Title: Recognizing Illegitimate Access Points Based on Static Features: a Case Study in a Campus Wifi Network

Issue Number: Vol. 8, No. 4
Year of Publication: Dec - 2019
Page Numbers: 279-291
Authors: Franklin Tchakounte, Michael Nakoe, Blaise Omer Yenke, Kalum Priyanath Udagepola
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002632


Wireless networks are useful to disseminate information across an institution. However, access points are often abandoned with vulnerable security protocols and the network is maliciously infiltrated by illegitimate access points called rogue access points. Research works dealing with the identification of rogue access points are limited to inaccurate information such as the strength of the signal and the communication channel. Indeed, the strength of the signal depends on the proximity to the access point. Each normal communication can be done on several channels; one cannot a priori determine a legitimate channel with such criteria. A reasoning based on two principles guided this research: the hacker needs to divert as many users as possible. For that, the security policy will be opened most of the time. In addition, since the administrator has an accurate view of the network, ad-hoc connections may reveal suspicion. This work proposes therefore an approach based additionally on the communication mode and the security protocol. Moreover, an experiment-based on wardriving reveals the Medium Access Control (MAC) address and the Service Set Identifier (SSID) as useful information for the identification of intruder access points. A test phase demonstrated that the proposed method can detect traces of intruder access points.