TY - JOUR
T1 - IEEE 802.11 user fingerprinting and its applications for intrusion detection
AU - Takahashi, Daisuke
AU - Xiao, Yang
AU - Zhang, Yan
AU - Chatzimisios, Periklis
AU - Chen, Hsiao Hwa
N1 - Funding Information:
This work was supported in part by the US National Science Foundation (NSF) under grants CNS-0716211, CNS-0737325, and CCF-0829827.
PY - 2010/7
Y1 - 2010/7
N2 - Easy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user's privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors.
AB - Easy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user's privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors.
UR - http://www.scopus.com/inward/record.url?scp=77955713637&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77955713637&partnerID=8YFLogxK
U2 - 10.1016/j.camwa.2010.01.002
DO - 10.1016/j.camwa.2010.01.002
M3 - Article
AN - SCOPUS:77955713637
SN - 0898-1221
VL - 60
SP - 307
EP - 318
JO - Computers and Mathematics with Applications
JF - Computers and Mathematics with Applications
IS - 2
ER -
