Rogue Access Point Detection by Analyzing Network Traffic Characteristics

• Published in: MILCOM 2007 - IEEE Military Communications Conference pp. 1 - 7
• Main Authors: Shetty, Sachin, Song, Min, Ma, Liran
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.10.2007
• Subjects: Communication system security; detection; Frequency; Information security; Monitoring; Personnel; Rogue access point; Telecommunication traffic; traffic characteristics; Traffic control; Wireless LAN; Wireless networks; Wireless sensor networks
• ISBN: 9781424415120; 1424415128
• ISSN: 2155-7578; 2155-7586
• DOI: 10.1109/MILCOM.2007.4455018

One of the most challenging network security concerns for network administrators is the presence of rogue access points. Rogue access points, if undetected, can be an open door to sensitive information on the network. Many data raiders have taken advantage of the undetected rogue access points in enterprises to not only get free Internet access, but also to view confidential information. Most of the current solutions to detect rouge access points are not automated and are dependent on a specific wireless technology. In this paper, we present a rogue access point detection approach. The approach is an automated solution which can be installed on any router at the edge of a network. The main premise of our approach is to distinguish authorized WLAN hosts from unauthorized WLAN hosts connected to rogue access points by analyzing traffic characteristics at the edge of a network. Simulation results verify the effectiveness of our approach in detecting rogue access points in a heterogeneous network comprised of wireless and wired subnets.