This research article published by IEEE Access, 2022Network spoofing is becoming a common attack in wireless networks. The trend is going
high due to an increase in Internet users. Similarly, there is a rapid growth of numbers in mobile devices
in the working environments and on most official occasions. The trends pose a huge threat to users since
they become the prime target of attackers. More unfortunately, mobile devices have weak security measures
due to their limited computational powers. Current approaches to detect spoofing attacks focus on personal
computers and rely on the network hosts’ capacity, leaving guest users with mobile devices at risk. Some
approaches on Android-based devices demand root privilege, which is highly discouraged. This paper
presents an Android-based client-side solution to detect the presence of fake access points in a perimeter
using details collected from probe responses. Our approach considers the difference in security information
and signal level of an access point (AP). We present the detection in three networks, (i) open networks,
(ii) closed networks and (iii) networks with captive portals. As a departure from existing works, our solution
does not require root access for detection, and it is developed for portability and better performance.
Experimental results show that our approach can detect fake access points with an accuracy of 99% and
99.7% at an average of 24.64 and 7.78 milliseconds in open and closed networks, respectively
