An empirical fingerprint framework to detect Rogue Access Points


The aim of this paper is to detect Rogue Access Points (RAPs) that clone some of the characteristics of nearby legitimate Access Points (APs). A new passive approach that takes advantage of the first frame that the RAP sends (i.e, Beacon Frame (BF)) when it is planted in the Wireless Local Area Network (WLAN) is proposed. We apply the proposed fingerprint to detect RAPs to evaluate the fingerprint effectiveness. The proposed framework examines every beacon frame size, and compares it with a threshold value.

The technique is implemented on a commercially available Wireless Network Interface Controller (WNIC) to evaluate its accuracy. The detection algorithm achieves 100 percent accuracy to determine the RAPs in a lightly loaded traffic environment. The detection time can be taken in approximately 100 ms and is scanned in real-time setting. The robustness and the efficiency of the detection algorithm are examined in two different locations.