Invisible Scout: A Layer 2 Anomaly System for Detecting Rogue Access Point (RAP)

Diki Arisandi, Nazrul M. Ahmad, Subarmaniam Kannan

Abstract


Rogue Access Points (RAPs) pose a significant security threat by mimicking legitimate Wi-Fi networks and potentially compromising sensitive data. To address this issue, this research has proposed an innovative mechanism called Invisible Scout, which uses a multi-module system to identify RAPs. This study aimed to develop and validate a mechanism capable of accurately detecting RAPs in controlled setups, real-world environments, and under de-authentication attack scenarios. The proposed system consists of four key modules: sniffer, detection, probing, and comparison. To evaluate its effectiveness, tests were conducted in controlled and open environments and under de-authentication scenarios, using decision tree models and various metrics to assess performance. The decision tree model showed promising results in the controlled setup, achieving an Area Under the Curve (AUC) score of 0.921 and classification accuracy (CA) of 0.875, indicating that the model effectively distinguished between legitimate access points and RAPs. When tested in an open environment, the model's performance improved, achieving an AUC score of 0.952 and a CA of 0.994. Furthermore, under a de-authentication attack, the model achieved an AUC score of 0.955 and a CA of 0.996. To gain a deeper understanding of RAP behaviors, linear regression analysis was conducted, revealing patterns and visualizing the existence of RAPs, which could assist in further analysis. In conclusion, the results demonstrated that the proposed mechanism was highly effective in identifying RAPs. Future research should focus on refining the detection mechanism, incorporating real-time response capabilities, and expanding testing to diverse network scenarios.

 

Doi: 10.28991/ESJ-2025-09-01-016

Full Text: PDF


Keywords


Anomaly; Beacon Frames; Client-Side Scenario; Invisible Scout; Layer 2; Rogue Access Point.

References


Pahlavan, K., & Krishnamurthy, P. (2021). Evolution and Impact of Wi-Fi Technology and Applications: A Historical Perspective. International Journal of Wireless Information Networks, 28(1), 3–19. doi:10.1007/s10776-020-00501-8.

Reshef, E., & Cordeiro, C. (2022). Future Directions for Wi-Fi 8 and Beyond. IEEE Communications Magazine, 60(10), 50–55. doi:10.1109/MCOM.003.2200037.

Tian, L., Santi, S., Seferagić, A., Lan, J., & Famaey, J. (2021). Wi-Fi HaLow for the Internet of Things: An up-to-date survey on IEEE 802.11ah research. Journal of Network and Computer Applications, 182. doi:10.1016/j.jnca.2021.103036.

Oughton, E. J., Lehr, W., Katsaros, K., Selinis, I., Bubley, D., & Kusuma, J. (2021). Revisiting Wireless Internet Connectivity: 5G vs Wi-Fi 6. Telecommunications Policy, 45(5), 102127. doi:10.1016/j.telpol.2021.102127.

Wu, C., Wang, B., Au, O. C., & Liu, K. J. R. (2022). Wi-Fi Can Do More: Toward Ubiquitous Wireless Sensing. IEEE Communications Standards Magazine, 6(2), 42–49. doi:10.1109/MCOMSTD.0001.2100111.

Chatzoglou, E., Kambourakis, G., & Kolias, C. (2022). How is your Wi-Fi connection today? DoS attacks on WPA3-SAE. Journal of Information Security and Applications, 64, 103058. doi:10.1016/j.jisa.2021.103058.

Karbasi, A. H., & Shahpasand, S. (2020). A post-quantum end-to-end encryption over smart contract-based blockchain for defeating man-in-the-middle and interception attacks. Peer-to-Peer Networking and Applications, 13(5), 1423–1441. doi:10.1007/s12083-020-00901-w.

Arisandia, D., Ahmad, N. M., & Kannan, S. (2022). A Detection Technique Using Dual Authentication Stages Framework for Rogue Access Point Identification. IOP Conference Series: Earth and Environmental Science, 1083(1). doi:10.1088/1755-1315/1083/1/012091.

Agyemang, J. O., Kponyo, J. J., Klogo, G. S., & Boateng, J. O. (2020). Lightweight rogue access point detection algorithm for WiFi-enabled Internet of Things(IoT) devices. Internet of Things (Netherlands), 11, 100200. doi:10.1016/j.iot.2020.100200.

Hu, J., Li, Y., Cui, Y., & Bu, L. (2021). A Technical Survey on Approaches for Detecting Rogue Access Points. Smart Innovation, Systems and Technologies, 190, 169–174. doi:10.1007/978-981-15-5697-5_20.

Hasan, Md. T., Hossain, Md. R., & Pathan, A.-S. K. (2021). Protecting Regular and Social Network Users in a Wireless Network by Detecting Rogue Access Point. Securing Social Networks in Cyberspace, 255–275, CRC Press, Boca Raton, United States. doi:10.1201/9781003134527-16.

Wofford, P. (2020). Rogue Access Points: The Threat to Public Wireless Networks. Master Thesis, Utica College, Utica, United States.

