The Community for Technology Leaders
RSS Icon
Issue No.01 - Jan. (2014 vol.13)
pp: 216-229
Keren Tan , Inst. for Security, Technol., & Soc., Dartmouth Coll., Hanover, NH, USA
Chris McDonald , Sch. of Comput. Sci. & Software Eng., Univ. of Western Australia, Crawley, WA, Australia
Bennet Vance , Inst. for Security, Technol., & Soc., Dartmouth Coll., Hanover, NH, USA
Chrisil Arackaparambil , Inst. for Security, Technol., & Soc., Dartmouth Coll., Hanover, NH, USA
Sergey Bratus , Inst. for Security, Technol., & Soc., Dartmouth Coll., Hanover, NH, USA
David Kotz , Inst. for Security, Technol., & Soc., Dartmouth Coll., Hanover, NH, USA
The edge of the Internet is increasingly becoming wireless. Therefore, monitoring the wireless edge is important to understanding the security and performance aspects of the Internet experience. We designed and implemented a large-scale WLAN monitoring system, the Dartmouth Internet security testbed (DIST), at Dartmouth College. It is equipped with distributed arrays of "sniffers" that cover 210 diverse campus locations and more than 5,000 users. In this paper, we describe our approach, designs, and solutions for addressing the technical challenges that have resulted from efficiency, scalability, security, and management perspectives. We also present extensive evaluation results on a production network, and summarize the lessons learned.
Monitoring, Servers, Security, Wireless LAN, IEEE 802.11 Standards, Wireless communication, Communication system security,security, Monitoring, Servers, Security, Wireless LAN, IEEE 802.11 Standards, Wireless communication, Communication system security, scalability, Network measurement, optimization, wireless network, 802.11, WLAN
Keren Tan, Chris McDonald, Bennet Vance, Chrisil Arackaparambil, Sergey Bratus, David Kotz, "From MAP to DIST: The Evolution of a Large-Scale WLAN Monitoring System", IEEE Transactions on Mobile Computing, vol.13, no. 1, pp. 216-229, Jan. 2014, doi:10.1109/TMC.2012.237
[1] D. Kotz and K. Essien, "Analysis of a Campus-Wide Wireless Network," Wireless Networks, vol. 11, nos. 1/2, pp. 115-133, Jan. 2005.
[2] T. Henderson, D. Kotz, and I. Abyzov, "The Changing Usage of a Mature Campus-Wide Wireless Network," Computer Networks, vol. 52, no. 14, pp. 2690-2712, Oct. 2008.
[3] U. Deshpande, C. McDonald, and D. Kotz, "Refocusing in 802.11 Wireless Measurement," Proc. Passive and Active Measurement Conf. (PAM '08), Apr. 2008.
[4] U. Deshpande, C. McDonald, and D. Kotz, "Coordinated Sampling to Improve the Efficiency of Wireless Network Monitoring," Proc. IEEE 15th Int'l Conf. Networks (ICON), Nov. 2007.
[5] Y. Sheng, K. Tan, G. Chen, D. Kotz, and A. Campbell, "Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength," Proc. IEEE INFOCOM, Apr. 2008.
[6] Y. Sheng, G. Chen, H. Yin, K. Tan, U. Deshpande, B. Vance, D. Kotz, A. Campbell, C. McDonald, T. Henderson, and J. Wright, "MAP: A Scalable Monitoring System for Dependable 802.11 Wireless Networks," IEEE Wireless Comm., vol. 15, no. 5, pp. 10-18, Oct. 2008.
[7] K. Tan, G. Yan, J. Yeo, and D. Kotz, "Privacy Analysis of User Association Logs in a Large-Scale Wireless LAN," Proc. IEEE INFOCOM, Apr. 2011.
[8] A. Balachandran, G.M. Voelker, P. Bahl, and P.V. Rangan, "Characterizing User Behavior and Network Performance in a Public Wireless LAN," SIGMETRICS Performance Evaluation Rev., vol. 30, no. 1, pp. 195-205, 2002.
[9] M. Afanasyev, T. Chen, G.M. Voelker, and A.C. Snoeren, "Analysis of a Mixed-Use Urban Wi-Fi Network: When Metropolitan Becomes Neapolitan," Proc. ACM SIGCOMM Conf. Internet Measurement (IMC), 2008.
[10] Y.-C. Cheng, J. Bellardo, P. Benkö, A.C. Snoeren, G.M. Voelker, and S. Savage, "Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis," SIGCOMM Computer Communication Rev., vol. 36, no. 4, pp. 39-50, 2006.
[11] P. Bahl, R. Chandra, J. Padhye, L. Ravindranath, M. Singh, A. Wolman, and B. Zill, "Enhancing the Security of Corporate Wi-Fi Networks Using DAIR," Proc. ACM MobiSys, 2006.
[12] V. Kone, M. Zheleva, M. Wittie, B.Y. Zhao, E.M. Belding, H. Zheng, and K. Almeroth, "AirLab: Consistency, Fidelity and Privacy in Wireless Measurements," SIGCOMM Computer Comm. Rev., vol. 41, pp. 60-65, Jan. 2011.
[13] "Aruba Networks," http:/, 2013.
[14] "OpenWrt," http:/, 2013.
[15] U. Deshpande, T. Henderson, and D. Kotz, "Channel Sampling Strategies for Monitoring Wireless Networks," Proc. Second Int'l Workshop Wireless Network Measurement (WiNMee), Apr. 2006.
[16] M. Raya, J.-P. Hubaux, and I. Aad, "DOMINO: Detecting MAC Layer Greedy Behavior in IEEE 802.11 Hotspots," IEEE Trans. Mobile Computing, vol. 5, no. 12, pp. 1691-1705, Dec. 2006.
