Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
ACM Transactions on Information and System Security (TISSEC)
WiFiHop - mitigating the Evil twin attack through multi-hop detection
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Hi-index | 0.00 |
Rogue Access Points (RAPs) pose serious security threats to local networks. An analytic model of prior probability distribution of Segmental TCP Jitter (STJ) is deduced from the mechanism of IEEE 802.11 MAC Distributed Coordinated Function (DCF) and used to differentiate the types of wire and WLAN connections which is the crucial step for RAPs detecting. STJ as the detecting metric can reflect more the characteristic of 802.11 MAC than ACK-Pair since it can eliminate the delay caused by packet transmission. The experiment on an operated network shows the average detection ratio of the algorithm with STJ is more than 92.8% and the average detection time is less than 1s with improvement of 20% and 60% over the detecting approach of ACK-Pair respectively. Farther more no WLAN training trace is needed in the detecting algorithm.