Detecting and preventing denial of service attacks due to fraudulent BSS color collision events

What is claimed is: 1. A method comprising: obtaining at a management entity for a wireless local area network (WLAN), from a first wireless access point using a first Basic Service Set (BSS) color, a color collision event detected by the first wireless access point, wherein a BSS color is an identifier included in transmissions by the first wireless access point to distinguish BSSs using a common or overlapped frequency channel and a color collision event occurs when the first wireless access point receives from a device in a BSS of a different physical wireless access point a frame or Physical Protocol Data Unit (PPDU) that includes the first BSS color; obtaining, from the first wireless access point, an indication of whether the color collision event has been detected for at least one of: a time period greater than a predetermined duration threshold, and an airtime percentage of PPDUs greater than a predetermined airtime percentage threshold; when the color collision event has been detected for the time period greater than the predetermined duration threshold and/or for the airtime percentage of PPDUs greater than the predetermined airtime percentage threshold, computing a probability of the color collision event; and determining whether to change the first BSS color of the first wireless access point based on whether the color collision event is benign or malicious according to the probability of the color collision event. 2. The method of claim 1 , further comprising: maintaining the first BSS color of the first wireless access point when the color collision event is malicious. 3. The method of claim 1 , wherein when the color collision event is malicious, the method further comprises at least one of: increasing the predetermined duration threshold; and notifying an administrator that there was a malicious color collision event. 4. The method of claim 1 , wherein the color collision event is determined to be malicious based on whether at least one of: the probability of the color collision event is less than a predetermined probability threshold and/or a number of color changes is greater than a predetermined number of color changes threshold; the color collision event has been occurring for less than a predetermined percentage of time; or no clients of a source of the color collision event have been detected in a preceding tracking window. 5. The method of claim 1 , wherein obtaining the indication comprises: tracking a number of times when a color change occurred in a previous time period; and comparing the number of times to a predetermined threshold. 6. The method of claim 1 , wherein computing the probability of the color collision event is based on a number of BSSs in a predetermined geographical area and colors each respective BSS is using. 7. The method of claim 1 , wherein the color collision event is determined to be benign when a source of the color collision event is a second wireless access point controlled by the management entity. 8. The method of claim 1 , wherein when the color collision event is benign, the method further comprises at least one of: changing the first BSS color used by the first wireless access point to a second BSS color; and directing n-hop neighbors of the first wireless access point not to use the first BSS color on the common or overlapped frequency channel, where n is a predetermined integer. 9. An apparatus comprising: a communication interface configured to enable network communications; and a microprocessor coupled with the communication interface, and configured to: obtain from a first wireless access point using a first Basic Service Set (BSS) color, a color collision event detected by the first wireless access point, wherein a BSS color is an identifier included in transmissions by the first wireless access point to distinguish different BSSs using a common or overlapped frequency channel and a color collision event occurs when the first wireless access point receives from a device in a BSS of a different physical wireless access point a frame or Physical Protocol Data Unit (PPDU) that includes the first BSS color; obtain, from the first wireless access point, an indication of whether the color collision event has been detected for at least one of: a time period greater than a predetermined duration threshold, and an airtime percentage of PPDUs greater than a predetermined airtime percentage threshold; when the color collision event has been detected for the time period greater than the predetermined duration threshold and/or for the airtime percentage of PPDUs greater than the predetermined airtime percentage threshold, compute a probability of the color collision event; and determine whether to change the first BSS color of the first wireless access point based on whether the color collision event is benign or malicious according to the probability of the color collision event. 10. The apparatus of claim 9 , wherein the microprocessor is further configured to: maintain the first BSS color of the first wireless access point when the color collision event is malicious. 11. The apparatus of claim 9 , wherein when the color collision event is malicious, the microprocessor is further configured to at least one of: increase the predetermined duration threshold; and notify an administrator that there was a malicious color collision event. 12. The apparatus of claim 9 , wherein the microprocessor is configured to determine the color collision event to be malicious based on whether at least one of: the probability of the color collision event is less than a predetermined probability threshold and/or a number of color changes is greater than a predetermined number of color changes threshold; the color collision event has been occurring for more than a predetermined percentage of time; or no clients of a source of the color collision event have been detected in a preceding tracking window. 13. The apparatus of claim 9 , wherein the microprocessor is further configured to: track a number of times when a color change occurred in a previous time period; and compare the number of times to a predetermined threshold. 14. The apparatus of claim 9 , wherein the microprocessor is configured to compute the probability of the color collision event based on a number of BSSs in a predetermined geographical area and colors each respective BSS is using. 15. The apparatus of claim 9 , wherein the microprocessor is configured to determine that the color collision event is benign when a source of the color collision event is a second wireless access point in a same administrative domain as the first wireless access point. 16. The apparatus of claim 9 , wherein when the color collision event is benign, the microprocessor is further configured to at least one of: change the first BSS color used by the first wireless access point to a second BSS color; and direct n-hop neighbors of the first wireless access point not to use the first BSS color on the common or overlapped frequency channel, where n is a predetermined integer. 17. One or more non-transitory computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to: obtain, at a management entity for a wireless local area network (WLAN) from a first wireless access point using a first Basic Service Set (BSS) color, a color collision event detected by the first wireless access point, wherein a BSS color is an identifier included in transmissions by the first wireless access point to distinguish different BSSs