PRAPD: A novel received signal strength–based approach for practical rogue access point detection

Rogue access point attack is one of the most important security threats for wireless local networks and has attracted great attention from both academia and industry. Utilizing received signal strength information is an effective solution to detect rogue access points. However, the received signal strength information is formed by multi-dimensional received signal strength vectors that are collected by multiple sniffers, and these received signal strength vectors are inevitably lacking in some dimensions due to the limited wireless transmission range and link instability. This will result in high false alarm rate for rogue access point detection. To solve this issue, we propose a received signal strength–based practical rogue access point detection approach, considering missing received signal strength values in received signal strength vectors collected in practical environment. First, we present a preprocessing scheme for received signal strength vectors, eliminating missing values by means of data filling, filtering, and averaging. Then, we perform clustering analysis on the received signal strength vectors, where we design a distance measurement method that dynamically uses partial components in received signal strength vectors to minimize the distance deviation due to missing values. Finally, we conduct the experiments to evaluate the performance of the practical rogue access point detection. The results demonstrate that the practical rogue access point detection can significantly reduce the false alarm rate while ensuring a high detection rate.