Detection and Mitigation of Evil Twin Attacks in Wireless Networks: A Systematic Literature Review
DOI:
https://doi.org/10.46842/ipn.cien.v30n1a08Keywords:
cybersecurity, evil twin, machine learning, wireless networks, systematic review, Wi-FiAbstract
La expansión de dispositivos IoT y redes inalámbricas ha aumentado significativamente la susceptibilidad a los ataques de suplantación de puntos de acceso, también llamados Evil Twin (ET). Este artículo ofrece un análisis sistemático de la literatura con el propósito de evaluar el estado actual en cuanto a la detección y minimización de esta amenaza. Las arquitecturas de defensa actuales fueron clasificadas mediante un estudio detallado de 30 investigaciones primarias. Los hallazgos muestran que el 73.33% de las propuestas se centran en la alta precisión algorítmica a través de la Inteligencia Artificial, sobrepasando con frecuencia el 95% de exactitud. No obstante, se detectaron brechas tecnológicas importantes: el 36.67% de las soluciones todavía produce falsos positivos a causa de cambios en el entorno físico (RSSI) y un 33.33% está supeditado a hardware adicional. Se concluye que el desarrollo futuro exige arquitecturas híbridas, autoadaptables y enfoques del lado del cliente (Client-side) para garantizar una latencia viable en estándares emergentes.
References
[1] T. Ueda, A. Saif, S. Miyata, M. Nakahara, A. Kubota, "A client-side evil-twin attack detection system with threshold considering traffic load," in 2023 IEEE 13th International Conference on Consumer Electronics - Berlin (ICCE-Berlin), 2023, pp. 68–69, doi: https://doi.org/10.1109/icce-berlin58801.2023.10375616
[2] S. Sudhakaran, et al., "A lightweight frame-based wireless intrusion detection system for resource-constrained networks," in 2026 8th International Conference on Intelligent Sustainable Systems (ICISS), 2026, pp. 1–8, doi: https://doi.org/10.1109/iciss67859.2026.11453957
[3] K. Kimura, Y. Shiraishi, M. Morii, "A New Approach to Disabling SSL/TLS: Man-in-the-Middle Attacks are still Effective," in 2023 Eleventh International Symposium on Computing and Networking (CANDAR), 2023, pp. 11–19, doi: https://doi.org/10.1109/candar60563.2023.00010
[4] C. Louca, A. Peratikou, S. Stavrou, "A novel Evil Twin MiTM attack through 802.11v protocol exploitation," Comput. Secur., vol. 130, p. 103261, 2023, doi: https://doi.org/10.1016/j.cose.2023.103261
[5] Y. Daldoul, M. Berrima, "A robust certificate management system to prevent evil twin attacks in IEEE 802.11 networks," Int. J. Inf. Technol., vol. 17, no. 6, pp. 3589–3599, 2025, doi: https://doi.org/10.1007/s41870-024-02008-4
[6] M. Thankappan, H. Rifà-Pous, C. Garrigues, "A distributed and cooperative signature-based intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks," Int. J. Inf. Secur., vol. 23, no. 6, pp. 3527–3546, 2024, doi: https://doi.org/10.1007/s10207-024-00899-9
[7] F.-H. Hsu, C.-H. Lee, C.-S. Wang, "An active user-side detector for evil twins," in Smart Innovation, Systems and Technologies, Cham: Springer International Publishing, 2023, pp. 153–158, doi: https://doi.org/10.1007/978-3-031-05491-4_16
[8] D. S. B. Naik, V. Dondeti, "An intelligent rule-based system for detecting evil twin attacks in wireless networks," in 2025 IEEE 17th International Conference on Computational Intelligence and Communication Networks (CICN), 2025, pp. 750–757, doi: https://doi.org/10.1109/cicn67655.2025.11368194
[9] R. Rahman, N. Ramli, A. P. Rahmadani, "Analisis keamanan jaringan Wi-Fi publik terhadap serangan evil twin," Journal Riset Sistem Inf., vol. 3, no. 2, pp. 35–38, 2026, doi: https://doi.org/10.69714/vzqtrw67
[10] A. Wakhloo, "Client-side Evil-Twin access point detection using beacon-frame delay and wireless network parameter deviation," National College of Ireland, Dublin, 2023, available: https://norma.ncirl.ie/6555/
[11] R. Banakh, E. Nyemkova, C. Justice, A. Piskozub, Y. Lakh, "Data mining approach for evil twin attack identification in Wi-Fi networks," Data, vol. 9, no. 10, p. 119, 2024, doi: https://doi.org/10.3390/data9100119
[12] E. Myrtaj, et al., "Deauthentication attacks, rogue and fake wireless access points detection through fingerprinting," 2024, available: https://www.researchgate.net/profile/Ernando-Myrtaj/publication/384253853_Deauthentication_Attacks_Rogue_and_Fake_Wireless_Access_Points_Detection_Through_Fingerprinting.pdf
[13] R. Banakh, A. Piskozub, I. Opirskyy, "Devising a method for detecting 'evil twin' attacks on IEEE 802.11 networks (Wi-Fi) with KNN classification model," East.-Eur. J. Enterp. Technol., vol. 3, no. 9 (123), pp. 20–32, 2023, doi: https://doi.org/10.15587/1729-4061.2023.282131
