Abstract
The wide deployment of 802.11 WLANs has led to the coexistence of wired and wireless clients in a network environment. This paper presents a robust technique to detect 802.11 wireless hosts through passive observation of client traffic streams at the edge of the network. It is based on the estimation of entropy of packet interarrival times and on the analysis of variation in the measured entropy values across individual end host connections. With the aim of generating a physical layer “signature” that can be easily extracted from packet traces, we first perform controlled experiments and analyse them through Spectral Analysis and Entropy evaluation. Based on the gained insight we design a methodology for the identification of 802.11 wireless clients and test it on two data sets of packet-level traces collected in different networks. Our results demonstrate that wireless identification is highly precise in the presence of a sufficient traffic sample.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Hernandez-Campos, F.: et al.: Assessing the real impact of 802.11 WLANs: A large scale comparison of wired and wireless traffic. In: LANMAN (September 2005)
Balachandran, A., et al.: Characterizing user behavior and network performance in a public wireless LAN. ACM PER 30(1), 195–205 (2002)
Wei, W., et al.: Classification of access network types: LAN, wireless LAN, ADSL, cable or dialup? In: Proceedings of IEEE Infocom, March 2005, IEEE Computer Society Press, Los Alamitos (2005)
Wei, W., et al.: Identifying 802.11 traffic from passive measurements using iterative bayesian inference. In: Proceedings of IEEE Infocom, April 2006, IEEE Computer Society Press, Los Alamitos (2006)
Wei, W.: et al.: Passive online rougue access point detection using sequential hypothesis testing with tcp ack-pairs. Technical report, University of Massachussets Computer Science (November 2006)
Cover, T., Thomas, J.: Elements of Information Theory. John Wiley, Chichester (1991)
Adya, A., et al.: Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks. In: Proceedings of ACM Mobicom, September 2004, ACM Press, New York (2004)
Lakhina, A., et al.: Mining anomalies using traffic feauture distributions. In: Proceedings of ACM Sigcomm, August 2005, ACM Press, New York (2005)
Xu, K., et al.: Profiling Internet backbone traffic: Behavior models and applications. In: Proceedings of ACM Sigcomm, August 2005, ACM Press, New York (2005)
Iannaccone, G.: Fast prototyping of network data mining applications. In: Proc. of PAM (March 2006)
Ridoux, J., Nucci, A., Veitch, D.: Seeing the difference in IP traffic: Wireless versus wireline. In: Proceedings of IEEE Infocom, April 2006, IEEE Computer Society Press, Los Alamitos (2006)
Das, S., Rose, C.: Coping with uncertainty in mobile wireless networks. In: PIMRC (September 2004)
Hussein, A., Heidemannan, J., Papadopoulos, C.: A framework for classifying denial of service attacks. In: IEEE Globecom, December 2004, IEEE Computer Society Press, Los Alamitos (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Baiamonte, V., Papagiannaki, K., Iannaccone, G. (2007). Detecting 802.11 Wireless Hosts from Remote Passive Observations. In: Akyildiz, I.F., Sivakumar, R., Ekici, E., Oliveira, J.C.d., McNair, J. (eds) NETWORKING 2007. Ad Hoc and Sensor Networks, Wireless Networks, Next Generation Internet. NETWORKING 2007. Lecture Notes in Computer Science, vol 4479. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72606-7_31
Download citation
DOI: https://doi.org/10.1007/978-3-540-72606-7_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72605-0
Online ISBN: 978-3-540-72606-7
eBook Packages: Computer ScienceComputer Science (R0)