JOURNAL OF COMPUTING, VOLUME 2, ISSUE 12, DECEMBER 2010, ISSN 2151‐9617 

HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/  
WWW.JOURNALOFCOMPUTING.ORG     77 

Secure Wireless Network System against Malicious Rogue Threats

Yogendra Kumar Jain1, Neha Mehra2, Geetika Silakari3  

1
Head of the Department, 2Research Scholar, 3Lecturer
Department of Computer Science & Engineering
Samrat Ashok Technological Institute
Vidisha (M. P.) 464001 India.

Abstract- Keywords- Wireless Network, Intrusion Detection, local

With the expanse of the Internet and the increased
reliance on computer networking technology for everyday
business, the need to protect electronic data and
communication from malicious attack has become
increasingly critical. This thesis addresses the rogue
system problem, a significant threat in modern networks.
A rogue system is a device installed within a network
without the authorization or knowledge of network
administrators, which is typically engaged in
unauthorized activities. These systems pose a major threat
to network data and resources, potentially resulting in the
exposure of sensitive information or network
performance degradation. This thesis presents analysis
and solutions for rogue system threats within a
cooperative distributed network environment and within
various types of wireless environments. In addition, a tool
is presented which enables high speed network packet
logging, for the purpose of rogue system detection, using
inexpensive equipment in a scalable distributed storage
infrastructure. Also the development of a secure
communication protocol which protects a distributed
network from potential rogue system attacks while
enabling the implementation of bandwidth conservation
techniques for efficiency. An important enhancement of a
standard wireless communication protocol is for the
purpose of preventing both insider and outsider rogue
eavesdropping attacks. A novel packet payload slicing
technique for the purpose of detecting rogue wireless
access points within a corporate network environment.
Analyses of the potential of host-based rogue wireless
man-in the middle attack detection. The development of a
tool for high speed traffic analysis is to aid in rogue
system detection. Rogue system threats will continue to
grow as networks become more complex and new attack
techniques evolve to better evade detection. The future
direction of this work includes applying these techniques
to newly identified threats for the purpose of gauging the
effectiveness of the proposed methods and to aid in
discovering new means of defending against rogue system
attacks. In addition, rogue threats in less traditional types
of network environments, such as peer-to-peer and
personal area networks, will be addressed in order to
provide protection from all means of electronic rogue
system attacks.
round-trip time (LRTT).
Introduction
The expanse of the Internet has provided a means for
millions of people to quickly access information from
almost anywhere in the world. Not only can one
gather a vast amount of news, facts, and other public
information, but access to private data such as bank
accounts, corporate information, and confidential
email is readily available as well. The ability to
access this type of private data provides a great
incentive for mischievous parties to attack network
communication in order to steal this confidential
data. It is important for users and administrators of
computer networks to be able to protect against many
different methods of attack. One method of executing
a variety of types of attacks is through the use of
Rogue systems. This thesis presents solutions for
defending against rogue system attacks and detecting
the existence of such systems [1].
Corporate Networks-
For the purpose of this dissertation the term
“corporate network” refers generally to a network
which is centrally managed and is comprised of data
servers and a number of individual end user systems.
Such networks contain valuable company
information including employee personal data,
customer information, financial information, and
possibly trade secrets. Whether the company is a
small business with only a few employees, or a
billion dollar international conglomerate, it is vital
that the information contained within the computer
network remain secure for the wellbeing of the
company. Network administrators who are charged
with protecting these corporate networks must be
prepared to defend against a wide variety of attacks.
Viruses and worms are two related types of attacks
which infiltrate computer networks by means such as
exploiting a weakness in an application running on
systems within the network. Viruses are characterized

