Source and datasets for: "Non-cooperative 802.11 MAC layer fingerprinting and tracking of mobile devices"
This repository contains the source code and links to the datasets used in the paper entitled "Non-cooperative 802.11 MAC layer fingerprinting and tracking of mobile devices". Please cite the paper and / or datasets if you use them in your research.
The MongoDB dataset and usage instructions can be found at https://zenodo.org/record/545970.
An identical .pcap
version of the dataset can be found at CRAWDAD.
After installing the dataset, you can run the experiments using the elt_byte_uniqueness.py
script:
usage: elt_byte_uniqueness.py [-h] [--host HOST] [--debug] [--big-endian]
[--train-samples NUM_TRAIN_SAMPLES]
[--test-samples NUM_TEST_SAMPLES]
[--threshold THRESHOLD]
{mongodb,file,pcap} {mac_info,mac_research}
Advanced MAC layer fingerprinter for Probe Request frames
positional arguments:
{mongodb,file,pcap}
{mac_info,mac_research}
The path to / name of the dataset containing Probe
Requests
optional arguments:
-h, --help show this help message and exit
--host HOST MongoDB host (default: localhost)
--debug, -d Debug mode (default: False)
--big-endian Big Endian Radiotap header (default: False)
--train-samples NUM_TRAIN_SAMPLES
Number of training samples (default: 30000)
--test-samples NUM_TEST_SAMPLES
Number of test samples (default: 50)
--threshold THRESHOLD
Stability threshold (default: 0.3)
Using the default settings: training on 30000 and testing on 50 devices:
$ ./elt_byte_uniqueness.py --host <your_mongo_database> mongodb mac_info
...
Strict hash stability: 100.0%
Real hash stability: 100.0%
Real hash stability (non-random): 100.0%
Hash uniqueness: 78.0%
Hash uniqueness (non-random): 82.5%
Fingerprint uniqueness: 94.0%
Deanonymized MACs: 1 / 10.0 (10.0%)
Total MACs: 50.0
Other test set sizes:
$ ./elt_byte_uniqueness.py --host <your_mongo_database> --test-samples 1000 mongodb mac_info
...
Strict hash stability: 99.7%
Real hash stability: 99.85%
Real hash stability (non-random): 99.7716894977%
Hash uniqueness: 28.9%
Hash uniqueness (non-random): 39.1171993912%
Fingerprint uniqueness: 79.5%
Deanonymized MACs: 111 / 343.0 (32.361516035%)
Total MACs: 1000.0
$ ./elt_byte_uniqueness.py --host <your_mongo_database> --test-samples 10000 mongodb mac_info
...
Strict hash stability: 91.34%
Real hash stability: 95.9216190476%
Real hash stability (non-random): 94.5693699166%
Hash uniqueness: 10.66%
Hash uniqueness (non-random): 17.2218284904%
Fingerprint uniqueness: 97.07%
Deanonymized MACs: 4006 / 4356.0 (91.9651056015%)
Total MACs: 10000.0
Using the mac_research
dataset:
$ ./elt_byte_uniqueness.py --host <your_mongo_database> --test-samples 100 --train-samples 100 --threshold 1.0 mongodb mac_research
Using research center data
...
Strict hash stability: 93.3333333333%
Real hash stability: 98.5609279609%
Real hash stability (non-random): 98.3395322626%
Hash uniqueness: 50.6666666667%
Hash uniqueness (non-random): 55.3846153846%
Fingerprint uniqueness: 100.0%
Deanonymized MACs: 10 / 10.0 (100.0%)
Total MACs: 75.0
After running elt_byte_uniqueness.py
, several metrics are displayed to the user, which have the following meaning:
- Strict hash stability : Average ratio of devices with a stable hash to all devices
- Real hash stability : Average ratio of most prominent hash to to all hashes for each device
- Real hash stability (non-random): Average ratio of most prominent hash to to all hashes for each device with non-random MAC
- Hash uniqueness : Ratio of unique IE hashes to all IE hashes for random MACs
- Hash uniqueness (non-random) : Ratio of unique IE hashes to all IE hashes for non-random MACs
- Fingerprint uniqueness : Ratio of unique fingerprints to all fingerprints
- Deanonymized MACs : Number of random MACs successfully mapped to non-random MACs
- Total MACs : Number of unique MAC addresses in test set
Here, the term "hash" refers to the hash of the bitmask applied to the Information Elements of the Probe Request, and the term "fingerprint" refers to the associated fingerprint (which can include the non-random MAC address as well if available).
The exact parameters used in the paper can be found in the compare_runs_lambda_small
and compare_runs_lambda
functions of the source code. These functions generate the GNUplot output for the graphs. Note that results might slightly vary due to the anonymization process that was performed on the dataset (e.g. stable bits in the WPS IE for some devices).