Traffic characteristics mechanism for detecting rogue access point in local area network

Rogue Access Point (RAP) is a network vulnerability involving illicit usage of wireless access point in a network environment. The existence of RAP can be identified using network traffic inspection. The purpose of this thesis is to present a study on the use of local area network (LAN) traffic characterisation for typifying wired and wireless network traffic through examination of packet exchange between sender and receiver by using inbound packet capturing with time stamping to indicate the existence of a RAP. The research is based on the analysis of synchronisation response (SYN/ACK), close connection respond (FIN/ACK), push respond (PSH/ACK), and data send (PAYLOAD) of the provider’s flags which are paired with their respective receiver acknowledgment (ACK). The timestamp of each pair is grouped using the Equal Group technique, which produced group means. These means were then categorised into three zones to form zone means. Subsequently, the zone means were used to generate a global mean that served as a threshold value for identifying RAP. A network testbed was developed from which real network traffic was captured and analysed. A mechanism to typify wired and wireless LAN traffic using the analysis of the global mean used in the RAP detection process has been proposed. The research calculated RAP detection threshold value of 0.002 ms for the wired IEEE 802.3 LAN, while wireless IEEE 802.11g is 0.014 ms and IEEE 802.11n is 0.033 ms respectively. This study has contributed a new mechanism for detecting a RAP through traffic characterisation by examining packet communication in the LAN environment. The detection of RAP is crucial in the effort to reduce vulnerability and to ensure integrity of data exchange in LA

IEEE 802.11 user fingerprinting and its applications for intrusion detection

AbstractEasy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user’s privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors

Detection and Elimination of Fake Access Points in WLAN using Multi Agents Sourcing MethodologyÂ

No Abstrac

Wi-Fi network testing using an integrated Evil-Twin framework

This work intends to present a newly developed Wi- Fi vulnerability analysis and exploitation framework with the objective of increasing Wi-Fi security. The developed framework focuses primarily on client-side vulnerabilities, currently a weak- ness on Wi-Fi connections, but can be extended to support any type of Wi-Fi attack. The framework was designed and is in- tended to be used by security auditors when performing intrusion tests on Wi-Fi networks. It can also be used as a proof-of-concept tool meant to teach and raise awareness of the risks involved when using Wi-Fi technologies. The developed framework is based on open-source software and is also available as open- source software, allowing developers to extend its functionality.info:eu-repo/semantics/acceptedVersio

Detection of Rogue Access Point in WLAN using Hopfield Neural Network

The serious issue in the field of wireless communication is the security and how an organization implements the steps against security breach. The major attack on any organization is Man in the Middle attack which is difficult to manage. This attack leads to number of unauthorized access points, called rogue access points which are not detected easily. In this paper, we proposed a Hopfield Neural Network approach for an automatic detection of these rogue access points in wireless networking. Here, we store the passwords of the authentic devices in the weight matrix format and match the patterns at the time of login. Simulation experiment shows that this method is more secure than the traditional one in WLAN

Detecting And Eliminating Rogue Access Points In Ieee-802.11 Wlan - A Multi-Agent Sourcing Methodology

For the Wireless Networks, presence of unapproved access points is becoming the major security issue. If this kind of network threats are not detected and mitigated on time, those will lead to the serious network damage and data loss. There are many researchers proposed solutions to overcome this security problem of WLAN, but those proposed tools having limitations or maybe they not automated to adopt the frequent changes in WLAN. We are into this research to present the new approach based on Master and Slave agents. This proposed approach not only looking for fast detection of Rogue Access points in the network but also presenting the solution to mitigate the WLAN from them. In short new framework is dealing with detecting as well as eliminating the Rough Access Points in the network. In proposed approach, the Master and slave agents are automatically scanning the networks for any unauthorized access points using the skew intervals. Thi

Darma: Defeating And Reconnaissance Manna-Karma Attacks In 802.11 With Multiple Detections And Prevention

The vast growing usage of mobile phones increases Wi-Fi technology. At present, the pattern of human interaction with the internet is not a desktop or laptop anymore. The assimilation of tools for surfing, working, and communication is now shifting to mobile phones. Thus, this is the motivation to expand Wi-Fi technology so that it will be the primary medium for internet connectivity. Hence, increasing the security risk for it attracts attackers despite its popularity among users. The DOS attack in 802.11 management frames is widely known as an initial process before Man-in-the-middle (MiTM) attacks in 802.11 takes part. Karma and Manna's attacks are an unprecedented attack in the 802.11 management frames. This paper proposed a mechanism called Defeating and Reconnaissance Manna-karma Attack (DARMA), which is client-side multiple detection techniques to defeat and prevent karma-manna attack. The proposed mechanism consisted of 4 layers of processes inclusive of monitors, detection, confirmation, and preventions. The effectiveness of the detection is base of the current real-time behaviour of the packets

A measurement based rogue ap detection scheme

points (APs) that pretend to be legitimate APs to lure users to connect to them. We propose a practical timing based technique that allows the user to avoid connecting to rogue APs. Our method employs the round trip time between the user and the DNS server to independently determine whether an AP is legitimate or not without assistance from the WLAN operator. We implemented our detection technique on commercially available wireless cards to evaluate their performance. I