 
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 12, DECEMBER 2010, ISSN 2151‐9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/  
WWW.JOURNALOFCOMPUTING.ORG     78
by a manual mechanism of spreading such as through
email. Worms, however, are self-propagating and
may infect a system without depending on some
action to be taken by a user of the victim system. The
effects of a worm or virus infection can vary greatly
as the infection is essentially a programming
executing on the victim system. The malicious
program can engage in activities such as erasing files,
copying data, forwarding the infection to other
systems, or consuming resources such as memory,
storage, and CPU [2] and [3].
Denial-of-Service (DoS) attacks may be very costly
to a company in terms of lost time and money. The
purpose of a DoS attack is to somehow render the
victim network useless, typically by overwhelming
the network or systems on the network resulting in
congestion levels which prevent the efficient flow of
data through the network. Distributed DoS (DDoS)
attacks are an extremely potent form of the attack
because in this scenario the attack is launched from a
large number of locations making identifying the
source of the attack very difficult. While the attack is
being executed employees may be unable to perform
their duties and customers may be unable to utilize
services. In terms of lost time and revenue, and the
degradation of customer satisfaction, the negative
impact can be dramatic.
An individual computer hacker gaining access to a
corporate system is a very targeted and dangerous
attack. This motive behind such a targeted attack is
typically for the purpose of obtaining some kind of
confidential information. Financial information,
private customer or employee data, and trade secrets
are all valuable pieces of information to an attacker.
The loss of such information may have a significant
negative impact on the finances of the company as
well as the reputation of the company. Protecting a
computer network requires the implementation of a
variety of devices and procedures. Firewalls, virus
scanners, and intrusion detection systems (IDS) are
commonly used devices which are designed to
protect a network from outside attack. Network
resources are typically password protected to prevent
access by unauthorized parties. Highly trained and
knowledgeable individuals are crucial in order to
administer the network protection plan. A plan which
utilizes knowledgeable personnel and state-or-the-art
security devices may provide an effective defense
against network attacks, however, attacks evolve and
new attacks are created leaving even highly protected
networks vulnerable to compromise.
Rogue Systems-
Figure is an example of a rogue wireless access point
which is discussed in detail in future chapters. In this
 
 
scenario a standard consumer grade wireless access
point has been configured and installed within a
corporate network. Network administrators typically
focus on protecting the gateway to the Internet in
order to prevent outsiders from entering the network.
However, in this case an outsider may be able to
associate with the rogue wireless access point to gain
access to the network. Thus, in order to fully secure
the network, administrators must not only protect the
gateway, but must defend against rogue devices
which may potentially exist in the network. Rogue
systems are not limited to wireless access points as
any network device could potentially be configured
to be a rogue system. This fact makes detecting rogue
systems very difficult as rogue systems can infiltrate
a network in many ways and engage in a variety of
malicious activities. Thus, network administrators
and end users must not only know what types of
rogue systems may exist, but must also know how to
detect or defend against these systems. This
dissertation addresses the rogue system problem
within a cooperative distributed network environment
and within various types of wireless environments.
Background
Unknown Rogue System-
Unknown rogue systems pose a significant threat to a
wide range of networks. Large corporate networks
are susceptible due to the vastness of the network and
difficulty of constantly monitoring all attached
devices and connection points. Wireless networks
make even small home networks vulnerable as the
physical boundaries of the network are expanded and
wireless data can be gathered from remote locations.
In order to properly secure electronic data it is
imperative to defend against rogue systems, thereby
protecting users, administrators, and associated
communication data. From the outset it may seem
that installing a rogue device in a network would be a
difficult task, especially in a tightly managed network
such as in a large corporation [2] and [4].
Wired Network Rogue System-
In a corporate network there is typically a significant
barrier-to-entry from being able to install a rogue
device close to the core of the network. This is a
physical barrier as access to core network hardware is
not accessible except by authorized personnel. A
rogue device deep within the routing infrastructure of
a network would be in position to do a significant
amount of damage in terms of data and system
compromise. However, it is not required that a rogue
device be installed in this manner in order to attack
network resources. The easiest access to a network is
obtained at the edge. Throughout corporate offices
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 12, DECEMBER 2010, ISSN 2151‐9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/  
WWW.JOURNALOFCOMPUTING.ORG     79
there are Ethernet jacks which are used to connect
desktop machines for employee use. These jacks may
be very easy to access and are an easy target for a
rogue device to be connected. It is possible that
unused Ethernet ports are not active and cannot be
used without the authorization of network
administrators. However, if this is the case an
authorized system can simply be disconnected from
the Ethernet jack and be replaced by the rogue
device. In a corporate network there is typically a
significant barrier-to- entry from being able to install
a rogue device close to the core of the network. This
is a physical barrier as access to core network
hardware is not accessible except by authorized
personnel. A rogue device deep within the routing
infrastructure of a network would be in position to do
a significant amount of damage in terms of data and
system compromise. However, it is not required that
a rogue device be installed in this manner in order to
attack network resources. The easiest access to a
network is obtained at the edge. Throughout
corporate offices there are Ethernet jacks which are
used to connect desktop machines for employee use.
These jacks may be very easy to access and are an
easy target for a rogue device to be connected. It is
possible that unused Ethernet ports are not active and
cannot be used without the authorization of network
administrators. However, if this is the case an
authorized system can simply be disconnected from
the Ethernet jack and be replaced by the rogue
device. Various security mechanisms may be in place
which identify the system connected to each Ethernet
port and would prevent a rogue device, without
modification, from being properly configured in the
network. A common method of doing this is through
MAC address filtering which depends on the MAC
address of the client machine for identifying network
systems. This information however is easily spoofed
and a rogue system can be configured to mimic the
settings of the authorized system. A rogue device can
launch a variety of attacks by injecting traffic into the
network or by mimicking the authorized system and
attempting to penetrate deep into the network
infrastructure [1], [2] and [4].
Wireless Network Rogue System-
Wireless rogue systems are very similar to wired
systems installed at the edge of a network. However,
an advantage of wireless attacks, from the attackers
perspective, is that a wireless rogue system may be
even easier to establish as physical access to the
network hardware is not required. As shown in
Figure, the attacker must only be within reach of the
wireless signal in order to attempt an attack. Similar
to wired spoofing, a wireless rogue device can spoof
certain settings which enable the ability to connect to
 
