KRACK and Kr00k Attack Dataset: A Comprehensive Network Traffic Collection for WPA2 Vulnerability Analysis
<p dir="ltr">The widespread adoption of WPA2 in Wi-Fi networks has been significantly undermined by vulnerabilities such as KRACK (Key Reinstallation Attack) and Kr00k (CVE-2019-15126), which exploit weaknesses in the protocol's handshake mechanism and chipset firmware, respecti...
محفوظ في:
| المؤلف الرئيسي: | |
|---|---|
| منشور في: |
2025
|
| الموضوعات: | |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| الملخص: | <p dir="ltr">The widespread adoption of WPA2 in Wi-Fi networks has been significantly undermined by vulnerabilities such as KRACK (Key Reinstallation Attack) and Kr00k (CVE-2019-15126), which exploit weaknesses in the protocol's handshake mechanism and chipset firmware, respectively. Despite the availability of patches, many devices remain unsecured, posing critical risks to data confidentiality and network integrity. This paper presents a comprehensive secondary dataset designed to capture and analyze network traffic during simulated KRACK and Kr00k attacks, addressing the scarcity of public datasets for research on these threats.</p><p dir="ltr">Our methodology involves a controlled testbed featuring an ASUS RT-AC68U access point and diverse client devices (e.g., Samsung Note 4, iPhone 6s, Windows 10 Pro and Linux) to simulate real-world scenarios. Using tools like Wireshark and tcpdump, we captured both normal and attack traffic, focusing on anomalies such as key reinstallation (KRACK) and zero-key encryption (Kr00k). The dataset includes raw pcap files, extracted features (e.g., frame types, signal strength, encryption flags), and labeled samples, totaling over 5.5 million frames with distinct attack and normal traffic subsets.</p><p dir="ltr">Key contributions include: (1) A reproducible framework for generating attack-specific traffic; (2) Detailed feature engineering (34 attributes) to enable machine learning-based detection; and (3) Forensic analysis techniques to identify attack signatures, such as repeated EAPOL messages (KRACK) and unencrypted frames post-disassociation (Kr00k). The dataset’s class imbalance reflects real-world conditions, necessitating tailored preprocessing for model training.</p><p dir="ltr">This work provides a foundation for developing robust intrusion detection systems and mitigation strategies against WPA2 exploits, while highlighting persistent risks in unpatched devices. The dataset and methodologies are openly shared to foster further research in Wi-Fi security.</p> |
|---|