Title page for ETD etd-05092010-222903

Type of Document Master's Thesis
Author Kanaujia, Swati
URN etd-05092010-222903
Title Rogue Access Point Detection through Statistical Analysis
Degree Master of Science
Department Electrical and Computer Engineering
Advisory Committee
Advisor Name Title
Park, Jung-Min Jerry Committee Chair
Buehrer, Richard Michael Committee Member
Yang, Yaling Committee Member
Keywords
  • Hypothesis Test
  • Intrusion Detection
  • Rogue Access Point
  • IEEE 802.11
  • Naïve Bayes Classifiers
Date of Defense 2010-05-05
Availability restricted
Abstract
The IEEE 802.11 based Wireless LAN (WLAN) has become increasingly ubiquitous in recent years. However, due to the broadcast nature of wireless communication, attackers can exploit the existing vulnerabilities in IEEE 802.11 to launch various types of attacks in wireless and wired networks.

This thesis presents a statistical based hybrid Intrusion Detection System (IDS) for Rogue Access Point (RAP) detection, which employs distributed monitoring devices to monitor on 802.11 link layer activities and a centralized detection module at a gateway router to achieve higher accuracy in detection of rogue devices. This detection approach is scalable, non-intrusive and does not require any specialized hardware. It is designed to utilize the existing wireless LAN infrastructure and is independent of 802.11a/b/g/n. It works on passive monitoring of wired and wireless traffic, and hence is easy to manage and maintain. In addition, this approach requires monitoring a smaller number of packets for detection as compared to other detection approaches in a heterogeneous network comprised of wireless and wired subnets.

Centralized detection is done at a gateway router by differentiating wired and wireless TCP traffic using Weighted Sequential Hypothesis Testing on inter-arrival time of TCP ACK-pairs. A decentralized module takes care of detection of MAC spoofing and totally relies on 802.11 beacon frames. Detection is done through analysis of the clock skew and the Received Signal Strength (RSS) as fingerprints using a naïve Bayes classifier to detect presence of rogue APs.

Analysis of the system and extensive experiments in various scenarios on a real system have proven the efficiency and accuracy of the approach with few false positives/negatives and low computational and storage overhead.

Files
  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
[VT] Kanaujia_S_T_2010.pdf 1.25 Mb 00:05:47 00:02:58 00:02:36 00:01:18 00:00:06
[VT] indicates that a file or directory is accessible from the Virginia Tech campus network only.
Browse All Available ETDs by ( Author | Department )
dla home
etds imagebase journals news ereserve special collections
virgnia tech home contact dla university libraries

If you have questions or technical problems, please Contact DLA.