Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Position-based Rogue Access Point Detection

Wenjie Liu, Panos Papadimitratos

TL;DR

This work tackles rogue Wi‑Fi AP detection by exploiting position inconsistencies using indoor Wi‑Fi positioning. It introduces a RAIM‑inspired framework with two components: subset generation of RSSI‑based measurements and position validation via a Gaussian‑mixture fusion to detect rogue-involved subsets. Experiments on a real-world dataset with three attack types show superior rogue detection and exclusion performance compared to clustering and anomaly-detection baselines, improving subsequent position recovery. The approach is hardware-agnostic and compatible with common Wi‑Fi positioning methods, enabling practical deployment in mobile devices and network operations.

Abstract

Rogue Wi-Fi access point (AP) attacks can lead to data breaches and unauthorized access. Existing rogue AP detection methods and tools often rely on channel state information (CSI) or received signal strength indicator (RSSI), but they require specific hardware or achieve low detection accuracy. On the other hand, AP positions are typically fixed, and Wi-Fi can support indoor positioning of user devices. Based on this position information, the mobile platform can check if one (or more) AP in range is rogue. The inclusion of a rogue AP would in principle result in a wrong estimated position. Thus, the idea to use different subsets of APs: the positions computed based on subsets that include a rogue AP will be significantly different from those that do not. Our scheme contains two components: subset generation and position validation. First, we generate subsets of RSSIs from APs, which are then utilized for positioning, similar to receiver autonomous integrity monitoring (RAIM). Second, the position estimates, along with uncertainties, are combined into a Gaussian mixture, to check for inconsistencies by evaluating the overlap of the Gaussian components. Our comparative analysis, conducted on a real-world dataset with three types of attacks and synthetic RSSIs integrated, demonstrates a substantial improvement in rogue AP detection accuracy.

Position-based Rogue Access Point Detection

TL;DR

This work tackles rogue Wi‑Fi AP detection by exploiting position inconsistencies using indoor Wi‑Fi positioning. It introduces a RAIM‑inspired framework with two components: subset generation of RSSI‑based measurements and position validation via a Gaussian‑mixture fusion to detect rogue-involved subsets. Experiments on a real-world dataset with three attack types show superior rogue detection and exclusion performance compared to clustering and anomaly-detection baselines, improving subsequent position recovery. The approach is hardware-agnostic and compatible with common Wi‑Fi positioning methods, enabling practical deployment in mobile devices and network operations.

Abstract

Rogue Wi-Fi access point (AP) attacks can lead to data breaches and unauthorized access. Existing rogue AP detection methods and tools often rely on channel state information (CSI) or received signal strength indicator (RSSI), but they require specific hardware or achieve low detection accuracy. On the other hand, AP positions are typically fixed, and Wi-Fi can support indoor positioning of user devices. Based on this position information, the mobile platform can check if one (or more) AP in range is rogue. The inclusion of a rogue AP would in principle result in a wrong estimated position. Thus, the idea to use different subsets of APs: the positions computed based on subsets that include a rogue AP will be significantly different from those that do not. Our scheme contains two components: subset generation and position validation. First, we generate subsets of RSSIs from APs, which are then utilized for positioning, similar to receiver autonomous integrity monitoring (RAIM). Second, the position estimates, along with uncertainties, are combined into a Gaussian mixture, to check for inconsistencies by evaluating the overlap of the Gaussian components. Our comparative analysis, conducted on a real-world dataset with three types of attacks and synthetic RSSIs integrated, demonstrates a substantial improvement in rogue AP detection accuracy.
Paper Structure (24 sections, 8 equations, 5 figures, 1 table)

This paper contains 24 sections, 8 equations, 5 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related Work
  3. Rogue Wi-Fi AP Detection
  4. RAIM for GNSS Spoofing
  5. System Model and Adversary
  6. System Model
  7. Adversary
  8. Proposed Scheme
  9. Subset Generation
  10. Sampling Strategy for Subsets
  11. Fingerprint-based Positioning
  12. Distance-based Positioning
  13. Position Validation
  14. Rogue AP Exclusion
  15. Experiments
  16. ...and 9 more sections

Figures (5)

  • Figure 1: System and adversary model. For example, the mobile Wi-Fi client in the dashed yellow circle can locate itself using the subsets of four from in range; the subset containing the rogue would be inconsistent.
  • Figure 2: System overview of position-based rogue detection.
  • Figure 3: The distribution of the dataset.
  • Figure 4: Detection and exclusion $P_\text{TP}$ of the proposed and baseline methods. \ref{['hwplot1']} is detection and \ref{['hwplot2']} is exclusion performance for our scheme; \ref{['hwplot3']} for the clustering-based detection and \ref{['hwplot4']} for ECOD-based detection.
  • Figure 5: An illustration of the positioning results before (i.e., original) and after (i.e., proposed) exclusion.