{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T15:56:17Z","timestamp":1761580577102,"version":"3.41.0"},"reference-count":15,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2008,3,1]],"date-time":"2008-03-01T00:00:00Z","timestamp":1204329600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS03-47392"],"award-info":[{"award-number":["CNS03-47392"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2008,3]]},"abstract":"Wireless network access has become an integral part of computing both at home and at the workplace. The convenience of wireless network access at work may be extremely beneficial to employees, but can be a burden to network security personnel. This burden is magnified by the threat of inexpensive wireless access points being installed in a network without the knowledge of network administrators. These devices, termed <it>Rogue Wireless Access Points<\/it>, may allow a malicious outsider to access valuable network resources, including confidential communication and other stored data. For this reason, wireless connectivity detection is an essential capability, but remains a difficult problem. We present a method of detecting wireless hosts using a local RTT metric and a novel packet payload slicing technique. The local RTT metric provides the means to identify physical transmission media while packet payload slicing conditions network traffic to enhance the accuracy of the detections. Most importantly, the packet payload slicing method is transparent to both clients and servers and does not require direct communication between the monitoring system and monitored hosts.<\/jats:p>","DOI":"10.1145\/1330332.1330334","type":"journal-article","created":{"date-parts":[[2008,2,28]],"date-time":"2008-02-28T14:02:33Z","timestamp":1204207353000},"page":"1-23","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":39,"title":["RIPPS"],"prefix":"10.1145","volume":"11","author":[{"given":"Chad D.","family":"Mano","sequence":"first","affiliation":[{"name":"University of Notre Dame"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrew","family":"Blaich","sequence":"additional","affiliation":[{"name":"University of Notre Dame"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qi","family":"Liao","sequence":"additional","affiliation":[{"name":"University of Notre Dame"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yingxin","family":"Jiang","sequence":"additional","affiliation":[{"name":"University of Notre Dame"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David A.","family":"Cieslak","sequence":"additional","affiliation":[{"name":"University of Notre Dame"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David C.","family":"Salyers","sequence":"additional","affiliation":[{"name":"University of Notre Dame"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aaron","family":"Striegel","sequence":"additional","affiliation":[{"name":"University of Notre Dame"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2008,5]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1023720.1023724"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/637201.637243"},{"key":"e_1_2_1_3_1","volume-title":"5th International Workshop<\/it>. 158--167","author":"Beverly R.","year":"2004","unstructured":"Beverly , R. 2004 . A robust classifier for passive TCP\/IP fingerprinting. In <it>Proceedings of Passive and Active Network Measurement , 5th International Workshop<\/it>. 158--167 . Beverly, R. 2004. A robust classifier for passive TCP\/IP fingerprinting. In <it>Proceedings of Passive and Active Network Measurement, 5th International Workshop<\/it>. 158--167."},{"key":"e_1_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Beyah R. Kangude S. Yu G. Strickland B. and Copeland J. 2004. Rogue access point detection using temporal traffic characteristics. In <it>Proceedings of IEEE Global Telecommunications Conference (GLOBECOM'04)<\/it>. 2271--2275. Beyah R. Kangude S. Yu G. Strickland B. and Copeland J. 2004. Rogue access point detection using temporal traffic characteristics. In <it>Proceedings of IEEE Global Telecommunications Conference (GLOBECOM'04)<\/it>. 2271--2275.","DOI":"10.1109\/GLOCOM.2004.1378413"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1011329512150"},{"key":"e_1_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Chirumamilla M. K. and Ramamurthy B. 2003. Agent based intrusion detection and response system for wireless lans. In <it>Proceedings of IEEE International Conference on Communications<\/it>. Vol. 1. 