[17] R. Mahajan, M. Rodrig, D. Wetherall, and J. Zahorjan, "Analyzing the MAC-Level Behavior of Wireless Networks in the Wild," SIGCOMM Computer Comm. Rev., vol. 36, no. 4, pp. 75-86, 2006.
[18] S. Bratus, D. Kotz, K. Tan, W. Taylor, A. Shubina, B. Vance, and M.E. Locasto, "Dartmouth Internet Security Testbed (DIST): Building a Campus-Wide Wireless Testbed," Proc. Workshop Cyber Security Experimentation and Test (CSET), Aug. 2009.
[19] "Nagios - The Industry Standard in IT Infrastructure Monitoring," http:/, 2013.
[20] "Cacti: The Complete RRDTool-Based Graphing Solution," http:/, 2013.
[21] "TCPDUMP/LIBPCAP Public Repository," http:/www., 2013.
[22] "Wireshark," http:/, 2013.
[23] "Kismet," http:/, 2013.
[24] "MadWifi Project," http:/, 2013.
[25] K. Tan and D. Kotz, "Saluki: A High-Performance Wi-Fi Sniffing Program," Proc. Int'l Workshop Wireless Network Measurements (WiNMee), May 2010.
[26] K. Tan, "Large-Scale Wireless Local-Area Network Measurement and Privacy Analysis," PhD dissertation, Dartmouth College, , Aug. 2011.
[27] "Linux Packet MMap," http://wiki.ipxwarzone.comindex. php5?title=Linux_packet_mmap , 2013.
[28] T.A. Welch, "A Technique for High-Performance Data Compression," Computer, vol. 17, no. 6, pp. 8-19, 1984.
[29] "QuickLZ," http:/, 2013.
[30] "FastLZ," http:/, 2013.
[31] M. Robshaw, "The eSTREAM Project," New Stream Cipher Designs: The eSTREAM Finalists, 2008.
[32] P. Ekdahl and T. Johansson, "A New Version of the Stream Cipher SNOW," Proc. Revised Papers from the Ann. Int'l Workshop Selected Areas in Cryptography (SAC), 2003.
[33] "The Keyed-Hash Message Authentication Code (HMAC)," Information Technology Laboratory at NIST, fips-198a.pdf, 2011.
[34] O. Gay, "HMAC-SHA2,", 2013.
[35] K. Tan, J. Yeo, M.E. Locasto, and D. Kotz, "Catch, Clean, and Release: A Survey of Obstacles and Opportunities for Network Trace Sanitization," Privacy-Aware Knowledge Discovery: Novel Applications and New Techniques, F. Bonchi and E. Ferrari, eds., Chapman and Hall/CRC, Dec. 2010.
[36] A.G. Miklas, S. Saroiu, A. Wolman, and A.D. Brown, "Bunker: A Privacy-Oriented Platform for Network Tracing," Proc. USENIX Symp. Networked Systems Design and Implementation (NSDI), Apr. 2009.
[37] "Libpcap with MMAP," http://public.lanl.govcpw, 2013.
[38] "Iperf,", 2013.
[39] "Cisco Cleanair,", 2013.
[40] A. Lakhina, M. Crovella, and C. Diot, "Mining Anomalies Using Traffic Feature Distributions," SIGCOMM Computer Comm. Rev., vol. 35, no. 4, pp. 217-228, 2005.
[41] G. Nychis, V. Sekar, D.G. Andersen, H. Kim, and H. Zhang, "An Empirical Evaluation of Entropy-Based Traffic Anomaly Detection," Proc. ACM SIGCOMM Conf. Internet Measurement (IMC), 2008.
[42] C. Arackaparambil, S. Bratus, J. Brody, and A. Shubina, "Distributed Monitoring of Conditional Entropy for Anomaly Detection in Streams," Proc. IEEE Workshop Scalable Stream Processing Systems (SSPS), 2010.
[43] W. Lee and D. Xiang, "Information-Theoretic Measures for Anomaly Detection," Proc. IEEE Symp. Security and Privacy (S&P), 2001.
[44] C. Arackaparambil, "Anomaly Detection in Network Streams through a Distributional Lens," PhD dissertation, Dartmouth College, , Sept. 2011.
[45] "Backtrack Linux," http:/, 2013.
[46] "The Metasploit Project," http:/, 2013.
[47] S. Bratus, C. Cornelius, D. Kotz, and D. Peebles, "Active Behavioral Fingerprinting of Wireless Devices," Proc. ACM Conf. Wireless Network Security (WiSec), 2008.
[48] N. Alon, Y. Matias, and M. Szegedy, "The Space Complexity of Approximating the Frequency Moments," Proc. Ann. ACM Symp. Theory of Computing (STOC), 1996.
[49] N.J.A. Harvey, J. Nelson, and K. Onak, "Sketching and Streaming Entropy via Approximation Theory," Proc. IEEE Ann. Symp. Foundations of Computer Science (FOCS), 2008.
[50] R. Beyah and A. Venkataraman, "Rogue-Access-Point Detection: Challenges, Solutions, and Future Directions," IEEE Security Privacy, vol. 9, no. 5, pp. 56-61, Sept./Oct. 2011.
[51] AUSCERT Advisory, "Denial of Service Vulnerability in IEEE 802.11 Wireless Devices," html?it=4091 , 2013.
[52] J. Bellardo and S. Savage, "802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions," Proc. USENIX Security Symp., Aug. 2003.
[53] "Community Resource for Archiving Wireless Data at Dartmouth (CRAWDAD)," http:/, 2013.
135 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool