Passive Online Rogue Access Point Detection Using Sequential Hypothesis Testing With TCP ACK-Pairs

Rogue (unauthorized) wireless access points pose serious security threats to local networks. In this paper, the authors propose two online algorithms to detect rogue access points using sequential hypothesis tests applied to packet-header data collected passively at a monitoring point. One algorithm requires training sets, while the other does not. Both algorithms extend the earlier TCP ACK-pair technique to differentiate wired and wireless LAN TCP traffic, and exploit the fundamental properties of the 802.11 CSMA/CA MAC protocol and the half duplex nature of wireless channels.