Terminal device and method for identifying malicious AP by using same

The invention claimed is: 1. A method of identifying a malicious access point (AP) by a terminal apparatus, the method comprising: obtaining first information of a first AP based on a first beacon signal received from the first AP; comparing the first information with previously stored second information of a second AP predefined as a normal AP; and determining whether the first AP is a malicious AP, based on a result of the comparing, wherein the first information includes first timestamp information included in the first beacon signal and first receiving time information of the first beacon signal, wherein the second information includes second timestamp information included in a second beacon signal received from the second AP and second receiving time information of the second beacon signal, and wherein the determining of whether the first AP is a malicious AP comprises determining the first AP to be a malicious AP based on a difference value between the first timestamp information and the second timestamp information being different from a difference value between the first receiving time information and the second receiving time information. 2. The method of claim 1 , wherein the first AP is an AP to be accessed by the terminal apparatus after the terminal apparatus is disconnected from the second AP, and identification information of the first AP is a same as identification information of the second AP. 3. The method of claim 1 , wherein the previously stored second information of the second AP includes information of the second AP received from a server device, and a service set identifier (SSID) of the first AP is included in a SSID list stored in the terminal apparatus. 4. The method of claim 1 , further comprising: transmitting, to the first AP, a request message including at least one of predetermined identification information and predetermined channel information; receiving a response message from the first AP in response to the request message; and determining the first AP to be a malicious AP, when the response message includes at least one of the predetermined identification information and the predetermined channel information. 5. The method of claim 1 , further comprising: comparing a first arrangement order of information elements in the first beacon signal with a previously stored second arrangement order of information elements; and determining whether the first AP is a malicious AP, based on a result of the comparing. 6. A non-transitory computer-readable recording medium storing a program executable by a processor to perform a method of identifying a malicious AP according to claim 1 . 7. A method of identifying a malicious access point (AP) by a terminal apparatus, the method comprising: predicting pieces of first time information on or after an (n+1)th beacon signal, based on pieces of first time information related to first beacon signals received from a first AP on or before an n-th beacon signal, where n is a natural number greater than 1; receiving first beacon signals from the first AP on or after the (n+1)th beacon signal; comparing the predicted pieces of first time information with pieces of first time information of the first beacon signals received on or after the (n+1)th beacon signal; and determining whether the first AP is a malicious AP, based on a result of the comparing, wherein the determining of whether the first AP is a malicious AP comprises determining whether the first AP is a malicious AP based on a tendency of difference values between the predicted pieces of first time information and the pieces of first time information of the first beacon signals received on or after the (n+1)th beacon signal according to time. 8. The method of claim 7 , wherein the predicting of the pieces of first time information comprises predicting the pieces of first time information on or after the (n+1)th beacon signal through a linear regression analysis. 9. The method of claim 7 , wherein the determining of whether the first AP is a malicious AP comprises determining the first AP to be a malicious AP based on the difference values between the predicted pieces of first time information and the pieces of first time information of the first beacon signals received on or after the (n+1)th beacon signal increasing or decreasing according to time. 10. A terminal apparatus comprising: a memory storing one or more instructions; and a processor configured to execute the one or more instructions stored in the memory, wherein the processor is configured to: obtain first information of a first access point (AP) based on a first beacon signal received from the first AP; compare the first information with previously stored second information of a second AP; and determine whether the first AP is a malicious AP, based on a result of the comparing, wherein the first information includes first timestamp information included in the first beacon signal and first receiving time information of the first beacon signal, wherein the second information includes second timestamp information included in a second beacon signal received from the second AP and second receiving time information of the second beacon signal, and wherein the processor is further configured to determine whether the first AP is a malicious AP based on a difference value between the first timestamp information and the second timestamp information being different from a difference value between the first receiving time information and the second receiving time information. 11. The terminal apparatus of claim 10 , wherein the processor is configured to: transmit, to the first AP, a request message including at least one of predetermined identification information and predetermined channel information; receive a response message from the first AP in response to the request message; and determine the first AP to be a malicious AP, when the response message includes at least one of the predetermined identification information and the predetermined channel information. 12. The terminal apparatus of claim 10 , wherein the processor is configured to: predict pieces of first time information on or after an (n+1)th beacon signal, based on pieces of first time information of first beacon signals received from the first AP on or before an n-th beacon signal, where n is a natural number greater than 1; receive first beacon signals from the first AP on or after the (n+1)th beacon signal; compare the predicted pieces of first time information with pieces of first time information of the first beacon signals received on or after the (n+1)th beacon signal; and determine whether the first AP is a malicious AP, based on a result of the comprising, wherein the processor is further configured to determine whether the first AP is a malicious AP based on a tendency of difference values between the predicted pieces of first time information and the pieces of first time information of the first beacon signals received on or after the (n+1)th beacon signal according to time. 13. The terminal apparatus of claim 12 , wherein the processor is configured to determine the first AP to be a malicious AP based on the difference values between the predicted pieces of first time information and the pieces of first time information of the first beacon signals received on or after the (n+1)th beacon signal increasing or decreasing according to time.