3 research outputs found
Understanding the WiFi usage of university students
In this work, we analyze the use of a WiFi network deployed in a large-scale technical university. To this extent, we leverage three weeks of WiFi traffic data logs and characterize the spatio-temporal correlation of the traffic at different granularities (each individual access point, groups of access points, entire network). The spatial correlation of traffic across nearby access points is also assessed. Then, we search for distinctive fingerprints left on the WiFi traffic by different situations/conditions; namely, we answer the following questions: Do students attending a lecture use the wireless network in a different way than students not attending a lecture?, and Is there any difference in the usage of the wireless network during architecture or engineering classes? A supervised learning approach based on Quadratic Discriminant Analysis (QDA) is used to classify empty vs. occupied rooms and engineering vs. architecture lectures using only WiFi traffic logs with promising results
Passive classification of Wi-Fi enabled devices
We propose a method for classifying Wi-Fi enabled mobile handheld devices (smartphones) and non-handheld devices (laptops) in a completely passive way, that is resorting neither to traffic probes on network edge devices nor to deep packet inspection techniques to read application layer information. Instead, classification is performed starting from probe requests Wi-Fi frames, which can be sniffed with inexpensive commercial hardware. We extract distinctive features from probe request frames (how many probe requests are transmitted by each device, how frequently, etc.) and take a machine learning approach, training four different classifiers to recognize the two types of devices. We compare the performance of the different classifiers and identify a solution based on a Random Decision Forest that correctly classify devices 95% of the times. The classification method is then used as a pre-processing stage to analyze network traffic traces from the wireless network of a university building, with interesting considerations on the way different types of devices uses the network (amount of data exchanged, duration of connections, etc.). The proposed methodology finds application in many scenarios related to Wi-Fi network management/optimization and Wi-Fi based services
Device-type Profiling using Packet Inter-Arrival Time for Network Access Control
Network Access Control (NAC) systems are technologies and defined policies typically established to
control the access of devices attempting to connect to enterprise networks. However, NAC
limitations have led to security threats that can lead to illegal and unauthorised access to networks
as well as insider misuse. Current NAC configuration settings rely on point of entry authentication
systems including passwords, biometrics, two-factor, and multi-factor authentication to protect
employees, but this reliance can lead to security susceptibilities that can significantly damage
enterprise network systems. In addition, incorporating NAC into the growing Bring Your Own Device
(BYOD) paradigm further increases the security threats, vulnerabilities and risks potentials in
enterprise network environments. Regardless of any existing security solutions, such as antimalware,
anti-virus and intrusion detection and prevention systems, security issues continue to rise
within BYOD, with a proportionate increase in consequences and impacts.
This thesis explores novel solution paths to the above challenges by investigating device-type
fingerprinting and behaviour profiling to improve the security of NAC. This is achieved by proposing
a novel Intelligent Filtering Technique (IFT) that uses packet Inter-Arrival Time (IAT) data for
smartphones, tablets and laptops to profile and identify abnormal patterns based on device-types.
The IFT is composed of three data mining algorithms, namely K-means clustering, clustering-based
multivariate gaussian outlier score, and long short-term memory networks algorithms. These
algorithms are capable of identifying abnormal inter-arrival time patterns based on device-types.
The effectiveness of the proposed technique is evaluated using a combination of datasets from
different network traffic protocols, such as Transmission Control Protocol (TCP), User Datagram
Protocol (UDP) and Internet Control Message Protocol (ICMP), the author’s knowledge, this is the
only technique to date that can identify abnormal inter-arrival time patterns based on the devicetype.
The new technique can improve intrusion detection system capabilities and outcomes by using
device-type profiling to reduce the false positive rates of detected abnormal patterns