Detecting rogue access points using client-side bottleneck bandwidth analysis

A rogue access point (AP) is an unauthorized AP plugged into a network. This poses a serious security threat. To detect an AP, a network manager traditionally takes the electric wave sensor across an entire protected place. This task is very labor-intensive and inefficient. This study presents a new AP detection method without extra hardware or hard work. This new method determines whether the network packets of an IP address are routed from APs, according to client-side bottleneck bandwidth. The network manager can perform his job from his office by monitoring the packets passing through the core switch. The accuracies remain above 99% when the parameter, sliding window size, of the proposed algorithm is larger than 20, according to experimental results. The proposed method effectively reduces the network manager's workload, and increases network security.

[1]  David A. Cieslak,et al.  RIPPS: Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts Through Network Traffic Conditioning , 2008, TSEC.

[2]  Wei Wei,et al.  Classification of access network types: Ethernet wireless LAN, ADSL, cable modem or dialup? , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[3]  Srinivasan Keshav A control-theoretic approach to flow control , 1991, SIGCOMM 1991.

[4]  Konstantina Papagiannaki,et al.  Detecting 802.11 Wireless Hosts from Remote Passive Observations , 2007, Networking.

[5]  Parameswaran Ramanathan,et al.  What do packet dispersion techniques measure? , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[6]  kc claffy,et al.  Bandwidth estimation: metrics, measurement techniques, and tools , 2003, IEEE Netw..

[7]  Mandy Andress Wireless LAN Security , 2002, Inf. Secur. J. A Glob. Perspect..

[8]  Paramvir Bahl,et al.  Characterizing user behavior and network performance in a public wireless LAN , 2002, SIGMETRICS '02.

[9]  Luigi Fratta,et al.  Bandwidth estimation schemes for TCP over wireless networks , 2004, IEEE Transactions on Mobile Computing.

[10]  Alexander J. Smola,et al.  Support Vector Method for Function Approximation, Regression Estimation and Signal Processing , 1996, NIPS.

[11]  Jim Kurose,et al.  Identifying 802.11 Traffic from Passive Measurements Using Iterative Bayesian Inference , 2006 .

[12]  Raheem A. Beyah,et al.  Rogue access point detection using temporal traffic characteristics , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[13]  F. Gianfelici,et al.  Nearest-Neighbor Methods in Learning and Vision (Shakhnarovich, G. et al., Eds.; 2006) [Book review] , 2008 .

[14]  Mark Crovella,et al.  Measuring Bottleneck Link Speed in Packet-Switched Networks , 1996, Perform. Evaluation.

[15]  Donald F. Towsley,et al.  Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs , 2007, IMC '07.

[16]  T. Andrew Yang,et al.  Wireless LAN security and laboratory designs , 2004 .

[17]  Ratul Mahajan,et al.  Measurement-based characterization of 802.11 in a hotspot setting , 2005, E-WIND '05.

[18]  David G. Stork,et al.  Pattern Classification , 1973 .

[19]  Dieter Hogrefe,et al.  Comparative studies on authentication and key exchange methods for 802.11 wireless LAN , 2007, Comput. Secur..

[20]  Belur V. Dasarathy,et al.  Nearest neighbor (NN) norms: NN pattern classification techniques , 1991 .

[21]  Bhagyavati,et al.  Wireless security techniques: an overview , 2004, InfoSecCD '04.

[22]  M. Frans Kaashoek,et al.  A measurement study of available bandwidth estimation tools , 2003, IMC '03.

[23]  Paramvir Bahl,et al.  Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks , 2004, MobiCom '04.

[24]  Jean-Chrysotome Bolot End-to-end packet delay and loss behavior in the internet , 1993, SIGCOMM 1993.

[25]  Mary Baker,et al.  Nettimer: A Tool for Measuring Bottleneck Link Bandwidth , 2001, USITS.

[26]  Alec Wolman,et al.  Enhancing the security of corporate Wi-Fi networks using DAIR , 2006, MobiSys '06.