Detecting 802.11 Wireless Hosts from Remote Passive Observations

  • Valeria Baiamonte
  • Konstantina Papagiannaki
  • Gianluca Iannaccone
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4479)


The wide deployment of 802.11 WLANs has led to the coexistence of wired and wireless clients in a network environment. This paper presents a robust technique to detect 802.11 wireless hosts through passive observation of client traffic streams at the edge of the network. It is based on the estimation of entropy of packet interarrival times and on the analysis of variation in the measured entropy values across individual end host connections. With the aim of generating a physical layer “signature” that can be easily extracted from packet traces, we first perform controlled experiments and analyse them through Spectral Analysis and Entropy evaluation. Based on the gained insight we design a methodology for the identification of 802.11 wireless clients and test it on two data sets of packet-level traces collected in different networks. Our results demonstrate that wireless identification is highly precise in the presence of a sufficient traffic sample.


Medium Access Control Interarrival Time Packet Arrival Probability Mass Function Wireless Medium 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Hernandez-Campos, F.: et al.: Assessing the real impact of 802.11 WLANs: A large scale comparison of wired and wireless traffic. In: LANMAN (September 2005)Google Scholar
  2. 2.
    Balachandran, A., et al.: Characterizing user behavior and network performance in a public wireless LAN. ACM PER 30(1), 195–205 (2002)MathSciNetGoogle Scholar
  3. 3.
    Wei, W., et al.: Classification of access network types: LAN, wireless LAN, ADSL, cable or dialup? In: Proceedings of IEEE Infocom, March 2005, IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  4. 4.
    Wei, W., et al.: Identifying 802.11 traffic from passive measurements using iterative bayesian inference. In: Proceedings of IEEE Infocom, April 2006, IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  5. 5.
    Wei, W.: et al.: Passive online rougue access point detection using sequential hypothesis testing with tcp ack-pairs. Technical report, University of Massachussets Computer Science (November 2006)Google Scholar
  6. 6.
    Cover, T., Thomas, J.: Elements of Information Theory. John Wiley, Chichester (1991)CrossRefzbMATHGoogle Scholar
  7. 7.
    Adya, A., et al.: Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks. In: Proceedings of ACM Mobicom, September 2004, ACM Press, New York (2004)Google Scholar
  8. 8.
    Lakhina, A., et al.: Mining anomalies using traffic feauture distributions. In: Proceedings of ACM Sigcomm, August 2005, ACM Press, New York (2005)Google Scholar
  9. 9.
    Xu, K., et al.: Profiling Internet backbone traffic: Behavior models and applications. In: Proceedings of ACM Sigcomm, August 2005, ACM Press, New York (2005)Google Scholar
  10. 10.
    Iannaccone, G.: Fast prototyping of network data mining applications. In: Proc. of PAM (March 2006)Google Scholar
  11. 11.
    Ridoux, J., Nucci, A., Veitch, D.: Seeing the difference in IP traffic: Wireless versus wireline. In: Proceedings of IEEE Infocom, April 2006, IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  12. 12.
    Das, S., Rose, C.: Coping with uncertainty in mobile wireless networks. In: PIMRC (September 2004)Google Scholar
  13. 13.
    Hussein, A., Heidemannan, J., Papadopoulos, C.: A framework for classifying denial of service attacks. In: IEEE Globecom, December 2004, IEEE Computer Society Press, Los Alamitos (2004)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2007

Authors and Affiliations

  • Valeria Baiamonte
    • 1
  • Konstantina Papagiannaki
    • 2
  • Gianluca Iannaccone
    • 2
  1. 1.Politecnico di TorinoItaly
  2. 2.Intel Research CambridgeUK

Personalised recommendations