 
the wireless network. In addition, however, many
wireless networks require an encryption key or some
other type of authentication mechanism in order to
gain access to the network. If the encryption key can
be discovered or if the network does not require such
authentication then the rogue system can associate
with the network. Without connecting to an existing
wireless network other wireless attacks are still
possible. Mimicking an authorized network may trick
users into associating with a malicious wireless
network rather than the intended one. Passively
monitoring the wireless medium is another attack
which may result in the malicious device discovering
sensitive information [6].
Attack Environment and Problem Statement-
Computer security is a critical component of business
operations for companies ranging from small
businesses to international conglomerates. Corporate
networks can be extremely large and complex
making the task of securing the network extremely
challenging, even to a team of highly qualified
individuals. A key part of successfully defending a
network is the vigilant deployment of security
devices such as firewalls, virus scanners, intrusion
detection systems, and the ability of those devices to
quickly and accurately identify malicious intruders.
These security devices are most commonly deployed
in the network at the gateway, the point which
connects the corporate network with the outside
Internet. In terms of security, this is the most
important point of the network to protect as any
outside attack must pass through this pipe. However,
with the advent of inexpensive consumer grade
wireless access points a new entryway into the
network may be opened, without network
administrators knowing the door even exists. The
motives behind installing a Rogue Wireless Access
Point (RWAP) range from the purely benign to the
extremely vicious. From the benign perspective, an
employee may simply desire to use a personal
wireless device, such as a notebook computer or
PDA, on the corporate network. They would provide
a greater freedom of movement and allow the
employee to continue to receive email and access
other network resources. An attacker with malicious
intent, however, may seek to install the RWAP
specifically to enable remote access to network data
and resources. From the point-of-view of the network
administrator either case is just as dangerous as they
both put network resources at risk. Installing an
RWAP is not a highly technical task as configuration
steps are simple and are in fact designed for the
average home user to be able to create a wireless
network at home. Therefore, even an employee with
only basic computer skills can easily purchase an
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 12, DECEMBER 2010, ISSN 2151‐9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/  
WWW.JOURNALOFCOMPUTING.ORG     80
inexpensive WAP and quickly configure/install it
into a corporate network. Basic protection provided
by MAC filtering can be easily subverted by MAC
spoofing, a common feature of WAPs, enabling
simple integration into the wired network. Once the
device has been properly configured and installed the
backdoor has been opened for any malicious party
within reach of the wireless signal. Of course, the
most significant problem is the fact that system
administrators may be totally unaware that the
vulnerability even exists. The ability to quickly and
accurately detect the existence of an RWAP device is
vital to protecting the integrity of the network [1] and
[5].
The Rogue Identifying Packet Payload Slicer
(RIPPS) system which is designed to quickly and
accurately detect RWAPs using a novel technique
which overcomes the limitations discussed
previously. The system combines an active network
traffic conditioning technique with a packet timing
analysis to effectively detect when a new RWAP has
been activated on the network. The wireless medium
detection technique is based on a statistical analysis
of the local round-trip time (LRTT) of network
communication. The LRTT metric identifies
invariant characteristics of wired and wireless media,
enabling the identification of the connection type of a
host. While the LRTT metric is based on purely
passive network observation, it suffers due to the
limited number of optimally sized packets available
for analysis. Therefore, a packet payload slicing
technique is implemented which performs network
traffic conditioning to significantly enhance the
effectiveness of LRTT measurements. This
conditioning technique manipulates existing traffic
and does not require modifications to client systems
nor the ability to communicate directly with these
systems. RIPPS operates as a pass-through device
which works transparently to both clients and servers.
It conditions traffic by taking individual large TCP
packets and slicing them into many smaller packets.
This action enables the LRTT metric to quickly
exacerbate invariant physical characteristics of the
wireless medium while negating influences of
transmission speed capabilities. Through this process,
RIPPS is able to quickly and efficiently identify
unauthorized WAPs with minimal false alarms.
Furthermore, RIPPS incorporates intelligent dynamic
triggers to selectively monitor hosts, thus resulting in
a minimal impact on the overall performance of
monitored systems and the network in general [2] and
[4].
 
