IEEE 802.11 user fingerprinting and its applications for intrusion detection

Daisuke Takahashi, Yang Xiao, Yan Zhang, Periklis Chatzimisios, Hsiao-Hwa Chen

Research output: Contribution to journalArticle

22 Citations (Scopus)

Abstract

Easy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user's privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors.

Original languageEnglish
Pages (from-to)307-318
Number of pages12
JournalComputers and Mathematics with Applications
Volume60
Issue number2
DOIs
Publication statusPublished - 2010 Jul 1

Fingerprint

Fingerprinting
IEEE 802.11
Medium access control
Intrusion detection
Intrusion Detection
Internet
Network protocols
Network performance
Local area networks
Telecommunication traffic
Sampling
Fingerprint
Specifications
Traffic
Medium Access Control
Digital Forensics
Network Protocols
Portability
Wireless LAN
Network Analysis

All Science Journal Classification (ASJC) codes

  • Modelling and Simulation
  • Computational Theory and Mathematics
  • Computational Mathematics

Cite this

Takahashi, Daisuke ; Xiao, Yang ; Zhang, Yan ; Chatzimisios, Periklis ; Chen, Hsiao-Hwa. / IEEE 802.11 user fingerprinting and its applications for intrusion detection. In: Computers and Mathematics with Applications. 2010 ; Vol. 60, No. 2. pp. 307-318.
@article{02aa17274d3e48a18cf3f8ca9765239d,
title = "IEEE 802.11 user fingerprinting and its applications for intrusion detection",
abstract = "Easy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user's privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors.",
author = "Daisuke Takahashi and Yang Xiao and Yan Zhang and Periklis Chatzimisios and Hsiao-Hwa Chen",
year = "2010",
month = "7",
day = "1",
doi = "10.1016/j.camwa.2010.01.002",
language = "English",
volume = "60",
pages = "307--318",
journal = "Computers and Mathematics with Applications",
issn = "0898-1221",
publisher = "Elsevier Limited",
number = "2",

}

IEEE 802.11 user fingerprinting and its applications for intrusion detection. / Takahashi, Daisuke; Xiao, Yang; Zhang, Yan; Chatzimisios, Periklis; Chen, Hsiao-Hwa.

In: Computers and Mathematics with Applications, Vol. 60, No. 2, 01.07.2010, p. 307-318.

Research output: Contribution to journalArticle

TY - JOUR

T1 - IEEE 802.11 user fingerprinting and its applications for intrusion detection

AU - Takahashi, Daisuke

AU - Xiao, Yang

AU - Zhang, Yan

AU - Chatzimisios, Periklis

AU - Chen, Hsiao-Hwa

PY - 2010/7/1

Y1 - 2010/7/1

N2 - Easy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user's privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors.

AB - Easy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user's privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors.

UR - http://www.scopus.com/inward/record.url?scp=77955713637&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77955713637&partnerID=8YFLogxK

U2 - 10.1016/j.camwa.2010.01.002

DO - 10.1016/j.camwa.2010.01.002

M3 - Article

VL - 60

SP - 307

EP - 318

JO - Computers and Mathematics with Applications

JF - Computers and Mathematics with Applications

SN - 0898-1221

IS - 2

ER -