EVIL TWIN ATTACK DETECTION IN IEEE 802.11 WIRELESS NETWORKS IN DENSE URBAN ENVIRONMENTS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2026.33.1279

Keywords:

Evil Twin attack, wireless networks, IEEE 802.11, Wi-Fi, RSSI, statistical anomaly detection, wireless network security, radio signal attenuation, sensor network

Abstract

The paper addresses the problem of detecting Evil Twin attacks on IEEE 802.11 wireless networks in dense urban environments with monolithic reinforced concrete construction, which significantly attenuates radio signals in the 2.4 and 5 GHz bands. In a full access point cloning scenario, the attacker copies both the network identifier and the hardware address of the legitimate device, making classical detection methods based on the analysis of management frame identifiers inapplicable. A detection method is proposed that uses a network of four indoor Wi-Fi sensors to continuously measure the received signal strength indicator of the legitimate access point and analyzes the geometric relationships between sensors. The method combines two independent detectors – a pair-wise residual detector S(t) based on a statistical model of signal power differences across all sensor pairs, sensitive to sustained violations of the spatial signal attenuation pattern, and an impulse detector based on the z-score of each sensor relative to its calibration baseline, which reacts to short, locally strong deviations lasting 2–5 minutes. Subsequent classification of impulse intervals by peak z-score magnitude allows separation of strong external attacks from regular human activity inside the room. Experimental validation was performed on a labeled set of 40 attacks using four types of antennas placed outside the concrete building. The method achieved 60% recall and 85.7% precision at the individual attack level, and 100% recall at the attack session level (groups of ten consecutive attacks per antenna). The developed approach does not require specialized hardware, operates on standard Wi-Fi chipsets, and can be deployed within existing infrastructure to protect critical infrastructure facilities.

Downloads

Download data is not yet available.

References

Vanhoef, M., & Ronen, E. (2020). Dragonblood: Analyzing the Dragonfly handshake of WPA3 and EAP-pwd. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP). IEEE.

Banakh, R., & Piskozub, A. (2018). Attackers' Wi-Fi devices metadata interception for their location identification. In Proceedings of the IEEE 4th International Symposium on Wireless Systems within the International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS-SWS) (pp. 112-116). IEEE.

Banakh, R., Piskozub, A., & Opirskyy, I. (2023). Devising a method for detecting “evil twin” attacks on IEEE 802.11 networks (Wi-Fi) with KNN classification model. Eastern-European Journal of Enterprise Technologies, 3(9), 20-32. https://doi.org/10.15587/1729-4061.2023.282131

Banakh, R., Nyemkova, E., Justice, C., Piskozub, A., & Lakh, Y. (2024). Data mining approach for evil twin attack identification in Wi-Fi networks. Data, 9(10), 119. https://doi.org/10.3390/data9100119

Agarwal, M., Biswas, S., & Nandi, S. (2018). An efficient scheme to detect evil twin rogue access point attack in 802.11 Wi-Fi networks. International Journal of Wireless Information Networks, 25(2), 130-145. https://doi.org/10.1007/s10776-018-0396-1

Yang, C., Song, Y., & Gu, G. (2012). Active user-side evil twin access point detection using statistical techniques. IEEE Transactions on Information Forensics and Security, 7(5), 1638-1651. https://doi.org/10.1109/TIFS.2012.2207383

Laurendeau, C., & Barbeau, M. (2008). Insider attack attribution using signal strength-based hyperbolic location estimation. Security and Communication Networks, 1(4), 337-349. https://doi.org/10.1002/sec.35

Tian, Y., Wang, S., & Zhang, L. (2021). Convolutional neural network based evil twin attack detection in WiFi networks. MATEC Web of Conferences, 336, 08006. https://doi.org/10.1051/matecconf/202133608006

Korobeinikova, T., & Kravchuk, N. (2025). ML-trained model and method for blocking dangerous queries. In Proceedings of the Cyber Security and Data Protection Workshop (CSDP 2025) (Vol. 4042, pp. 1-16). CEUR Workshop Proceedings.

Han, Z., Liao, J., Qi, Q., Sun, H., & Wang, J. (2020). Band steering technology based on QoE-oriented optimization in wireless networks. EURASIP Journal on Wireless Communications and Networking, 2020, 1640. https://doi.org/10.1186/s13638-020-1640-9

He, Y., Xu, M., Chen, Z., Xiao, F., & Luo, J. (2026). Beamforming-enabled integrated sensing and communication over commodity multi-user Wi-Fi. IEEE Transactions on Mobile Computing. Advance online publication. https://doi.org/10.1109/TMC.2026.3672117

He, Y., Xu, M., Chen, Z., Xiao, F., & Luo, J. (2025). Beam-Fi: Integrated sensing and communication via MU-MIMO upon commodity Wi-Fi. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 9, Article 84. https://doi.org/10.1145/3749477

International Telecommunication Union. (2023). Recommendation ITU-R P.2040-3: Effects of building materials and structures on radiowave propagation above about 100 MHz. ITU. https://www.itu.int/dms_pubrec/itu-r/rec/p/R-REC-P.2040-3-202308-S!!PDF-E.pdf

Stone, W. C. (1997). Electromagnetic signal attenuation in construction materials (NISTIR 6055). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.IR.6055

MikroTik. (2026). cAP XL ac (RBcAPGi-5acD2nD-XL). https://mikrotik.com/product/cap_xl_ac

Espressif Systems. (2024). ESP32-C6 datasheet. https://www.espressif.com/sites/default/files/documentation/esp32-c6_datasheet_en.pdf

InfluxData. (2026). InfluxDB: Open-source time series database. https://www.influxdata.com/

The pandas Development Team. (2024). pandas (Version 2.2) [Computer software]. Zenodo. https://doi.org/10.5281/zenodo.3509134

Harris, C. R., Millman, K. J., van der Walt, S. J., Gommers, R., Virtanen, P., Cournapeau, D., Wieser, E., Taylor, J., Berg, S., Smith, N. J., Kern, R., Picus, M., Hoyer, S., van Kerkwijk, M. H., Brett, M., Haldane, A., del Río, J. F., Wiebe, M., Peterson, P., & Oliphant, T. E. (2020). Array programming with NumPy. Nature, 585(7825), 357–362. https://doi.org/10.1038/s41586-020-2649-2

Hunter, J. D. (2007). Matplotlib: A 2D graphics environment. Computing in Science & Engineering, 9(3), 90–95. https://doi.org/10.1109/MCSE.2007.55

Alfa Network. (2024). AWUS036NHA wireless USB adapter. https://www.alfa.com.tw/products/awus036nha

Aircrack-ng Project. (2026). Aircrack-ng: Wi-Fi network security auditing tools suite. https://www.aircrack-ng.org/

Malinen, J., & contributors. (2026). hostapd: IEEE 802.11/WPA/WPA2/EAP/RADIUS authenticator. https://w1.fi/hostapd/

Downloads


Abstract views: 9

Published

2026-06-25

How to Cite

Banakh, R. (2026). EVIL TWIN ATTACK DETECTION IN IEEE 802.11 WIRELESS NETWORKS IN DENSE URBAN ENVIRONMENTS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(33), 842–856. https://doi.org/10.28925/2663-4023.2026.33.1279

Issue

Vol. 1 No. 33 (2026): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2026 Роман Банах

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.