492--496. Chirumamilla M. K. and Ramamurthy B. 2003. Agent based intrusion detection and response system for wireless lans. In <it>Proceedings of IEEE International Conference on Communications<\/it>. Vol. 1. 492--496.","DOI":"10.1109\/ICC.2003.1204225"},{"key":"e_1_2_1_7_1","unstructured":"Deraison R. and Gula R. 2003. Using nessus to detect wireless acccess points. Tenable Network Security. http:\/\/www.tenablesecurity.com\/papers.html. Deraison R. and Gula R. 2003. Using nessus to detect wireless acccess points. Tenable Network Security. http:\/\/www.tenablesecurity.com\/papers.html."},{"key":"e_1_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Guo F. and Chiueh T. 2006. Sequence number-based mac address spoof detection. <it>EURASIP J. Wirel. Commu. Network.<\/it> Guo F. and Chiueh T. 2006. Sequence number-based mac address spoof detection. <it>EURASIP J. Wirel. Commu. Network.<\/it>","DOI":"10.1007\/11663812_16"},{"key":"e_1_2_1_9_1","unstructured":"Handley M. Paxson V. and Kreibich C. 2001. Network intrusion detection: Evasion traffic normalization and end-to-end protocol semantics. In <it>Proceedings of USENIX Security Symposium (USENIX'01)<\/it>. Handley M. Paxson V. and Kreibich C. 2001. Network intrusion detection: Evasion traffic normalization and end-to-end protocol semantics. In <it>Proceedings of USENIX Security Symposium (USENIX'01)<\/it>."},{"key":"e_1_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Henning R. R. 2003. Vulnerability assessment in wireless networks. In <it>Symposium on Applications and the Internet Workshops<\/it>. 358--362. Henning R. R. 2003. Vulnerability assessment in wireless networks. In <it>Symposium on Applications and the Internet Workshops<\/it>. 358--362.","DOI":"10.1109\/SAINTW.2003.1210186"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/118544.118549"},{"key":"e_1_2_1_13_1","volume-title":"Sting: A TCP-based network measurement tool. In <it>USENIX Symposium on Internet Technologies and Systems<\/it>.","author":"Savage S.","year":"1999","unstructured":"Savage , S. 1999 . Sting: A TCP-based network measurement tool. In <it>USENIX Symposium on Internet Technologies and Systems<\/it>. Savage, S. 1999. Sting: A TCP-based network measurement tool. In <it>USENIX Symposium on Internet Technologies and Systems<\/it>."},{"key":"e_1_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Weaver N. Paxson V. and Sommer R. 2006. Work in progress: Bro-LAN pervasive network inspection and control for LAN traffic. In <it>Workshop on Enterprise Network Security<\/it>. Weaver N. Paxson V. and Sommer R. 2006. Work in progress: Bro-LAN pervasive network inspection and control for LAN traffic. In <it>Workshop on Enterprise Network Security<\/it>.","DOI":"10.1109\/SECCOMW.2006.359568"},{"key":"e_1_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Wei W. Suh K. Gu Y. Wang B. and Kurose J. 2006. Passive online rogue access point detection using sequential hypothesis testing with tcp ack-pairs. UMass CMPSCI Tech. rep. 2006-60. Wei W. Suh K. Gu Y. Wang B. and Kurose J. 2006. Passive online rogue access point detection using sequential hypothesis testing with tcp ack-pairs. UMass CMPSCI Tech. rep. 2006-60.","DOI":"10.1145\/1298306.1298357"},{"key":"e_1_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Wei W. Wang B. Zhg C. Kurose J. and Towsley D. 2005. Classification of access network types: Ethernet Wireless LAN ADSL Cable Modem or Dialup? In <it>Proceedings of Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM'05)<\/it>. 1060--1071. Wei W. Wang B. Zhg C. Kurose J. and Towsley D. 2005. Classification of access network types: Ethernet Wireless LAN ADSL Cable Modem or Dialup? In <it>Proceedings of Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM'05)<\/it>. 1060--1071.","DOI":"10.1109\/INFCOM.2005.1498334"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1330332.1330334","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1330332.1330334","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T14:47:31Z","timestamp":1750258051000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1330332.1330334"}},"subtitle":["Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts Through Network Traffic Conditioning"],"short-title":[],"issued":{"date-parts":[[2008,3]]},"references-count":15,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2008,3]]}},"alternative-id":["10.1145\/1330332.1330334"],"URL":"https:\/\/doi.org\/10.1145\/1330332.1330334","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2008,3]]},"assertion":[{"value":"2006-01-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2007-07-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-05-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}