Congestion Control in Linux TCP
Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference
Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks
Proceedings of the 10th annual international conference on Mobile computing and networking
Enhancing the security of corporate Wi-Fi networks using DAIR
Proceedings of the 4th international conference on Mobile systems, applications and services
ACM Transactions on Information and System Security (TISSEC)
Detecting 802.11 wireless hosts from remote passive observations
NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
Wide-area Internet traffic patterns and characteristics
IEEE Network: The Magazine of Global Internetworking
Architecture of secure cross-platform and network communications
Proceedings of the 2nd international conference on Ubiquitous information management and communication
Rogue access point detection using segmental TCP jitter
Proceedings of the 17th international conference on World Wide Web
On fast and accurate detection of unauthorized wireless access points using clock skews
Proceedings of the 14th ACM international conference on Mobile computing and networking
Classification of access network types: Ethernet, wireless LAN, ADSL, cable modem or dialup?
Computer Networks: The International Journal of Computer and Telecommunications Networking
Using link RTT to passively detect unapproved wireless nodes
International Journal of Security and Networks
Sniffer Channel Selection for Monitoring Wireless LANs
WASA '09 Proceedings of the 4th International Conference on Wireless Algorithms, Systems, and Applications
IEEE Transactions on Multimedia - Special issue on quality-driven cross-layer design for multimedia communications
Robust Detection of Unauthorized Wireless Access Points
Mobile Networks and Applications
A location-aware rogue AP detection system based on wireless packet sniffing of sensor APs
Proceedings of the 2011 ACM Symposium on Applied Computing
WiFiHop - mitigating the Evil twin attack through multi-hop detection
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Formal passive testing of timed systems: theory and tools
Software Testing, Verification & Reliability
Sniffer channel selection for monitoring wireless LANs
Computer Communications
| Hi-index | 0.00 |
Rogue (unauthorized) wireless access points pose serious security threats to local networks. In this paper, we propose two online algorithms to detect rogue access points using sequential hypothesis tests applied to packet-header data collected passively at a monitoring point. One algorithm requires training sets, while the other does not. Both algorithms extend our earlier TCP ACK-pair technique to differentiate wired and wireless LAN TCP traffic, and exploit the fundamental properties of the 802.11 CSMA/CA MAC protocol and the half duplex nature of wireless channels. Our algorithms make prompt decisions as TCP ACK-pairs are observed, and only incur minimum computation and storage overhead. We have built a system for online rogue-access-point detection using these algorithms and deployed it at a university gateway router. Extensive experiments in various scenarios have demonstrated the excellent performance of our approach: the algorithm that requires training provides rapid detection and is extremely accurate (the detection is mostly within 10 seconds, with very low false positive and false negative ratios); the algorithm that does not require training detects 60%-76% of the wireless hosts without any false positives; both algorithms are light-weight (with computation and storage overhead well within the capability of commodity equipment).