TY - GEN
T1 - A Hidden Markov Model based approach to detect rogue access points
AU - Shivaraj, Gayathri
AU - Song, Min
AU - Shetty, Sachin
PY - 2008
Y1 - 2008
N2 - One of the most challenging security concerns for network administrators is the presence of rogue access points. In this paper, we propose a statistical based approach to detect rogue access points using a Hidden Markov Model applied to passively measure packet-header data collected at a gateway router. Our approach utilizes variations in packet inter-arrival time to differentiate between authorized access points and rouge access points. We designed and developed our Hidden Markov Model by analyzing Denial of Service attacks and the traffic characteristics of 802.11 based Wireless Local Area Networks. Experimental validations demonstrate the effectiveness of our approach. Our trained Hidden Markov Model can detect the presence of a Rogue Access Point promptly within one second with extreme accuracy (very low false positive and false negative ratios are obtained). The success of our approach lies in the fact that it leverages knowledge about the behaviour of the traffic characteristics of 802.11 based WLANs and properties of Denial of Service attacks. Our approach is scalable and non-intrusive, requiring little deployment cost and effort, and is easy to manage and maintain.
AB - One of the most challenging security concerns for network administrators is the presence of rogue access points. In this paper, we propose a statistical based approach to detect rogue access points using a Hidden Markov Model applied to passively measure packet-header data collected at a gateway router. Our approach utilizes variations in packet inter-arrival time to differentiate between authorized access points and rouge access points. We designed and developed our Hidden Markov Model by analyzing Denial of Service attacks and the traffic characteristics of 802.11 based Wireless Local Area Networks. Experimental validations demonstrate the effectiveness of our approach. Our trained Hidden Markov Model can detect the presence of a Rogue Access Point promptly within one second with extreme accuracy (very low false positive and false negative ratios are obtained). The success of our approach lies in the fact that it leverages knowledge about the behaviour of the traffic characteristics of 802.11 based WLANs and properties of Denial of Service attacks. Our approach is scalable and non-intrusive, requiring little deployment cost and effort, and is easy to manage and maintain.
KW - Compromised rogue access points and denial of service
KW - Hidden Markov Models
KW - Rogue access points
UR - http://www.scopus.com/inward/record.url?scp=62349140533&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=62349140533&partnerID=8YFLogxK
U2 - 10.1109/MILCOM.2008.4753358
DO - 10.1109/MILCOM.2008.4753358
M3 - Conference contribution
AN - SCOPUS:62349140533
SN - 9781424426775
T3 - Proceedings - IEEE Military Communications Conference MILCOM
BT - 2008 IEEE Military Communications Conference, MILCOM 2008 - Assuring Mission Success
T2 - 2008 IEEE Military Communications Conference, MILCOM 2008 - Assuring Mission Success
Y2 - 17 November 2008 through 19 November 2008
ER -