Khodadady, N. B. (2024). A Study on the Effectiveness of Offensive Wi-Fi Network Security Management. Ph.D. Thesis, Colorado Technical University, Colorado Springs, United States.

Lovinger, N., Gerlich, T., Martinasek, Z., & Malina, L. (2020). Detection of wireless fake access points. 2020 12th International Congress on Ultra-Modern Telecommunications and Control Systems and Workshops (ICUMT), 113–118. doi:10.1109/icumt51630.2020.9222455.

Kim, M., Kwon, S., Elmazi, D., Lee, J. H., Barolli, L., & Yim, K. (2020). A Technical Survey on Methods for Detecting Rogue Access Points. Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2019, Advances in Intelligent Systems and Computing, 994. Springer, Cham, Switzerland. doi:10.1007/978-3-030-22263-5_21.

Patel, K. C., & Patel, A. (2022). Taxonomy and Future Threat of Rogue Access Point for Wireless Network. Proceedings of the 2022 9th International Conference on Computing for Sustainable Global Development, INDIACom 2022, 679–688. doi:10.23919/INDIACom54597.2022.9763150.

Alyami, M., Alharbi, I., Zou, C., Solihin, Y., & Ackerman, K. (2022). WiFi-based IoT Devices Profiling Attack based on Eavesdropping of Encrypted WiFi Traffic. Proceedings - IEEE Consumer Communications and Networking Conference, CCNC, 385–392. doi:10.1109/CCNC49033.2022.9700674.

Satam, P., & Hariri, S. (2021). WIDS: An Anomaly Based Intrusion Detection System for Wi-Fi (IEEE 802.11) Protocol. IEEE Transactions on Network and Service Management, 18(1), 1077–1091. doi:10.1109/TNSM.2020.3036138.

Arisandi, D., Ahmad, N. M., & Kannan, S. (2021). The rogue access point identification: A model and classification review. Indonesian Journal of Electrical Engineering and Computer Science, 23(3), 1527–1537. doi:10.11591/ijeecs.v23.i3.pp1527-1537.

Coll, E. (2023). The OSI Layers and Protocol Stacks. Teracom Training Institute, Las Vegas, United States.

Jain, V., Laxmi, V., Gaur, M. S., & Mosbah, M. (2019). ETGuard: Detecting D2D attacks using wireless Evil Twins. Computers and Security, 83, 389–405. doi:10.1016/j.cose.2019.02.014.

Hsu, F. H., Hsu, Y. L., & Wang, C. S. (2019). A solution to detect the existence of a malicious rogue AP. Computer Communications, 142–143, 62–68. doi:10.1016/j.comcom.2019.03.013.

VanSickle, R., Abegaz, T., & Payne, B. (2019). Effectiveness of tools in identifying rogue access points on a wireless network. KSU Proceedings on Cybersecurity Education, Research and Practice, 5, 1-11.

Bodhe, A. S., Dhanrao, P., Sangle, A., & Jagdisha, N. (2020). Design secure WSN with advancement in finding rouge access point with soft computing tools. Advances in Parallel Computing, 37, 543–551. doi:10.3233/APC200200.

Jang, R., Kang, J., Mohaisen, A., & Nyang, D. (2020). Catch me if you can: Rogue access point detection using intentional channel interference. IEEE Transactions on Mobile Computing, 19(5), 1056–1071. doi:10.1109/TMC.2019.2903052.

Hsu, F. H., Wang, C. S., Ou, C. W., & Hsu, Y. L. (2020). A passive user-side solution for evil twin access point detection at public hotspots. International Journal of Communication Systems, 33(14), 1–16,. doi:10.1002/dac.4460.

Shrivastava, P., Jamal, M. S., & Kataoka, K. (2020). EvilScout: Detection and Mitigation of Evil Twin Attack in SDN Enabled WiFi. IEEE Transactions on Network and Service Management, 17(1), 89–102. doi:10.1109/TNSM.2020.2972774.

Lu, Q., Jiang, R., Ouyang, Y., Qu, H., & Zhang, J. (2020). BiRe: A client-side Bi-directional SYN reflection mechanism against multi-model evil twin attacks. Computers and Security, 88. doi:10.1016/j.cose.2019.101618.

Igarashi, K., Kato, H., & Sasase, I. (2021). Rogue Access Point Detection by Using ARP Failure under the MAC Address Duplication. 2021 IEEE 32nd Annual International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC), 1469–1474. doi:10.1109/pimrc50174.2021.9569473.

Bello, N., & Kanu, O. (2023). Penetration Testing of Gsm Network Using Man-in-the-Middle Attack. JES. Journal of Engineering Sciences, 0(0), 0–0. doi:10.21608/jesaun.2023.226718.1249.

Liu, P., Yang, P., Song, W. Z., Yan, Y., & Li, X. Y. (2019). Real-time Identification of Rogue WiFi Connections Using Environment-Independent Physical Features. Proceedings - IEEE INFOCOM, 190–198. doi:10.1109/INFOCOM.2019.8737455.

