detection. At the same time, network card two sniffs whether a correct SYN-ACK packet arrives at network card two.

[0076] Third, network card two performs reverse SYN reflection det...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a multi-model pseudo AP detection method and detection device based on bidirectional SYN reflection, and the method comprises the steps: judging whether an AP detection set specified by a user has two or more APs with the same SSID or not, and judging that the AP is a target AP if the AP detection set specified by the user has two or more APs with the same SSID; using two network cards to respectively connect the target AP, obtaining the allocated IP address, and executing bidirectional SYN reflection detection; executing bidirectional SYN reflection detection; judgingwhether phishing AP attacks exist in the target AP or not according to the condition of the received SYN-ACK packet. Meanwhile, attacks of multi-model pseudo APs in the wireless local area network canbe independently detected, the attacks comprise a series phishing AP attack model and a phishing AP attack model, and the purposes of maintaining network safety and protecting user privacy are achieved.

Description

technical field [0001] The invention belongs to the technical field of communication security, in particular to a multi-model false AP detection method and detection device based on bidirectional SYN reflection. Background technique [0002] With the widespread use of wireless local area network (WLAN), its security issues have become particularly prominent and important. Before accessing a certain wireless network, it is first necessary to determine whether the AP corresponding to the wireless network is a suspicious AP. Suspicious APs may be fake APs used by attackers to trick wireless users into accessing and pretend to be legitimate APs, such as common phishing APs. Fake AP phishing attacks are one of the serious security threats in wireless networks. [0003] A phishing AP builds a phishing AP by imitating a normal AP, and then forces wireless clients to connect to the phishing AP by denial-of-service attacks on the legitimate AP or by providing a stronger signal than t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04W12/00H04W12/08H04W12/12H04W24/06H04W12/121H04W12/122
CPCH04W12/08H04W12/12H04W24/06H04W12/69
Inventor 卢倩曲海鹏蒋若冰欧阳宇展王晓东
Owner OCEAN UNIV OF CHINA