Deauthentication and Disassociation Detection and Mitigation Scheme Using Artificial Neural Network

  • Abdallah Elhigazi AbdallahEmail author
  • Shukor Abd Razak
  • Fuad A. Ghalib
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1073)


Wireless local area networks (WLAN) are increasingly deployed and widespread worldwide due to the convenience and the low cost that characterized it. However, due to the broadcasting and the shared nature of the wireless medium, WLANs are vulnerable to many kinds of attacks. Although there are many efforts to improve the security of a wireless network, some attacks are inevitable. Attackers can send fake de-authentication or disassociation frames to end the session a victim leading to a denial of service, stolen passwords, and leaks of sensitive information among many other cybercrimes. Effectively detecting such attacks is crucial in today’s critical applications. However, the extant security standards are vulnerable to such an attack, and it is still an open research problem. In this paper, a scheme called D3MS is proposed to detect and mitigate de-authentication and disassociation attack effectively. The aim is to construct a model that can distinguish between benign and fake frames by recognizing the normal behavior of the wireless station before sending the authentication and de-authentication frames. The hypothesis is that the emulating the normal behavior of a benign station prior to the authentication and de-authentication attack is useless. The experimentation results showed the effectiveness of the proposed detection technique. The proposed scheme has improved the detection performance by 64.4% comparing to the related work.


