A hybrid rogue access point protection framework for commodity Wi-Fi networks

Proceedings - IEEE INFOCOM

Volumn , Issue , 2008, Pages 1894-1902

  Ma, Liran ^a   Teymorian, Amin Y ^a   Cheng, Xiuzhen ^a  

^a George Washington University   (United States)

Author keywords

Commodity Wi Fi networks; Intrusion detection; Rogue access point detection; Wireless security

Indexed keywords

COST EFFECTIVENESS; ELECTRIC BREAKDOWN; INTERNET; RISK ASSESSMENT; STANDARDS;

COMMODITY WI-FI NETWORKS; INTRUSION DETECTION; ROGUE ACCESS POINT DETECTION; WI-FI NETWORKS; WIRELESS SECURITY;

COMPUTER NETWORKS;

EID: 51349162676     PISSN: 0743166X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INFOCOM.2007.178     Document Type: Conference Paper

References (38)

1. L. Ma, A. Y. Teymorian, X. Cheng, and M. Song, "RAP: Protecting commodity wi-fi networks from rogue access points," in QShine '07: Proceedings of the 4th international conference on Quality of service in heterogeneous wired/wireless networks, 2007.
2. "Gartner advises on security." [Online]. Available: http://www.gartner.com/5_about/press_releases/2001/pr20010809b.html
3. S. R. Fluhrer, I. Mantin, and A. Shamir, "Weaknesses in the key scheduling algorithm of rc4," in SAC '01: Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography. London, UK: Springer-Verlag, 2001, pp. 1-24.
4. N. Borisov, I. Goldberg, and D. Wagner, "Intercepting mobile communications: the insecurity of 802.11," in MobiCom '01, 2001, pp. 180-189.
5. N. Cam-Winget, R. Housley, D. Wagner, and J. Walker, "Security flaws in 802.11 data link protocols," Commun. ACM, vol. 46, no. 5, pp. 35-39, 2003.
6. "AirDefense enterprise: a wireless intrusion prevention system." [Online]. Available: http://www.airdefense.net/
7. "AirMagnet: Enterprise WLAN management." [Online]. Available: http://www.airmagnet.com/
8. "Airwave: Wireless network management." [Online]. Available: http://www.airwave.com/
9. A. Adya, P. Bahl, R. Chandra, and L. Qiu, "Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks," in Mobi-Com '04, 2004, pp. 30-44.
10. P. Bahl, R. Chandra, J. Padhye, L. Ravindranath, M. Singh, A. Wolman, and B. Zill, "Enhancing the security of corporate wi-fi networks using DAIR," in MobiSys 2006: Proceedings of the 4th international conference on Mobile systems, applications and services. New York, NY, USA: ACM Press, 2006, pp. 1-14.
11. R. Beyah, S. Kangude, G. Yu, B. Strickland, and J. Copeland, "Rogue access point detection using temporal traffic characteristics," in GLOBECOM, 2004.
12. S. Shetty, M. Song, and L. Ma, "Rogue access point detection by analyzing network traffic characteristics," in MILCOM, Orlando, Florida, October 2007.
13. M. K. Chirumamilla and B. Ramamurthy, "Agent based intrusion detection and response system for wireless lans," in ICC '03. IEEE International Conference on Communications, 2003, pp. 492-496.
14. J. Yeo, M. Youssef, and A. Agrawala, "A framework for wireless LAN monitoring and its applications," in WiSe '04: Pmceedings of the 2004 ACM workshop on Wireless security. New York, NY, USA: ACM Press, 2004, pp. 70-79.
15. W. Wei, K. Suh, B. Wang, Y. Gu, J. Kurose, and D. Towsley, "Passive online rogue access point detection using sequential hypothesis testing with tcp ack-pairs," in IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement. New York, NY, USA: ACM, 2007, pp. 365-378.
16. H. Yin, G. Chen, and J. wang, "Detecting protected layer-3 rogue APs," in IEEE BROADNETS '07: Fourth Annual International Conference on Broadband Networks, 2007.
17. L. Ma, A. Y. Teymorian, and X. Cheng, "Passive listening and intrusion management in commodity wi-fi networks," in GLOBECOM, 2007.
18. P. Mateti, "Hacking techniques in wireless networks." [On-line]. Available: http://www.cs.wright.edu/~pmateti/InternetSecurity/ Lectures/WirelessHacks/Mateti-WirelessHacks.htm
19. "ARP request replay attack." [Online]. Available: http://www.aircrack-ng.org/doku.php?id=arp-request_reinjection
20. Y.-M. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, and S. T. King, "Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities." in NDSS, 2006.
21. "Honeyclient project." [Online]. Available: http://www.honeyclient.org/trac
22. M. A. Maloof, Machine Learning and Data Mining for Computer Security: Methods and Applications (Advanced Information and Knowledge Processing). Secaucus, NJ, USA: Springer-Verlag New York, Inc., 2005.
23. "Nmap network security scanner." [Online]. Available: http://insecure.org/nmap/
24. "pOf: a versatile passive os fingerprinting tool." [Online]. Available: http://lcamtuf.coredump.cx/p0f.shtml
25. J. Franklin, D. McCoy, P. Tabriz, V. Neagoe, J. V. Randwyk, and D. Sicker, "Passive data link layer 802.11 wireless device driver fingerprinting," in USENDC-SS'06: Pmceedings of the 15th conference on USENIX Security Symposium. Berkeley, CA, USA: USENIX Association, 2006, pp. 12-12.
26. A. Kamerman and L. Monteban, "WaveLAN-II: A high-performance wireless lan for the unlicensed band," Bell Labs Technical Journal, 1997.
27. J. Bicket, "Bit-rate selection in wireless networks," Master's thesis, Massachusetts Institute of Technology, 2005.
28. C. Corbett, R. Beyah, and J. Copeland, "Passive classification of wireless nics during rate switching," EURASIP J. Wirel. Commun. Netw., To appear.
29. N. Patwari and S. K. Kasera, "Robust location distinction using temporal link signatures," in MobiCom '07, 2007, pp. 111-122.
30. "Powerful TCP port scanner, pinger, resolver." [Online]. Available: https://foundstore.com/resources/proddesc/superscan.htm
31. "IP personality: a netfilter module to change characteristics of network traffic." [Online]. Available: http://ippersonality.sourceforge. net/
32. M. Rodrig, C. Reis, R. Mahajan, D. Wetherall, J. Zahorjan, and E. Lazowska, "CRAWDAD data set uw/sigcomm2004 (v. 2006-10-17)" Downloaded from http://crawdad.cs.dartmouth.edu/uw/sigcomm2004, Oct. 2006.
33. J. Pang, B. Greenstein, R. Gummadi, S. Seshan, and D. Wetherall, "802.11 user fingerprinting," in MobiCom '07, 2007, pp. 99-110.
34. A. W. Moore and D. Zuev, "Internet traffic classification using bayesian analysis techniques," in SIGMETRICS '05. New York, NY, USA: ACM, 2005, pp. 50-60.
35. "Madwifi wlan device driver." [Online]. Available: http://madwifi.org/
36. "Kismet: an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system." [Online]. Available: http://www. kismetwireless.net/
37. "Aircrack-ng: an 802.11 WEP and WPA-PSK keys cracking program." [Online]. Available: http://aircrack-ng.org/doku.php
38. "Advanced 802.11 attack: Black hat 2002." [Online]. Available: http://www.blackhat.com/presentations/bh-usa-02/baird-lynn/bh-us-02-lynn-802. 11attack.ppt