Wireless networks and wireless access points may provide users of internet-enabled devices with efficient and/or widespread access to wired network connections. For example, wireless access points in public locations (e.g., restaurants and airports) may enable users to check their email, access online bank statements, or log into other online accounts at practically any time or place. Due to the enormous amount of data distributed via wireless networks, attackers may increasingly target wireless networks to obtain sensitive information such as financial data, credit card information, account passwords, etc. For example, an attacker may configure a malicious device (e.g., a so-called WIFI PINEAPPLE) to create an illegitimate wireless network that fakes or hijacks a wireless network known to a computing device. Once the computing device connects to the illegitimate wireless network, the attacker may view all traffic distributed via the network.
Unfortunately, conventional network security systems may fail to accurately and reliably detect such attacks. For example, traditional methods for detecting spoofed networks may rely on remembering properties such as Basic Service Set Identifiers (BSSIDs) of wireless access points within networks. However, these properties may vary across legitimate access points to the networks. As such, conventional security systems may falsely determine that a network is being spoofed or that a network device is illegitimate. Accordingly, the instant disclosure identifies and addresses a need for improved systems and methods for detecting illegitimate devices on wireless networks.