802.11 MAC, WLAN Artificial Neural Network, DOS 


  1. Ahlawat, R., Dulaney, K.: Magic quadrant for wireless LAN infrastructure 2006. Gartner Research (2006)Google Scholar
  2. Arockiam, L., Vani, B.: Framework to detect and prevent medium access control layer denial of service attacks in WLAN. IRACST–Int. J. Comput. Netw. Wirel. Commun. (IJCNWC) 3(2), 152–159 (2013)Google Scholar
  3. Aslam, B., Islam, M.H., Khan, S.: Pseudo randomized sequence number based solution to 802.11 disassociation denial of service attack. In: 2006 Proceedings of the First Mobile Computing and Wireless Communication International Conference, MCWC 2006. IEEE (2006)Google Scholar
  4. Bahl, P., Padmanabhan, V.N.: RADAR: An in-building RF-based user location and tracking system. In: Proceedings of Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2000. IEEE (2000)Google Scholar
  5. Bargh, M.S., Hulsebosch, R., Eertink, E., Prasad, A., Wang, H., Schoo, P.: Fast authentication methods for handovers between IEEE 802.11 wireless LANs. In: Proceedings of the 2nd ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots. ACM (2004)Google Scholar
  6. Barroso, L.A., Hölzle, U., Ranganathan, P.: The datacenter as a computer: designing warehouse-scale machines. Synth. Lect. Comput. Archit. 13(3), i–i189 (2018)CrossRefGoogle Scholar
  7. Bellardo, J., Savage, S.: 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions. USENIX Security (2003)Google Scholar
  8. Bello, L.L., Mariani, R., Mubeen, S., Saponara, S.: Recent advances and trends in on-board embedded and networked automotive systems. IEEE Trans. Ind. Inf. 15(2), 1038–1051 (2018)CrossRefGoogle Scholar
  9. Bicakci, K., Tavli, B.: Denial-of-service attacks and countermeasures in IEEE 802.11 wireless networks. Comput. Stan. Interfaces 31(5), 931–941 (2009)CrossRefGoogle Scholar
  10. Bicakci, K., Uzunay, Y.: Pushing the limits of address based authentication: how to avoid MAC address spoofing in wireless LANs. World Acad. Sci. Eng. Technol. 2, 214–223 (2008)Google Scholar
  11. Ferrag, M.A., Maglaras, L., Ahmim, A.: Privacy-preserving schemes for ad hoc social networks: a survey. IEEE Commun. Surv. Tutorials 19(4), 3015–3045 (2017)CrossRefGoogle Scholar
  12. Frankel, S., Eydt, B., Owens, L., Scarfone, K.: Establishing wireless robust security networks: a guide to IEEE 802.11 i. National Institute of Standards and Technology (2007)Google Scholar
  13. IW Group: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications (1997)Google Scholar
  14. Guo, F., Chiueh, T.-C.: Sequence number-based MAC address spoof detection. In: International Workshop on Recent Advances in Intrusion Detection. Springer (2005)Google Scholar
  15. Hogan, M., Newton, E.: Supplemental information for the report on strategic US government engagement in international standardization to achieve US objectives for cybersecurity (2015)Google Scholar
  16. Joshua Wright, G., Joshua, C.: Detecting wireless LAN MAC address spoofing. Cisco Certified Network Associate (2003)Google Scholar
  17. Lashkari, A.H., Danesh, M.M.S., Samadi, B.: A survey on wireless security protocols (WEP, WPA and WPA2/802.11 i). In: 2nd IEEE International Conference on Computer Science and Information Technology, 2009, ICCSIT 2009. IEEE (2009)Google Scholar
  18. Mar, J., Yeh, Y.-C., Hsiao, I.-F.: An ANFIS-IDS against deauthentication DOS attacks for a WLAN. In: 2010 International Symposium on Information Theory & Its Applications. IEEE (2010)Google Scholar
  19. Misra, S., Sarkar, S., Chatterjee, S.: Sensors, Cloud, and Fog: The Enabling Technologies for the Internet of Things. CRC Press (2019)Google Scholar
  20. Nandan, A., Das, S., Pau, G., Gerla, M., Sanadidi, M.: Co-operative downloading in vehicular ad-hoc wireless networks. In: Second Annual Conference on Wireless On-demand Network Systems and Services. IEEE (2005)Google Scholar
  21. Ratnayake, D.N., Kazemian, H.B., Yusuf, S.A.: Identification of probe request attacks in WLANs using neural networks. Neural Comput. Appl. 25(1), 1–14 (2014)CrossRefGoogle Scholar
  22. Samra, A.A., Abed, R.: Enhancement of passive mac spoofing detection techniques. Int. J. Adv. Comput. Sci. Appl. 1(5) (2010)Google Scholar
  23. Simic, D., Prodanovic, R.: A survey of wireless security. CIT J. Comput. Inf. Technol. 15(3), 237–255 (2007)CrossRefGoogle Scholar
  24. Singh, R., Sharma, T.P.: Detecting and reducing the denial of service attacks in WLANs. In: 2011 World Congress on Information and Communication Technologies (WICT). IEEE (2011)Google Scholar
  25. Singh, R., Sharma, T.P.: On the IEEE 802.11 i security: a denial-of-service perspective. Secur. Commun. Netw. 8(7), 1378–1407 (2015)CrossRefGoogle Scholar
  26. Stubblefield, A., Ioannidis, J., Rubin, A.D.: A key recovery attack on the 802.11 b wired equivalent privacy protocol (WEP). ACM Trans. Inf. Syst. Secur. (TISSEC) 7(2), 319–332 (2004)CrossRefGoogle Scholar
  27. Wang, L., Srinivasan, B.: Analysis and improvements over DoS attacks against IEEE 802.11 i standard. In: 2010 Second International Conference on Networks Security Wireless Communications and Trusted Computing (NSWCTC). IEEE (2010)Google Scholar
  28. Xia, H., Brustoloni, J.: Detecting and blocking unauthorized access in Wi-Fi networks. In: International Conference on Research in Networking. Springer (2004)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Abdallah Elhigazi Abdallah
    • 1
    Email author
  • Shukor Abd Razak
    • 1
  • Fuad A. Ghalib
    • 1
  1. 1.Information Assurance and Security Research, School of Computing, Faculty of EngineeringUniversiti Teknologi Malaysia (UTM)Johor BahruMalaysia

Personalised recommendations