 
Proposed Techniques and Algorithm
Our thesis work on the Rogue Identifying Packet
Payload Slicer (RIPPS) system which is designed to
quickly and accurately detect RWAPs using a novel
technique which overcomes the limitations discussed
previously. The system combines an active network
traffic conditioning technique with a packet timing
analysis to effectively detect when a new RWAP has
been activated on the network. The wireless medium
detection technique is based on a statistical analysis
of the local round-trip time (LRTT) of network
communication. The LRTT metric identifies
invariant characteristics of wired and wireless media,
enabling the identification of the connection type of a
host. While the LRTT metric is based on purely
passive network observation, it suffers due to the
limited number of optimally sized packets available
for analysis. Therefore, a packet payload slicing
technique is implemented which performs network
traffic conditioning to significantly enhance the
effectiveness of LRTT measurements. This
conditioning technique manipulates existing traffic
and does not require modifications to client systems
nor the ability to communicate directly with these
systems. RIPPS operates as a pass-through device
which works transparently to both clients and servers.
It conditions traffic by taking individual large TCP
packets and slicing them into many smaller packets.
This action enables the LRTT metric to quickly
exacerbate invariant physical characteristics of the
wireless medium while negating influences of
transmission speed capabilities. Through this process,
RIPPS is able to quickly and efficiently identify
unauthorized WAPs with minimal false alarms.
Furthermore, RIPPS incorporates intelligent dynamic
triggers to selectively monitor hosts, thus resulting in
a minimal impact on the overall performance of
monitored systems and the network in general.
Metric Description-
Latency of network based communication can be
viewed as the result of either WAN-side or LAN-side
effects. WAN-side latency is the result of many
factors which can vary significantly between
communication sessions and especially between
differing communication host pairings. On the other
hand, LAN-side latency, while not constant, is the
result of a more controlled and consistent
environment. Therefore, the metric is limited to the
RTT associated only with LAN-side traffic in order
to remove WAN-side jitter effects and emphasize the
connectivity medium of hosts in the LAN. Local
round-trip time is a measurement of the time delay
between a message to and response from a specific
host in the LAN. A sensor placed at the edge of the
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 12, DECEMBER 2010, ISSN 2151‐9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/  
WWW.JOURNALOFCOMPUTING.ORG     81
LAN collects data in a passive manner. The metric is
obtained by categorizing packets based on
source/destination pairing and storing both a
timestamp as well as an expected acknowledgment
(ACK) number based on the sequence number in the
packet, as described in Algorithm 1. The timestamp
associated with the messages is calculated solely by
the sensor; hence the relative time between messages
is consistent and free from time synchronization
problems. Outbound packets are similarly classified
by source/destination pairs and the ACK number
from the TCP header is compared to the expected
ACK numbers calculated previously, as described in
Algorithm 2. The LRTT is the time difference
between incoming packets and corresponding ACK
packets as observed by the monitor.
//
for each packet do
identify destination host host
if monitoring host
calculate expected ACK ACKEXP
store time stamp and ACKEXP
end if
forward packet to host
end for
//
Figure: Algorithm 1 Calculating Local RTT -
Inbound Packet Processing
The LRTT is influenced by a variety of factors. First
and foremost, the metric is influenced by the
transmission medium between the monitoring system
and host. The purpose of RIPPS is to isolate this
influence in order to accurately identify the
transmission type.
A second influence is the packet size of
communication data. The variance in packet size
results in varying LRTT values for a single host
which may cause misleading results when comparing
hosts to one another. This problem can be eliminated
by calculating multiple LRTT values each based on
packets of uniform size. LRRT values calculated with
small packets are desirable in that small packets
minimize the influence of bandwidth capabilities on
packet timing metrics, while large packets maximize
the previous effects.
 