Lu, Q., Qu, H., Ouyang, Y., & Zhang, J. (2019). SLFAT: Client-Side Evil Twin Detection Approach Based on Arrival Time of Special Length Frames. Security and Communication Networks, 2718741. doi:10.1155/2019/2718741.

Kitisriworapan, S., Jansang, A., & Phonphoem, A. (2020). Client-side rogue access-point detection using a simple walking strategy and round-trip time analysis. Eurasip Journal on Wireless Communications and Networking, 252. doi:10.1186/s13638-020-01864-5.

Sankhe, K., Jaisinghani, D., & Chowdhury, K. (2020). CSIscan: Learning CSI for Efficient Access Point Discovery in Dense WiFi Networks. IEEE 28th International Conference on Network Protocols (ICNP), 1–12. doi:10.1109/icnp49622.2020.9259360.

Delgado, O., Kechtban, L., Lugan, S., & Macq, B. (2020). Passive and active wireless device secure identification. IEEE Access, 8, 83312–83320. doi:10.1109/ACCESS.2020.2991649.

Korolkov, R. Y., & Kutsak, S. V. (2021). Received-signal-strength-based approach for detection and 2D indoor localization of evil twin rogue access point in 802.11. International Journal of Safety and Security Engineering, 11(1), 13–20. doi:10.18280/ijsse.110102.

Lu, Q., Li, S., Zhang, J., & Jiang, R. (2022). PEDR: Exploiting phase error drift range to detect full-model rogue access point attacks. Computers and Security, 114, 102581. doi:10.1016/j.cose.2021.102581.

Kim, D., Shin, D., & Shin, D. (2018). Unauthorized Access Point Detection Using Machine Learning Algorithms for Information Protection. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 1876–1878. doi:10.1109/trustcom/bigdatase.2018.00284.

Yang, Z., Lu, Q., Zhang, H., Chen, F., & Xian, H. (2024). Eliminating Rogue Access Point Attacks in IoT: A Deep Learning Approach With Physical-Layer Feature Purification and Device Identification. IEEE Internet of Things Journal, 11(8), 14886–14900. doi:10.1109/JIOT.2023.3345378.

Liu, W., & Papadimitratos, P. (2024). Position-based Rogue Access Point Detection. Proceedings - 9th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2024, 436–442. doi:10.1109/EuroSPW61312.2024.00055.

Jing, W., Peng, L., Fu, H., & Hu, A. (2024). An Authentication Mechanism Based on Zero Trust With Radio Frequency Fingerprint for Internet of Things Networks. IEEE Internet of Things Journal, 11(13), 23683–23698. doi:10.1109/JIOT.2024.3385989.

Zhang, B., Zhang, T., Ma, Y., Xi, Z., He, C., Wang, Y., & Lv, Z. (2024). A Low-Latency Approach for RFF Identification in Open-Set Scenarios. Electronics, 13(2), 384. doi:10.3390/electronics13020384.

White, G. B., & Sjelin, N. (2022). The NIST Cybersecurity Framework. Research Anthology on Business Aspects of Cybersecurity, 39–55, IGI Global, Hershey, United States. doi:10.4018/978-1-6684-3698-1.ch003.

Selvarathinam, N. S., Dhar, A. K., & Biswas, S. (2019). Evil Twin Attack Detection using Discrete Event Systems in IEEE 802.11 Wi-Fi Networks. 2019 27th Mediterranean Conference on Control and Automation (MED), 316–321. doi:10.1109/med.2019.8798568.

Wang, J., Juarez, N., Kohm, E., Liu, Y., Yuan, J., & Song, H. (2019). Integration of SDR and UAS for Malicious Wi-Fi Hotspots Detection. 2019 Integrated Communications, Navigation and Surveillance Conference (ICNS), 1–8. doi:10.1109/icnsurv.2019.8735296.

Sofaer, R. J., David, Y., Kang, M., Yu, J., Cao, Y., Yang, J., & Nieh, J. (2024). RogueOne: Detecting Rogue Updates via Differential Data-flow Analysis Using Trust Domains. Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, 1–13. doi:10.1145/3597503.3639199.

Syafrizal, M., Selamat, S. R., & Zakaria, N. A. (2020). Analysis of Cybersecurity Standard and Framework Components. International Journal of Communication Networks and Information Security, 12(3), 417–432. doi:10.17762/ijcnis.v12i3.4817.

Taherdoost, H. (2022). Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview. Electronics (Switzerland), 11(14), 2181. doi:10.3390/electronics11142181.

Korolkov, R., Kutsak, S., & Voskoboinyk, V. (2021). Analysis of deauthentication attack in IEEE 802.11 networks and a proposal for its detection. Bulletin of VN Karazin Kharkiv National University, Series “Mathematical modeling. Information technology. Automated control systems”, 50, 59-71. doi:10.26565/2304-6201-2021-50-06.


Full Text: PDF

DOI: 10.28991/ESJ-2025-09-01-016

Refbacks

  • There are currently no refbacks.