Rogue access point detection using segmental TCP jitter

Authors:
Gaogang XIE;Tingting He;Guangxing Zhang
Affiliations:
Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China;Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China;Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China
Venue:
Proceedings of the 17th international conference on World Wide Web
Year:
2008

Citing 2
Cited 1

Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
RIPPS: Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts Through Network Traffic Conditioning

ACM Transactions on Information and System Security (TISSEC)

WiFiHop - mitigating the Evil twin attack through multi-hop detection

ESORICS'11 Proceedings of the 16th European conference on Research in computer security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Rogue Access Points (RAPs) pose serious security threats to local networks. An analytic model of prior probability distribution of Segmental TCP Jitter (STJ) is deduced from the mechanism of IEEE 802.11 MAC Distributed Coordinated Function (DCF) and used to differentiate the types of wire and WLAN connections which is the crucial step for RAPs detecting. STJ as the detecting metric can reflect more the characteristic of 802.11 MAC than ACK-Pair since it can eliminate the delay caused by packet transmission. The experiment on an operated network shows the average detection ratio of the algorithm with STJ is more than 92.8% and the average detection time is less than 1s with improvement of 20% and 60% over the detecting approach of ACK-Pair respectively. Farther more no WLAN training trace is needed in the detecting algorithm.