With the expanse of the Internet and the increased reliance on computer networking technology for everyday business, the need to protect electronic data and communication from malicious attack has become increasingly critical. This dissertation addresses the rogue system problem, a significant threat in modern networks. A rogue system is a device installed within a network without the authorization or knowledge of network administrators, which is typically engaged in unauthorized activities. These systems pose a major threat to network data and resources, potentially resulting in the exposure of sensitive information or network performance degradation. This dissertation presents analysis and solutions for rogue system threats within a cooperative distributed network environment and within various types of wireless environments. In addition, a tool is presented which enables high speed network packet logging, for the purpose of rogue system detection, using inexpensive equipment in a scalable distributed storage infrastructure.
The major contributions of this dissertation are as follows. The development of a secure communication protocol which protects a distributed network from potential rogue system attacks while enabling the implementation of bandwidth conservation techniques for efficiency. An important enhancement of a standard wireless communication protocol for the purpose of preventing both insider and outsider rogue eavesdropping attacks. A novel packet payload slicing technique for the purpose of detecting rogue wireless access points within a corporate network environment. An analysis of the potential of host-based rogue wireless man-in-the-middle attack detection. The development of a tool for high speed traffic analysis to aid in rogue system detection.
Rogue system threats will continue to grow as networks become more complex and new attack techniques evolve to better evade detection. The future direction of this work includes applying these techniques to newly identified threats for the purpose of gauging the effectiveness of the proposed methods and to aid in discovering new means of defending against rogue system attacks. In addition, rogue threats in less traditional types of network environments, such as peer-to-peer and personal area networks, will be addressed in order to provide protection from all means of electronic rogue system attacks.