Rogue access point detection using temporal traffic characteristics

Beyah, Raheem; Kangude, S.; Yu, George Y.; Strickland, B.; Copeland, John A.

doi:10.1109/glocom.2004.1378413

Cited by 74 publications

(45 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [14], the authors were among the earliest to suggest using temporal characteristics, such as interpacket arrival time to detect rogue APs. Later work by Shetty et al [7] builds on this idea by creating an automated classifier.…”

Section: Related Workmentioning

confidence: 99%

A Timing-Based Scheme for Rogue AP Detection

Han

Sheng

Tan

et al. 2011

IEEE Trans. Parallel Distrib. Syst.

113

View full text Add to dashboard Cite

Abstract-This paper considers a category of rogue access points (APs) that pretend to be legitimate APs to lure users to connect to them. We propose a practical timing-based technique that allows the user to avoid connecting to rogue APs. Our detection scheme is a client-centric approach that employs the round trip time between the user and the DNS server to independently determine whether an AP is a rogue AP without assistance from the WLAN operator. We implemented our detection technique on commercially available wireless cards to evaluate their performance. Extensive experiments have demonstrated the accuracy, effectiveness, and robustness of our approach. The algorithm achieves close to 100 percent accuracy in distinguishing rogue APs from legitimate APs in lightly loaded traffic conditions, and larger than 60 percent accuracy in heavy traffic conditions. At the same time, the detection only requires less than 1 second for lightly-loaded traffic conditions and tens of seconds for heavy traffic conditions.

show abstract

Section: Related Workmentioning

confidence: 99%

A Timing-Based Scheme for Rogue AP Detection

Han

Sheng

Tan

et al. 2011

IEEE Trans. Parallel Distrib. Syst.

113

View full text Add to dashboard Cite

show abstract

“…Baiamonte et al [5] use entropies to detect wireless traffic based on traffic collected at an aggregation point. Beyah et al [8] use visual inspection to detect wireless hosts. Mano et al [24] propose a technique that segments large packets into smaller ones to detect wireless traffic.…”

Section: Related Workmentioning

confidence: 99%

Identifying 802.11 Traffic from Passive Measurements Using Iterative Bayesian Inference

Wei

Jaiswal

Kurose

et al. 2006

Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications

View full text Add to dashboard Cite

Abstract-In this paper, we propose a classification scheme that differentiates Ethernet and WLAN TCP flows based on measurements collected passively at the edge of a network. This scheme computes two quantities, the fraction of wireless TCP flows and the degree of belief that a TCP flow traverses a WLAN inside the network, using an iterative Bayesian inference algorithm that we developed. We prove that this iterative Bayesian inference algorithm converges to the unique maximum likelihood estimate (MLE) of these two quantities. Furthermore, it has the advantage that it can handle any general -classification problem given the marginal distributions of these classes. Numerical and experimental evaluations demonstrate that our classification scheme obtains accurate results. We apply this scheme to two sets of traces collected from two campus networks: one set collected from UMass in mid 2005 and the other collected from UConn in late 2010. Our technique infers that 4%-7% and 52%-55% of incoming TCP flows traverse an IEEE 802.11 wireless link in these two networks, respectively. Index Terms-IEEE 802.11 wireless LAN, iterative Bayesian inference, TCP ACK-pairs, wireless traffic detection.

show abstract

“…(Ma, et al, 2007) categorises Rogues AP into one of four classes;  Improperly configured AP,  Unauthorised AP,  Phishing AP,  Compromised AP. Detection of unauthorised APs is the most common class addressed by research into Rogue APs (Beyah, et al, 2004). The existence of poorly configured APs in practice is outlined in (Percoco, 2010), where "poor security settings" is one of the top two threat vectors in practical cyber security instances.…”

Section: Introductionmentioning

confidence: 99%

Development of Device Identity using WiFi Layer 2 Management Frames for Combating Rogue APs

Milliken

Selis

Yap

et al. 2013

Proceedings of the 10th International Conference on Security and Cryptography

View full text Add to dashboard Cite

Abstract:The susceptibility of WiFi networks to Rogue Access Point attacks derives from the lack of identity for 802.11 devices. The most common means of detecting these attacks in current research is through tracking the credentials or the location of unauthorised and possibly malicious APs. In this paper, the authors outline a method of distinguishing WiFi Access Points using 802.11 MAC layer management frame traffic profiles. This system does not require location estimation or credential tracking techniques as used in current research techniques, which are known to be inaccurate. These characteristic management traffic profiles are shown to be unique for each device, tantamount to a MAC identity. The application of this technique to solving Rogue AP attacks under the constraints of an open access, public WiFi environment is discussed with the conclusion that the identity is practically very difficult to forge.

show abstract

Rogue access point detection using temporal traffic characteristics

Cited by 74 publications

References 0 publications

A Timing-Based Scheme for Rogue AP Detection

A Timing-Based Scheme for Rogue AP Detection

Identifying 802.11 Traffic from Passive Measurements Using Iterative Bayesian Inference

Development of Device Identity using WiFi Layer 2 Management Frames for Combating Rogue APs

Contact Info

Product

Resources

About