| As is well known,with the development of science and technology,wireless access point devices with great communication function have been built in KTV,hotels,coffee shops,suites,airports,etc,making users' work,entertainment and life more convenient.However,users' terminal devices are confronted with great threat in public places because of concealment of wireless access points' position and limited identification ability to malicious wireless access points.This thesis gives a malicious access point detection method based on pattern recognition theory by way of malicious access point behavior analysis and statistic pattern recognition method.The method,mainly consists of no-connection detection which is a preparatory detection of wireless access point and connection detection which is mainly for the devices that have connected to wireless access point.The two phases of the test help to confirm whether the user connects to the malicious Access Point device.The main work of this thesis is as follows:(1)This thesis begins with a discussion of hackers' malicious attack to terminal equipment,followed by stealing wireless Access Point password,establishing malicious access points,luring user connection and embedding malicious code.(2)Aiming at hackers' malicious attack,the thesis gives malicious Access Point recognition method based on pattern recognition.The method includes no-connection detection and connection detection.The former is,under the premise of no-connection to any wireless Access Point device,to get the features vector of wireless Access Point devices by iwlist tool to deal with data,and then to use cosine,modified cosine,match measure,unitary distance and so on to confirm whether there exists any device that is greatly different from other devices with the same name.The latter is to make operating system detection and network traffic forwarding detection after user has connected to a wireless access point.What's more,this thesis discusses a method of malicious Access Point location based on Received Signal Strength Indication.Without the connection to wireless Access Point,the malicious Access Point can be effectively located by acquiring the coordinates of the measuring points and the Received Signal Strength Indication information obtained at the measuring points and combining the localization method proposed in this thesis.(3)In order to verify the detection method proposed in this thesis,the normal wireless Access Point and malicious Access Point disguised as a normal device have been built in the experimental environment.The results show that the method of no-connection detection can effectively detect malicious Access Point hidden in the environment and that connection detection method could immediately identify malicious Access Point and report to the user when the user accidentally connected to the malicious Access Point.Moreover,when locating the two wireless Access Point devices based on Received Signal Strength Indication without connecting to any wireless Access Point,it shows that the locating accuracy of malicious wireless Access Point is between 2~4 meters in the area of 400~500 square meters(the specification of the experimental environment is about 22m*22m).The method of malicious Access Point detection based on statistical pattern recognition has better detection ability compared with other detection methods,and overcomes the shortcomings that traditional methods by combining no-connection detection and connection detection.Locating technology based Received Signal Strength Indication could be effectively locating malicious Access Point without relying on professional devices. |
PDF Full Text Request