Terminal device and method for identifying malicious AP by using same

The invention claimed is: 1. A method of identifying a malicious access point (AP) by a terminal apparatus, the method comprising: storing information on a first arrangement order of first information elements included in a first beacon signal of a first AP defined as the malicious AP, the first beacon signal including a first header and a first body having a first option field, the first information elements being included in the first option field; receiving a second beacon signal from a second AP, the second beacon signal including a second header and a second body having a second option field, and second information elements being included in the second option field; obtaining a second arrangement order of the second information elements included in the second option field of the second body of the second beacon signal by analyzing the received second beacon signal; comparing the obtained second arrangement order of the second information elements included in the second option field of the second body of the second beacon signal with the first arrangement order of the first information elements included in the first option field of the first body of the first beacon signal; and identifying the second AP as the malicious AP based on the second arrangement order being the same as the first arrangement order as a result of the comparing. 2. The method of claim 1 , further comprising: transmitting, to the second AP, a request message including at least one of predetermined identification information and predetermined channel information; receiving a response message from the second AP in response to the request message; and determining the second AP to be the malicious AP, based on the response message including at least one of the predetermined identification information and the predetermined channel information. 3. The method of claim 2 , wherein the transmitting of the request message comprises: determining a plurality of pieces of identification information; and transmitting the request message including the determined plurality of pieces of identification information to the second AP. 4. A method of identifying a malicious access point (AP) by a terminal apparatus, the method comprising: receiving first beacon signals from a first AP, where the first beacon signals include a 1st beacon signal to an nth beacon signal sequentially received from the first AP, and n is a natural number greater than 1; predicting pieces of time information of second beacon signals to be received after the nth beacon signal, based on pieces of time information related to the first beacon signals received from the first AP; receiving the second beacon signals from the first AP after the nth beacon signal, the second beacon signals including an (n+1)th beacon signal and at least one beacon signal subsequent to the (n+1)th beacon signal; comparing the predicted pieces of time information with pieces of time information of the second beacon signals received after the nth beacon signal; and determining whether the first AP is the malicious AP, based on a result of the comparing, wherein the determining of whether the first AP is the malicious AP comprises determining whether the first AP is the malicious AP based on difference values between the predicted pieces of time information and the pieces of time information of the second beacon signals received after the nth beacon signal. 5. The method of claim 4 , wherein the predicting of the pieces of time information comprises predicting the pieces of time information of the second beacon signals to be received after the nth beacon signal through a linear regression analysis. 6. The method of claim 5 , wherein the determining of whether the first AP is the malicious AP comprises determining the first AP to be the malicious AP based on the difference values between the predicted pieces of time information and the pieces of time information of the second beacon signals received after the nth beacon signal increasing or decreasing. 7. A method of identifying a malicious access point (AP) by a terminal apparatus, the method comprising: accessing, by the terminal apparatus, a second AP predefined as a normal AP; receiving, by the terminal apparatus, a second beacon signal from the second AP after having access to the second AP; storing, by the terminal apparatus, second information of the second AP based on the received second beacon signal; removing, by the terminal apparatus, the access to the second AP; receiving, by the terminal apparatus, a first beacon signal from a first AP after the access to the second AP is removed; obtaining, by the terminal apparatus, first information of the first AP based on the first beacon signal received from the first AP; comparing, by the terminal apparatus, the first information with the stored second information of the second AP; and determining, by the terminal apparatus, whether the first AP is the malicious AP, based on a result of the comparing, wherein the first information includes first timestamp information included in the first beacon signal and first receiving time information of the first beacon signal, wherein the second information includes second timestamp information included in the second beacon signal received from the second AP and second receiving time information of the second beacon signal, and wherein the determining of whether the first AP is the malicious AP comprises determining the first AP to be the malicious AP based on a difference value between the first timestamp information and the second timestamp information being different from a difference value between the first receiving time information and the second receiving time information. 8. The method of claim 7 , wherein the stored second information of the second AP is included in a service set identifier (SSID) list received from a server device, and wherein the determining of whether the first AP is the malicious AP comprises determining the first AP to be the malicious AP based on a SSID of the first AP not being included in the SSID list stored in the terminal apparatus. 9. A non-transitory computer-readable recording medium storing a program which causes a processor to perform a method of identifying a malicious access point (AP) when the program is executed by the processor, the method comprising: storing information on a first arrangement order of first information elements included in a first beacon signal of a first AP defined as the malicious AP, the first beacon signal including a first header and a first body having a first option field, the first information elements being included in the first option field; receiving a second beacon signal from a second AP, the second beacon signal including a second header and a second body having a second option field, and second information elements being included in the second option field; obtaining a second arrangement order of the second information elements included in the second option field of the second body of the second beacon signal by analyzing the received second beacon signal; comparing the obtained second arrangement order of the second information elements included in the second option field of the second body of the second beacon signal with the first arrangement order of the first information elements included in the first option field of the first body of the first beacon signal; and identifying the second AP as the malicious AP based on the second arrangement order being the same as the first arrangement order as a result of the comparing. 10. A terminal apparatus comprising: a memory storing one or more instructions; and a processor configured to execute the one or more