A client-side detection mechanism for evil twins

Fu Hau Hsu, Chuan Sheng Wang, Yu Liang Hsu, Yung Pin Cheng, Yu Hsiang Hsneh

Research output: Contribution to journalArticlepeer-review

9 Scopus citations


In this paper, we propose a client-based solution to detect “evil twin” attacks in wireless local area networks (WLANs). An evil twin is a kind of rogue Wi-Fi access point (AP) which has the same SSID name as a legitimate one and is set up by an attacker. After a victim associates his device with an evil twin, an attacker can eavesdrop sensitive data forwarded through the evil twin. Most existing detection solutions are administrator-based, which are used by wireless network administrators to verify whether a given AP is in an authorized list or not. Such administrator-based solutions are limited, hardly maintained, and difficult to protect users 24–7. Hence, we propose a client-based detection mechanism, called evil twin detector, to detect this type of attacks. An evil twin detector changes its wireless network interface card (WNIC) to monitor mode to capture wireless TCP/IP packets. Through analyzing captured packets, our detector allows client users to easily and precisely detect an evil twin, thus avoids threats created by evil twins. Our method does not need to know any authorized AP list, and does not rely on data training or machine learning technique. Finally, we implement a detecting system on Windows 7.

Original languageEnglish
Pages (from-to)76-85
Number of pages10
JournalComputers and Electrical Engineering
StatePublished - Apr 2017


  • Evil twin
  • Rogue AP
  • Wi-Fi
  • Wireless


Dive into the research topics of 'A client-side detection mechanism for evil twins'. Together they form a unique fingerprint.

Cite this