Professional Documents
Culture Documents
Send captured
packets to cloud
Detecting potentially
Mitigation Subsystem
Detection Share the Evil Twin details compromised users
4 Analyzing
Subsystem X with Mitigation Subsystems
detected the Evil 4 and 5 and publish the Evil Mitigation Subsystem Detecting the Evil Twin
Twin Twin details on the website 5 Analyzing location
Start of Detection Retrieve packet parameters: MAC Compare the retrieved packet
Subsystem 1 Address, Auth Algorithm, parameters with the
Encryption Algorithm(s) and corresponding entries in the
Cipher Algorithm(s) whitelist for the associated MAC
Capture all the Beacon Address
packets
Send captured
packets to cloud Is MA C Add res s Yes
Did the val ues Yes
in the wh ite lis t? ma tch ?
Analyze each
Beacon packet No No
Is cap tur ed
bea con rel eva nt Yes Evil Twin Detected Discard the packet
to the
ent erp ris e?
Share the Evil Twin details
with Mitigation Subsystems
No
4 and 5 and publish the Evil
Discard the packet Twin details on the website
Start of Detection
Subsystem 2
Is dup lic ate MA C No
Add res s in the Discard the packets
Send Probe requests to all Wh ite lis t?
APs and store the Probe
response packets. Yes
No
No
Yes
MA C ide nti fie d ?
No