poster

Rogue access point detection using segmental TCP jitter

Authors:

Gaogang XIE,

Tingting He,

Guangxing ZhangAuthors Info & Claims

WWW '08: Proceedings of the 17th international conference on World Wide Web

Pages 1249 - 1250

https://doi.org/10.1145/1367497.1367750

Published: 21 April 2008 Publication History

Get Access

Abstract

Rogue Access Points (RAPs) pose serious security threats to local networks. An analytic model of prior probability distribution of Segmental TCP Jitter (STJ) is deduced from the mechanism of IEEE 802.11 MAC Distributed Coordinated Function (DCF) and used to differentiate the types of wire and WLAN connections which is the crucial step for RAPs detecting. STJ as the detecting metric can reflect more the characteristic of 802.11 MAC than ACK-Pair since it can eliminate the delay caused by packet transmission. The experiment on an operated network shows the average detection ratio of the algorithm with STJ is more than 92.8% and the average detection time is less than 1s with improvement of 20% and 60% over the detecting approach of ACK-Pair respectively. Farther more no WLAN training trace is needed in the detecting algorithm.

References

[1]

Beyah, S. Kangude. Rogue access point detection using temporal traffic characteristics. In: Proceedings of IEEE GLOBECOM'04, Dallas, Texas, USA, 2004:2271 2275

Google Scholar

[2]

Wei Wei, Kyoungwon Suh, Bing Wang, Yu Gu, Jim Kurose, Don Towsley. Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs. In: Proceedings of ACM SIGCOMM IMC'07, San Diego, California, USA, 2007: 365 378

Digital Library

Google Scholar

[3]

Mano, A. Blaich, Q. Liao, Y. Jiang, D. Cieslak, D. Salyers, A. Striegel. RIPPS- Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts Through Network Traffic Conditioning. ACM Transactions on Information and System Security, May 2008, to appear.

Digital Library

Google Scholar

[4]

Wei Wei, Sharad Jaiswal, Jim Kurose, Don Towsley. Identifying 802.11 Traffic from Passive Measurements Using Iterative Bayesian Inference. In: Proceedings of IEEE INFOCOM'06, Barcelona, Catalunya, 2006: 1 12

Google Scholar

[5]

Tickoo O, Sikdar B. Queueing analysis and delay mitigation in IEEE 802.11 random access MAC based wireless networks. In: Proceedings of IEEE INFOCOM'04, HongKong, 2004: 1404 1413

Crossref

Google Scholar

Cited By

View all

Kuo EChang MKao D(2018)User-side evil twin attack detection using time-delay statistics of TCP connection termination2018 20th International Conference on Advanced Communication Technology (ICACT)10.23919/ICACT.2018.8323700(211-216)Online publication date: Feb-2018
https://doi.org/10.23919/ICACT.2018.8323700
Webb ANarasima Reddy A(2016)Finding proxy users at the service using anomaly detection2016 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS.2016.7860473(82-90)Online publication date: Oct-2016
https://doi.org/10.1109/CNS.2016.7860473
Mónica DRibeiro C(2011)WiFiHop - mitigating the Evil twin attack through multi-hop detectionProceedings of the 16th European conference on Research in computer security10.5555/2041225.2041228(21-39)Online publication date: 12-Sep-2011
https://dl.acm.org/doi/10.5555/2041225.2041228
Show More Cited By

Index Terms

Rogue access point detection using segmental TCP jitter
1. Networks
  1. Network services
    1. Network management
    2. Network monitoring

Recommendations

Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs
IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement

Rogue (unauthorized) wireless access points pose serious security threats to local networks. In this paper, we propose two online algorithms to detect rogue access points using sequential hypothesis tests applied to packet-header data collected ...
Robust Detection of Unauthorized Wireless Access Points

Unauthorized 802.11 wireless access points (APs), or rogue APs, such as those brought into a corporate campus by employees, pose a security threat as they may be poorly managed or insufficiently secured. An attacker in the vicinity may easily get onto ...
Detection of man-in-the-middle attacks using physical layer wireless security techniques

Compared with a wired network, a wireless network is not protected by the cable transmission medium. Information is broadcasted over the air and it can be intercepted by anyone within the transmission range. Even though the transmissions could ...

Comments

Information & Contributors

Information

Published In

WWW '08: Proceedings of the 17th international conference on World Wide Web

April 2008

1326 pages

ISBN:9781605580852

DOI:10.1145/1367497

General Chairs:
Jinpeng Huai
Beihang University, China
,
Robin Chen
AT&T Labs, USA
,
Hsiao-Wuen Hon
Microsoft Research Asia, China
,
Yunhao Liu
HK University of Science and Technology, Hong Kong
,
Program Chairs:
Wei-Ying Ma
Microsoft Research Asia, China
,
Andrew Tomkins
Yahoo! Research, USA
,
Xiaodong Zhang
The Ohio State University, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 April 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Poster

Conference

WWW '08

Sponsor:

WWW '08: The 17th International World Wide Web Conference

April 21 - 25, 2008

Beijing, China

Acceptance Rates

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
307
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Kuo EChang MKao D(2018)User-side evil twin attack detection using time-delay statistics of TCP connection termination2018 20th International Conference on Advanced Communication Technology (ICACT)10.23919/ICACT.2018.8323700(211-216)Online publication date: Feb-2018
https://doi.org/10.23919/ICACT.2018.8323700
Webb ANarasima Reddy A(2016)Finding proxy users at the service using anomaly detection2016 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS.2016.7860473(82-90)Online publication date: Oct-2016
https://doi.org/10.1109/CNS.2016.7860473
Mónica DRibeiro C(2011)WiFiHop - mitigating the Evil twin attack through multi-hop detectionProceedings of the 16th European conference on Research in computer security10.5555/2041225.2041228(21-39)Online publication date: 12-Sep-2011
https://dl.acm.org/doi/10.5555/2041225.2041228
Chen EIto M(2009)Using end-to-middle security to protect against evil twin access points2009 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks & Workshops10.1109/WOWMOM.2009.5282395(1-6)Online publication date: Jun-2009
https://doi.org/10.1109/WOWMOM.2009.5282395

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs

Robust Detection of Unauthorized Wireless Access Points

Detection of man-in-the-middle attacks using physical layer wireless security techniques

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations