Rogue Access Point Detection through Statistical Analysis

Kanaujia, Swati

26 May 2010

The IEEE 802.11 based Wireless LAN (WLAN) has become increasingly ubiquitous in recent years. However, due to the broadcast nature of wireless communication, attackers can exploit the existing vulnerabilities in IEEE 802.11 to launch various types of attacks in wireless and wired networks. This thesis presents a statistical based hybrid Intrusion Detection System (IDS) for Rogue Access Point (RAP) detection, which employs distributed monitoring devices to monitor on 802.11 link layer activities and a centralized detection module at a gateway router to achieve higher accuracy in detection of rogue devices. This detection approach is scalable, non-intrusive and does not require any specialized hardware. It is designed to utilize the existing wireless LAN infrastructure and is independent of 802.11a/b/g/n. It works on passive monitoring of wired and wireless traffic, and hence is easy to manage and maintain. In addition, this approach requires monitoring a smaller number of packets for detection as compared to other detection approaches in a heterogeneous network comprised of wireless and wired subnets. Centralized detection is done at a gateway router by differentiating wired and wireless TCP traffic using Weighted Sequential Hypothesis Testing on inter-arrival time of TCP ACK-pairs. A decentralized module takes care of detection of MAC spoofing and totally relies on 802.11 beacon frames. Detection is done through analysis of the clock skew and the Received Signal Strength (RSS) as fingerprints using a naïve Bayes classifier to detect presence of rogue APs. Analysis of the system and extensive experiments in various scenarios on a real system have proven the efficiency and accuracy of the approach with few false positives/negatives and low computational and storage overhead. / Master of Science

Hypothesis Test

Intrusion Detection

Rogue Access Point

IEEE 802.11

Naïve Bayes Classifiers

Impact of interfering rouge access points on modulationand coding in IoT network / Påverkan av störande obehörigaåtkomstpunkter på modulation ochkodning i IoT-nätverk

Saif, Amgad Shaher

January 2023

This Bachelor thesis presents an in-depth investigation into the effects of RogueAccess Point interference within Internet of Things networks. The study focuses onthe impact of rogue APs on the modulation and coding scheme indices, round triptime, and overall network performance. The presence of a rogue AP was found toshift devices from dual-stream to single-stream operation, causing a decrease in themodulation and coding scheme indices and data rates. Additionally, a significantincrease in round trip time was observed, emphasizing the detrimental impact ofrogue AP interference on network latency. The insights gained from this researchcontribute to a greater understanding of the challenges posed by rogue APinterference. This deeper comprehension paves the way for devising effectivestrategies to mitigate these impacts, thereby enhancing the reliability, security, andperformance of IoT networks. / Detta examensarbete presenterar en grundlig undersökning av effekterna avstörande åtkomstpunkter (Rogue Access Points) inom nätverk för Sakernas Internet(Internet of Things). Studien fokuserar på störande åtkomstpunkter inverkan påmodulations- och kodningsschemaindex (MCS), round trip time och denövergripande nätverksprestandan. När en störande åtkomstpunkt blev närvarandetvingades enheterna att omställa sig från att använda dubbelströmsoperation tillenkelströmsoperation, vilket ledde till en minskning av MCS-index ochdatahastigheter. Dessutom observerades en betydande ökning av RTT, vilketbetonar den skadliga inverkan av störande åtkomstpunkt interferens pånätverkslatens. De insikter som vunnits bidrar till en större förståelse för deutmaningar som störande åtkomstpunkter interferens medför. Denna djupareförståelse banar väg för att utforma effektiva strategier för att mildra dessa effekter,vilket i sin tur förbättrar tillförlitligheten, säkerheten och prestanda för IoT-nätverk.

Rogue access point

internet of things

modulation and coding scheme

round trip time

radio frequency interference

network latency

network security.

Obehörig åtkomstpunkt

sakernas internet

modulation och kodningsschema

round trip time

radiofrekvensinterferens

nätverkslatens

nätverkssäkerhet.

Telecommunications

Telekommunikation