4 research outputs found
Traffic characteristics mechanism for detecting rogue access point in local area network
Rogue Access Point (RAP) is a network vulnerability involving illicit usage of wireless access point in a network environment. The existence of RAP can be identified using network traffic inspection. The purpose of this thesis is to present a study on the use of local area network (LAN) traffic characterisation for typifying wired and wireless network traffic through examination of packet exchange between sender and receiver by using inbound packet capturing with time stamping to indicate the existence of a RAP. The research is based on the analysis of synchronisation response (SYN/ACK), close connection respond (FIN/ACK), push respond (PSH/ACK), and data send (PAYLOAD) of the provider鈥檚 flags which are paired with their respective receiver acknowledgment (ACK). The timestamp of each pair is grouped using the
Equal Group technique, which produced group means. These means were then categorised into three zones to form zone means. Subsequently, the zone means were used to generate a global mean that served as a threshold value for identifying RAP. A network testbed was developed from which real network traffic was captured and analysed. A mechanism to typify wired and wireless LAN traffic using the analysis of the global mean used in the RAP detection process has been proposed. The research calculated RAP detection threshold value of 0.002 ms for the wired IEEE 802.3 LAN, while wireless IEEE 802.11g is 0.014 ms and IEEE 802.11n is 0.033 ms respectively. This study has contributed a new mechanism for detecting a RAP through traffic characterisation by examining packet communication in the LAN environment. The
detection of RAP is crucial in the effort to reduce vulnerability and to ensure integrity
of data exchange in LA
Dise帽o de una red de sensores para el sistema de detecci贸n de rogue APs en la red WiFi del campus PUCP
El trabajo desarrollado en la presente tesis consiste el dise帽o de una red de
sensores para el sistema de detecci贸n de Rogue APs en la red WiFi del
campus PUCP para las bandas de 2.4GHz y 5GHz.
El primer cap铆tulo presenta una descripci贸n del marco problem谩tico actual
sobre la importancia de la seguridad en las redes inal谩mbricas. Luego, se
se帽ala la importancia del sistema de detecci贸n planteado al inicio de la tesis.
Posteriormente, se definen los sistemas te贸ricos que permiten la detecci贸n y
localizaci贸n de los Rogue AP. Finalmente, se muestra el estado del arte de
dispositivos que permiten la detecci贸n y m茅todos de mitigaci贸n de Rogue
APs.
En el segundo cap铆tulo se exponen la problem谩tica de la tesis y se plantea
los requerimientos y razones por la cual se utiliza la teor铆a de NP-Complete
para el dise帽o de la red. Luego, se discute sobre el problema general que
representa el dise帽o de una red de sensores con triple cobertura posible.
El tercer cap铆tulo consiste en el dise帽o de modelos de optimizaci贸n y
heur铆sticas para la red de sensores. Primero, se expone el proceso con el
cual se maneja la informaci贸n para el desarrollo de los algoritmos. Segundo,
se muestran la estructura de los modelos de programaci贸n y l贸gica del
algoritmo con los cuales se puede dise帽ar una red de sensores para
combatir la presencia de un Rogue AP.
El cuarto cap铆tulo comienza explicando el escenario y par谩metros sobre los
cuales se basaron los algoritmos generados para el dise帽o de la red de
sensores. Luego, se muestran los resultados finales obtenidos y una
discusi贸n sobre el grado de cobertura obtenido.
Por 煤ltimo, se presentan las conclusiones y recomendaciones a las que se
lleg贸 despu茅s de terminar la presente tesis.Tesi
Rogue access point detection and localization
The threat of rogue Access Points (APs) has attracted significant attentions from both industrial and academic researchers. However existing solutions focus on rogue AP detection, rather than localization. We propose a Rogue AP Detection and Localization (RAPDL) architecture, which integrates rogue AP detection and localization into one software system. A RAPDL demonstration system has been developed in our laboratory. In the RAPDL system, the monitors identify potential rogue APs, measure their properties and report relevant information to the server. The RAPDL server collects information from all monitors, and runs a localization algorithm to identify and locate the rogue APs. We implemented two localization algorithms in the RAPDL system based on received signal strength (RSS) and compare their performance. Experimental results acquired in an office environment show that RAPDL can detect and locate rogue APs quickly and accurately. 漏 2012 IEEE