Detection of Stealth Man-In-The-Middle Attack in Wireless LAN

Wireless Local Area Networks (WLANs) are acquiring their hold in all the verticals of life. WLANs have gone through rapid changes with respect to their security standards in near time. Man-in-the-Middle (MITM) attack is one of the most catastrophic attacks in WLAN. Stealth MITM (SMITM) attack is a new way of doing MITM based on Address Resolution Protocol (ARP) poisoning. In this attack, ARP poisoning is done directly to the victim by forging the frame ARP response protocol structure and exploiting WPA2 key management. In this paper we propose a Wireless Intrusion Detection System (WIDS) for SMITM attack. The proposed WIDS successfully detects the SMITM attack and other similar attacks like MITM (using ARP poisoning) and IP Spoofing. The proposed WIDS system is simulated in NS-3 network simulator and the scheme is found to work correctly when the attacker is static and is under the coverage of a single sensor during the complete period of attack.