[14] F. F. H. Rofoo, M. G. Galety, N. Arulkumar, R. Maaroof, "DPETAs: Detection and prevention of evil twin attacks on WI-fi networks," in Lecture Notes in Electrical Engineering, Singapore: Springer Singapore, 2022, pp. 559–568, doi: https://doi.org/10.1007/978-981-16-9012-9_45
[15] J. Nanayakkara, et al., "Enhanced detection of evil twin attacks in public WI-fi networks using machine learning algorithms," in 2024 9th International Conference on Information Technology Research (ICITR), 2024, pp. 1–6, doi: https://doi.org/10.1109/icitr64794.2024.10857762
[16] S. A. A. Ahadi, T. Arora, V. Abrol, K. Sharma, "EvilSpot: Detection and mitigation in multi channel," in 2023 International Conference on Advances in Electronics, Communication, Computing and Intelligent Information Systems (ICAECIS), 2023, pp. 121–126, doi: https://doi.org/10.1109/icaecis58353.2023.10170047
[17] L. J. Mwinuka, A. Z. Agghey, S. F. Kaijage, J. D. Ndibwile, "FakeAP detector: An android-based client-side application for detecting WI-fi hotspot spoofing," IEEE Access, vol. 10, pp. 13611–13623, 2022, doi: https://doi.org/10.1109/access.2022.3146802
[18] A. Kamble, D. Kshirsagar, "Feature selection in wireless intrusion detection system for evil twin attack detection," in 2023 3rd International Conference on Innovative Sustainable Computational Technologies (CISCT), 2023, pp. 1–5, doi: https://doi.org/10.1109/cisct57197.2023.10351382
[19] L. Yulán Mendoza, et al., "Implementación y evaluación de un prototipo MITM Evil Twin Attack," Quitensis, 2025, available: https://quitensis.com/index.php/home/article/view/33
[20] N. Xhemajli, Z. Tafa, "Mobile proxy in public WiFi networks: A tool against MITM attacks," in 2024 13th Mediterranean Conference on Embedded Computing (MECO), 2024, pp. 1–5, doi: https://doi.org/10.1109/meco62516.2024.10577803
[21] R. Buckle, "Performing man in the middle attacks within a wireless local area network," 2022, doi: https://doi.org/10.36227/techrxiv.21176347.v1
[22] M. W. Tafoor, "Physical layer authentication: Mitigating MitM and eavesdropping in public wlans," Theses Journal, vol. 3, no. 12, pp. 869–899, 2025, available: https://thesesjournal.com/index.php/1/article/view/1743
[23] S. A. A. Ahadi, et al., "Public Wi-Fi security threat evil twin attack detection based on signal variant and hop count," 2022, available: https://pubs.aip.org/aip/acp/article-abstract/2424/1/020002/2822329/Public-Wi-Fi-security-threat-evil-twin-attack
[24] S. L. Yusuf, et al., "Real-Time detection of rogue Wi-Fi hotspots using association rule mining and behavioral analysis," 2024, available: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5233478
[25] S. Belmokhtar, "Rogue access points and their impact on networks," Cybersecurity Undergraduate Research Showcase, Old Dominion University, 2025, doi: https://doi.org/10.25776/H2C7-3166
[26] V. Jain, U. Wetzker, V. Laxmi, M. S. Gaur, M. Mosbah, D. Mery, "SAP: A secure low-latency protocol for mitigating high computation overhead in WI-FI networks," IEEE Access, vol. 11, pp. 84620–84635, 2023, doi: https://doi.org/10.1109/access.2023.3302529
[27] Z. Čekerevac, P. Cekerevac, L. Prigoda, F. Al-Naima, "Security risks from the modern man-in-the-middle attacks," MEST J., vol. 13, no. 1, pp. 34–51, 2025, doi: https://doi.org/10.12709/mest.13.13.01.04
[28] M. Kaya, H. K. Kucukates, M. Demez, I. F. Kilincer, "Smart cyber defense: Machine learning powered intrusion detection in 802.11 networks," in 2024 8th International Artificial Intelligence and Data Processing Symposium (IDAP), 2024, pp. 1–7, doi: https://doi.org/10.1109/idap64064.2024.10710835
[29] P. Augustyniak, O. Rogowicz, P. Zwierzykowski, "Theoretical and practical aspects of the evil twin attack," in Communications in Computer and Information Science, Cham: Springer Nature Switzerland, 2024, pp. 224–236, doi: https://doi.org/10.1007/978-3-031-62843-6_23
[30] F. H. Hsu, et al., "WPFD: Active user-side detection of evil twins," Appl. Sci., vol. 12, no. 16, p. 8088, 2022, available: https://www.mdpi.com/2076-3417/12/16/8088
[31] M. J. Page, et al., "The PRISMA 2020 statement: an updated guideline for reporting systematic reviews," BMJ, vol. 372, no. n71, 2021, doi: https://doi.org/10.1136/bmj.n71
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Diego Andrés Santacruz Menéndez, Andersson Joel Caguasango León, Martha Esperanza Sevilla Abarca (Autor/a)

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.