UUM Electronic Theses and Dissertation
UUM ETD | Universiti Utara Malaysian Electronic Theses and Dissertation
FAQs | Feedback | Search Tips | Sitemap

Traffic characteristics mechanism for detecting rogue access point in local area network

Amran, Ahmad (2015) Traffic characteristics mechanism for detecting rogue access point in local area network. PhD. thesis, Universiti Utara Malaysia.

[thumbnail of s91703.pdf]
Preview
Text
s91703.pdf

Download (2MB) | Preview
[thumbnail of s91703_abstract.pdf]
Preview
Text
s91703_abstract.pdf

Download (197kB) | Preview

Abstract

Rogue Access Point (RAP) is a network vulnerability involving illicit usage of wireless access point in a network environment. The existence of RAP can be identified using network traffic inspection. The purpose of this thesis is to present a study on the use of local area network (LAN) traffic characterisation for typifying wired and wireless network traffic through examination of packet exchange between sender and receiver by using inbound packet capturing with time stamping to indicate the existence of a RAP. The research is based on the analysis of synchronisation response (SYN/ACK), close connection respond (FIN/ACK), push respond (PSH/ACK), and data send (PAYLOAD) of the provider’s flags which are paired with their respective receiver acknowledgment (ACK). The timestamp of each pair is grouped using the
Equal Group technique, which produced group means. These means were then categorised into three zones to form zone means. Subsequently, the zone means were used to generate a global mean that served as a threshold value for identifying RAP. A network testbed was developed from which real network traffic was captured and analysed. A mechanism to typify wired and wireless LAN traffic using the analysis of the global mean used in the RAP detection process has been proposed. The research calculated RAP detection threshold value of 0.002 ms for the wired IEEE 802.3 LAN, while wireless IEEE 802.11g is 0.014 ms and IEEE 802.11n is 0.033 ms respectively. This study has contributed a new mechanism for detecting a RAP through traffic characterisation by examining packet communication in the LAN environment. The
detection of RAP is crucial in the effort to reduce vulnerability and to ensure integrity
of data exchange in LAN

Item Type: Thesis (PhD.)
Supervisor : Hassan, Suhaidi and Omar, Mohd Hasbullah
Item ID: 5380
Uncontrolled Keywords: Rogue access point, Inbound timestamp, Packet capturing, Packet filtering, Network security.
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK7885-7895 Computer engineering. Computer hardware
Divisions: Awang Had Salleh Graduate School of Arts & Sciences
Date Deposited: 03 Jan 2016 06:16
Last Modified: 18 Mar 2021 03:56
Department: Awang Had Salleh Graduate School of Arts and Sciences
Name: Hassan, Suhaidi and Omar, Mohd Hasbullah
URI: https://etd.uum.edu.my/id/eprint/5380

Actions (login required)

View Item
View Item