 
//
for each packet arrival do
identify source host host
if monitoring host
if ACK flag set
match ACK = ACKEXP
get stored time stamp TSold
calculate LRTT = TSnew − TSold
end if
end if
forward packet to destination
end for
//
Figure: Algorithm 2 Calculating Local RTT -
Outbound Packet Processing
Packet Slicing and Implementation-
Packet slicing is a network traffic conditioning
technique which serves as the key component of
RIPPS. This technique has three vital properties
which make it an ideal solution for RWAP detection.
First, packet slicing dramatically increases the
percentage of network data which can be utilized in
detecting RWAPs. Second, it maintains consistency
with passive monitoring techniques as direct
communication with suspect hosts is not required.
Finally, packet slicing eliminates the temporal
spacing problem, resulting in a greater ability to
quickly identify wireless devices.
The general concept of packet slicing is simple, yet it
improves transmission medium identification
capabilities many fold. As discussed previously,
small and large packets make up the vast majority of
network traffic. However, from a client perspective,
the percentage of small incoming packets is much
less than the percentage of all traffic. This is due to
the characteristic of clients receiving large data
packets and responding with small ACK packets. The
goal of RIPPS is to take these large ingress packets
and condition them for use in LRTT metrics by
slicing payloads and creating many new smaller
packets. To describe the implementation of packet
slicing, the processing of a single flow from SYN to
FIN is illustrated. Figure provides a visual
representation of the process. TCP requires a three-
way handshake to establish communication. A client,
A requests a connection with a server, B, by sending a
SYN packet. RIPPS identifies the SYN packet and
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 12, DECEMBER 2010, ISSN 2151‐9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/  
WWW.JOURNALOFCOMPUTING.ORG     82
notes the source host, sequence (SEQ) number, and
the port number. B responds with a SYN/ACK,
followed by an ACK from A, completing the
handshake. Once communication is established,
RIPPS monitors incoming traffic for packets with the
appropriate destination address and port number.
Based on a size threshold, s, RIPPS filters the
identified packets. Packets which are smaller than s
are forwarded on as normal. Larger packets are
queued for slicing. Packet payload slicing essentially
spreads a single payload over multiple packets,
attaching each payload slice to an appropriate header.
The headers from the original packet are used to
easily create valid headers for each new packet. The
Ethernet header is unchanged from the original, and
the IP and TCP headers are modified slightly to
validate the newly created packet.
Figure: Processing flow of packets for the packet
slicing system
After modifying appropriate header fields, including
checksums, the slice is forwarded on to A. TCP is
designed to handle out-of-order packet arrival,
therefore, it is not an issue if, for some reason, RIPPS
causes a change in the delivery order of packets.
From the viewpoint of A, communication flow
appears normal, and corresponding ACKs are
generated and sent to B. To provide the same
transparency to B, RIPPS modifies outgoing traffic
by assembling multiple ACKs from A into a single
ACK packet as would have been generated if slicing
did not take place.
The packet slicing activity of the RIPPS system
creates additional network overhead as will be
detailed later. However, it is noted that the packet
slicing activity of RIPPS is not always on, but is used
periodically by intelligently selecting which hosts
should be monitored and when monitoring should be
performed. Therefore, the impact on individual host
 
 
systems which are being monitored, and on the
overall network is minimal.
Results
The overall performance of the system can be
determined by measuring the packet loss on the
server while varying the number of clients and the
speed of the input data. The packet loss rate of the
system with only a single client logging packets. The
input speed is the average speed over the trace file
replay. Peak bandwidth during the replay is
approximately 50% higher than the average speed. A
single client is able to avoid packet loss at
approximately an average bandwidth speed of
85Mb/s. At higher rates the storage buffer of the
server reaches maximum capacity and packets are
lost. As the average bandwidth rate increases, Packet
Loss Rate (%) the system reaches a threshold where
the buffer loses all effectiveness and extreme packet
loss occurs. This can be seen in each case where a
dramatic increase in packet loss occurs. At an
average data rate of approximately 375Mb/s the
number of dropped packets for the five client system
is non-zero, although somewhat negligible (0.6%).
Figure- Bandwidth overhead generated by RIPPS as
a percentage of overall TCP traffic
The overhead is measured as a percentage of TCP
traffic only. If all types of network traffic are
considered, the percentage would be even lower.
Nevertheless, at a high monitoring rate of 10 minutes
RIPPS generates only 1.21% bandwidth overhead. A
session length of this short duration would be
somewhat aggressive and may be deemed
unnecessary for a specific network environment. In
cases where monitoring is only necessary every hour,
the bandwidth overhead drops to 0.41%. This shows
that RIPPS has only a very minor impact on overall
network congestion.
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 12, DECEMBER 2010, ISSN 2151‐9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/  
WWW.JOURNALOFCOMPUTING.ORG     83
Conclusion and Future Work
The importance of computer security continues to
grow as the reach of the Internet spreads and the
dependence on networks for daily business increases.
A system or network which has been compromised
by a successful attack can result in an extremely high
amount of lost time and money. Individuals and
organizations must protect valuable information and
resources by building defenses against attacks and
establishing means of identifying currently active or
already successful attacks. Many types of attacks can
stem from the presence of a rogue system within a
network. Rogue systems are devices which are
unknown to system administrators and users, and are
engaged in malicious behavior. This dissertation has
presented new approaches to aid in the defense
against rogue systems in order to protect individuals
and organizations.
The weaknesses in communication standards will be
investigated on a per-environment basis in order
provide increased overall protection for users.
Perhaps the most challenging future work will be in
addressing detection techniques for current and
newly discovered attack techniques.
 
