الفهرس 
AbstractOnly 14 pages are availabe for public view
 |  | from | 117 |  |  |
| | | from | 117 | | |
Abstract
In IEEE 802.11 standard, the management frames are sent unencrypted in plain text, so the network name (SSID), MAC address (BSSID) and / or IP address can be easily spoofed by an attacker while Social Engineering is the art of exploiting the weakest link in information security systems. It is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. “Social engineering” is a technique that uses social influences to convince people that the offender (e.g., social engineer) is whom he claims or pretends to be. The offender takes advantage of people to obtain information or knowledge that should not have been accessed or revealed. It can be used to bypass intrusion detection systems, firewalls, and access control systems. One of its dangers is the harmless and legitimate appearance so that targets are unaware of being victimized. The result of a social engineering attack can be disastrous as accessing corporate networks, identity theft and /or monetary loss. Semantic attacks are the specific type of social engineering attacks that can bypass technical defenses by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Common examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed websites, WI-FI Evil Twin and scare ware as impersonating existing AP with faked one to steal sensitive information from the connected devices is known as an evil twin or (ET) attack. The current approaches for detecting ET AP depend on techniques such as clock skew, route option, IP packet header and data frame statistics. The relevant literature approaches are either outdated, limited in their detection methods, architecture and/or scope of detection. This research proposed an admin and user tool that can detect the evil twin attack or (ETA). In this paper, we detect the de-authentication and disassociation packets or both (mixed frames) as it is an essential part of ETA. By using a low-cost microcontroller capability to detect and classify frames and then trigger different lighting alerts for each type of frames. The main contribution of this paper does not lie only in its ability to detect different types of attack but also in detecting it in real time and determining the attacker’s MAC address. It is prototyped under real attack as it is implemented over two different scenarios in both admin and user side then compared with other detection methods. Experimental results show accuracy rate of 95.30% for the admin side in (DE authentication attack – disassociation attack – mixed attack - NP). While it proves an accuracy rate of 88.18% for the user side.