Rogue Access Point Detection on Wireless Networks Using RTT Analysis and K-means
Article Sidebar
Main Article Content
Abstract
While the rapid expansion of WLAN technology facilitates daily life, it has simultaneously increased cybersecurity risks, particularly from Rogue Access Points (RAP) using the IEEE 802.11 standard. This vulnerability exposes users to Man-in-the-Middle (MitM) attacks and data theft. This research investigates these threats using experimental and statistical methods. Utilizing the K-means algorithm on real-world data, the proposed model identifies malicious access points with 99.7% accuracy. Finally, the study offers actionable guidelines to strengthen network security for both individuals and organizations.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Copyright @2021 Engineering Transactions: A Research Publication of Mahanakorn University of Technology
Faculty of Engineering and Technology
Mahanakorn University of Technology
References
U.S. Department of Defense; FBI; NSA; CISA, “Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations,” Joint Cybersecurity Advisory, Feb. 27, 2024. [Online].Available:https://media.defense.gov/2024/Feb/27/2003400753. [Accessed: Sep. 21, 2025].
Cybersecurity and Infrastructure Security Agency (CISA), “CISA, NSA, FBI and International Partners Publish Guide: Protecting Communications Infrastructure,” News Release, Dec. 3, 2024. [Online]. Available: https://www.cisa.gov/news-events/news/cisa-nsa-fbi-and-international-partners-publish-guide-protecting-communications-infrastructure. [Accessed: Sep. 21, 2025].
K. C. Patel and A. Patel, "Rogue Access Point: The WLAN Threat," in Proc. 2023 International Conference on Computing, Communication, and Intelligent Systems (ICCCIS), 2023, pp. 1-6. doi: 10.1109/ICCCIS56430.2022.10037591.
T. Ueda, A. Saif, S. Miyata, M. Nakahara, and A. Kubota, "A Client-Side Evil-Twin Attack Detection System with Threshold Considering Traffic Load," in Proc. 2023 IEEE 13th International Conference on Consumer Electronics - Berlin (ICCE-Berlin), 2023, pp. 1-5. doi: 10.1109/ICCE-BERLIN58801.2023.10375616.
K. Murugesan, K. K. Thangadorai, and V. N. Muralidhara, "PoEx: Proof of Existence for Evil Twin Attack Prevention in Wi-Fi Personal Networks," in Proc. 2021 8th International Conference on Future Internet of Things and Cloud (FiCloud), 2021, pp. 1-7. doi: 10.1109/FiCloud49777.2021.00021.
M. Vanhoef and F. Piessens, “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2,” in Proc. 2017 ACM SIGSAC Conf. on Computer and Communications Security (CCS), 2017, pp. 1313–1328. doi: 10.1145/3133956.3134027.
M. Vanhoef and E. Ronen, “Dragonblood: A Security Analysis of WPA3’s SAE Handshake,” 2019. [Online]. Available: https://wpa3.mathyvanhoef.com. [Accessed: Sep. 21, 2025].
CERT Coordination Center (US-CERT), “WiFi Protected Setup (WPS) PIN brute force vulnerability,” Vulnerability Note VU#723755, Dec. 27, 2011. [Online]. Available: https://www.kb.cert.org/vuls/id/723755. [Accessed: Sep. 21, 2025].
L. M. Zahavi, "A Technical Survey on Approaches for Detecting Rogue Access Points," Digital Commons Montclair, 2023.[Online].Available:https://digitalcommons.montclair.edu/etd/1326/. [Accessed: Sep. 01, 2024].
ResearchGate, “Research on evil-twin, captive-portal attacks and mitigation (e.g., EvilScout, statistical detection),” n.d. [Online]. Available: https://www.researchgate.net. [Accessed: Sep. 21, 2025].
"What is Rogue Access Point? Protecting Against Cyber Infiltrators," ReasonLabs Cyberpedia. [Online]. Available: https://cyberpedia.reasonlabs.com/EN/rogue%20access%20point%20detection.html. [Accessed: Sep. 01, 2024].
Help Net Security, “94% of Wi-Fi networks lack protection against deauthentication attacks,” Mar. 14, 2025. [Online].Available:https://www.helpnetsecurity.com/2025/03/14/wi-fi-networks-deauthentication-attacks/. [Accessed: Sep. 21, 2025].
E. B. Blancaflor, F. D. C. Magno, C. I. S. Monteloyola, and L. A. T. Ogaya, "The Elusive Enigma: Unraveling Rogue Wi-Fi’s Chessboard of Deception with Man in the Middle Mastery and Rogue Access Point Intrigue," in Proc. III International Conference on Electrical, Computer and Energy Technologies (ICECET), 2023, pp. 1-8. doi: 10.1109/ICECET2023.2023.1234567.
"Wi-Fi Experiment at RSAC 2017 Reveals Shocking Stats," Help Net Security, Feb. 24, 2017. [Online]. Available: https://www.helpnetsecurity.com/2017/02/24/wifi-experiment-rsac-2017/. [Accessed: Sep. 01, 2024].
R. Maayah, A. Abadleh, and E. Al-Subehat, "Analysis of RSS Patterns to Detect Rogue Access Points," in Proc. 2022 International Conference on Emerging Trends in Computing and Engineering Applications (ETCEA), 2022, pp. 1-5. doi: 10.1109/ETCEA57049.2022.10009667.
S. Kitisriworapan, A. Jansang, and A. Phonphoem, "Client-side rogue access-point detection using a simple walking strategy and round-trip time analysis," EURASIP Journal on Wireless Communications and Networking, vol. 2020, no. 1, pp. 1-24, 2020. doi: 10.1186/s13638-020-01745-4.
Z. Yang, Q. Lu, H. Zhang, F. Chen, and H. Xian, "Eliminating Rogue Access Point Attacks in IoT: A Deep Learning Approach With Physical-Layer Feature Purification and Device Identification," IEEE Internet of Things Journal, vol. 11, no. 8, pp. 14886-14899, 2024. doi: 10.1109/JIOT.2023.3345378.
M. Souppaya and K. Scarfone, "Guidelines for Securing Wireless Local Area Networks (WLANs)," NIST SP 800-153, Feb. 2012. doi: 10.6028/NIST.SP.800-153. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-153.pdf. [Accessed: Sep. 21, 2025].
J. W. Tukey, Exploratory Data Analysis. Addison-Wesley, 1977. [Online]. Available: NIST/SEMATECH e-Handbook of Statistical Methods: Data Cleaning & Exploratory Data Analysis, National Institute of Standards and Technology.
