Sciweavers

Share
IMC
2007
ACM

Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs

8 years 11 months ago
Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs
Rogue (unauthorized) wireless access points pose serious security threats to local networks. In this paper, we propose two online algorithms to detect rogue access points using sequential hypothesis tests applied to packet-header data collected passively at a monitoring point. One algorithm requires training sets, while the other does not. Both algorithms extend our earlier TCP ACK-pair technique to differentiate wired and wireless LAN TCP traffic, and exploit the fundamental properties of the 802.11 CSMA/CA MAC protocol and the half duplex nature of wireless channels. Our algorithms make prompt decisions as TCP ACK-pairs are observed, and only incur minimum computation and storage overhead. We have built a system for online rogue-accesspoint detection using these algorithms and deployed it at a university gateway router. Extensive experiments in various scenarios have demonstrated the excellent performance of our approach: the algorithm that requires training provides rapid detectio...
Wei Wei, Kyoungwon Suh, Bing Wang, Yu Gu, Jim Kuro
Added 26 Oct 2010
Updated 26 Oct 2010
Type Conference
Year 2007
Where IMC
Authors Wei Wei, Kyoungwon Suh, Bing Wang, Yu Gu, Jim Kurose, Donald F. Towsley
Comments (0)
books