A Hidden Markov Model based approach to detect rogue access points

Gayathri Shivaraj, Min Song, Sachin Shetty

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

22 Scopus citations

Abstract

One of the most challenging security concerns for network administrators is the presence of rogue access points. In this paper, we propose a statistical based approach to detect rogue access points using a Hidden Markov Model applied to passively measure packet-header data collected at a gateway router. Our approach utilizes variations in packet inter-arrival time to differentiate between authorized access points and rouge access points. We designed and developed our Hidden Markov Model by analyzing Denial of Service attacks and the traffic characteristics of 802.11 based Wireless Local Area Networks. Experimental validations demonstrate the effectiveness of our approach. Our trained Hidden Markov Model can detect the presence of a Rogue Access Point promptly within one second with extreme accuracy (very low false positive and false negative ratios are obtained). The success of our approach lies in the fact that it leverages knowledge about the behaviour of the traffic characteristics of 802.11 based WLANs and properties of Denial of Service attacks. Our approach is scalable and non-intrusive, requiring little deployment cost and effort, and is easy to manage and maintain.

Original languageEnglish
Title of host publication2008 IEEE Military Communications Conference, MILCOM 2008 - Assuring Mission Success
DOIs
StatePublished - 2008
Event2008 IEEE Military Communications Conference, MILCOM 2008 - Assuring Mission Success - Washington, DC, United States
Duration: 17 Nov 200819 Nov 2008

Publication series

NameProceedings - IEEE Military Communications Conference MILCOM

Conference

Conference2008 IEEE Military Communications Conference, MILCOM 2008 - Assuring Mission Success
Country/TerritoryUnited States
CityWashington, DC
Period17/11/0819/11/08

Keywords

  • Compromised rogue access points and denial of service
  • Hidden Markov Models
  • Rogue access points

Fingerprint

Dive into the research topics of 'A Hidden Markov Model based approach to detect rogue access points'. Together they form a unique fingerprint.

Cite this