References
[1] S .Bose and A. Kannan, “Detecting Denial of
Service Attacks using Cross Layer based Intrusion
Detection System in Wireless Ad Hoc Networks”,
IEEE international conference on Signal Processing,
Communications and Networking, ICSCN '08, pp.
182 – 188, Jan 2008.
[2] Matthew Smith, Michael Engel, Thomas Friese,
Bernd Freisleben , “Security Issues in On-Demand
Grid and Cluster Computing”, 6th IEEE
International Symposium on Cluster Computing and
the Grid Workshop, vol. 2. pp. 14, 2006.
[3] Xuhua Ding, Shuhong Wang,Baihua Zheng,
“Secure Real-time User Preference Collection for
Broadcast Scheduling”, IEEE Securecomm and
Workshops, pp. 1-10, 2006.
[4] Fei Wang, Yijun Mo, Student Member, IEEE and
Benxiong Huang, “Defending Reputation System
against False Recommendation in Mobile Ad Hoc
Network” IEEE International Conference on
Networking, Sensing and Control, ICNSC 2008, pp.
488 – 493, 2008.
[5] Darcy Hagedorn, Bruce Honda, Dick Peterson,
“Process Control Security Journey”, IEEE Annual
Technical Conference on Pulp and Paper Industry,
pp. 131-137, 2007.
 
 
[6] Bharath Madhusudan, John Lockwood, “Design of
a System for Real-Time Worm Detection”, 12th
Annual IEEE Symposium on High Performance
Interconnects, pp. 77 – 83, 2004.
[7] Atul Adya, Paramvir Bahl, Ranveer Chandra, and
Lili Qiu, “Architecture and techniques for
diagnosing faults in IEEE 802.11 infrastructure
networks”, 10th annual ACM international
conference on Mobile computing and networking,
MobiCom’04, , pp. 30–44, September 2004.
[8] IEEE Std 802.11: IEEE Standard for Wireless LAN
Medium Access Control (MAC) and Physical Layer
(PHY) Specification, June 1997.
[9] Broadcom radically simplifies the Wi-Fi setup
experience. Press Release, Broadcom Corporation,
May 2004.
[10] Giuseppe Ateniese, Michael Steiner, and Gene
Tsudik, “New multiparty authentication services
and key agreement protocols”, IEEE Journal on
Selected Areas in Communications, vol. 18, no. 4,
pp. 628–639, 2000.
[11] Steven M. Bellovin, “Spamming, phishing,
authentication, and privacy”, Communications of
the ACM, vol. 47, no. 12, pp. 144, Dec. 2004.
[12] Robert Beverly, “A robust classifier for passive
TCP/IP fingerprinting”, 5th International Workshop
on Passive and Active Network Measurement, pp.
158–167, April 2004.
[13] Raheem Beyah, Shantanu Kangude, George Yu,
Brian Strickland, and John opeland, “Rogue access
point detection using temporal traffic
characteristics”, IEEE Global Telecommunications
Conference, GLOBECOM'04, pp. 2271–2275,
December 2004.
[14] Michael Collins, Michael K. Reiter, “An empirical
analysis of target-resident DoS filters”, IEEE
Symposium on Security and Privacy, pp. 103–114,
May 2004.
[15] C. Diot and L. Gautier, “A distributed architecture
for multiplayer interactive applications on the
internet”, IEEE Networks magazine, vol. 13, issue
4, pp. 6–15, July-August 1999.