HYBRID DETECTION OF UNAUTHORIZED ACCESS POINTS IN WIRELESS NETWORKS
DOI:
https://doi.org/10.28925/2663-4023.2026.33.1245Keywords:
Wi-Fi cybersecurity, IEEE 802.11, Rogue AP, Evil Twin, RF fingerprinting, spatial localization, RSSI, TDoA, anomaly detection, source attribution.Abstract
The paper proposes a hybrid method for spatial-network discovery and attribution of rogue access points in IEEE 802.11 Wi-Fi environment, combining radio-frequency fingerprinting of transmitters with behavioral analysis of management and data frames. The research aims to improve the accuracy of detecting Evil Twin, Rogue AP and MAC-spoofing attacks and spatial localization of signal sources under multipath propagation and deliberate evasion. The methodology integrates signal propagation models, statistical analysis of monitor-mode frames, ensemble classification based on Random Forest and LightGBM, and hybrid positioning using RSSI + TDoA with radio map correction. The method is validated on the UJIIndoorLoc dataset and a proprietary test sample collected via Kismet sensors, Wireshark analyzer, and the Aircrack-ng software suite. Experimental results demonstrate F1-score of 0.964, AUC of 0.972, and a mean localization error of 1.82 m, which is 1.6-2.7 times more accurate than known baseline methods. The mean time to detection (MTTD) is reduced by an average of 38% compared to signature-based analysis. The results are applicable to critical information infrastructure protection, corporate SIEM/SOAR systems, and situational awareness subsystems.
Downloads
References
IEEE. (2021). IEEE Std 802.11-2020: IEEE standard for information technology—Telecommunications and information exchange between systems local and metropolitan area networks—Specific requirements—Part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE. https://doi.org/10.1109/IEEESTD.2021.9363693
Frankel, S., Eydt, B., Owens, L., & Scarfone, K. (2007). Establishing wireless robust security networks: A guide to IEEE 802.11i (NIST Special Publication 800-97). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-97
Souppaya, M., & Scarfone, K. (2012). Guidelines for securing wireless local area networks (WLANs) (NIST Special Publication 800-153). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-153
Souppaya, M., & Scarfone, K. (2008). Guide to securing legacy IEEE 802.11 wireless networks (NIST Special Publication 800-48 Revision 1). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-48r1
Soltanieh, N., Norouzi, Y., Yang, Y., & Karmakar, N. C. (2020). A review of radio frequency fingerprinting techniques. IEEE Journal of Radio Frequency Identification, 4(3), 222–233. https://doi.org/10.1109/JRFID.2020.2968369
Sankhe, K., Belgiovine, M., Zhou, F., Riyaz, S., Ioannidis, S., & Chowdhury, K. (2019). ORACLE: Optimized radio classification through convolutional neural networks. In 2019 IEEE Conference on Computer Communications (INFOCOM) (pp. 370–378). IEEE. https://doi.org/10.1109/INFOCOM.2019.8737463
Aminanto, M. E., Choi, R., Tanuwidjaja, H. C., Yoo, P. D., & Kim, K. (2018). Deep abstraction and weighted feature selection for Wi-Fi impersonation detection. IEEE Transactions on Information Forensics and Security, 13(3), 621–636. https://doi.org/10.1109/TIFS.2017.2762828
Kolias, C., Kambourakis, G., Stavrou, A., & Gritzalis, S. (2016). Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset. IEEE Communications Surveys & Tutorials, 18(1), 184–208. https://doi.org/10.1109/COMST.2015.2402161
Zafari, F., Gkelias, A., & Leung, K. K. (2019). A survey of indoor localization systems and technologies. IEEE Communications Surveys & Tutorials, 21(3), 2568–2599. https://doi.org/10.1109/COMST.2019.2911558
Kotaru, M., Joshi, K., Bharadia, D., & Katti, S. (2015). SpotFi: Decimeter level localization using WiFi. ACM SIGCOMM Computer Communication Review, 45(4), 269–282. https://doi.org/10.1145/2829988.2787487
Vanhoef, M., & Piessens, F. (2017). Key reinstallation attacks: Forcing nonce reuse in WPA2. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1313–1328). ACM. https://doi.org/10.1145/3133956.3134027
Restuccia, F., D’Oro, S., Al-Shawabka, A., Belgiovine, M., Angioloni, L., Ioannidis, S., Chowdhury, K., & Melodia, T. (2019). DeepRadioID: Real-time channel-resilient optimization of deep learning-based radio fingerprinting algorithms. In Proceedings of the 20th ACM International Symposium on Mobile Ad Hoc Networking and Computing (pp. 51–60). ACM. https://doi.org/10.1145/3323679.3326503
Vanhoef, M., & Ronen, E. (2020). Dragonblood: Analyzing the Dragonfly handshake of WPA3 and EAP-pwd. In 2020 IEEE Symposium on Security and Privacy (pp. 517–533). IEEE. https://doi.org/10.1109/SP40000.2020.00031
De Almeida Braga, D., Fouque, P.-A., & Sabt, M. (2020). Dragonblood is still leaking: Practical cache-based side-channel in the wild. In Annual Computer Security Applications Conference (pp. 291–303). ACM. https://doi.org/10.1145/3427228.3427295
Chatzoglou, E., Kambourakis, G., & Kolias, C. (2022). How is your Wi-Fi connection today? DoS attacks on WPA3-SAE. Journal of Information Security and Applications, 64, 103058. https://doi.org/10.1016/j.jisa.2021.103058
Tareef, A., Allawi, Y. M., Alkasasbeh, A. A., Abadleh, A., Alamro, W., Alghamdi, M., Zreikat, A. I., & Kang, H. (2025). A machine learning approach for detecting WPA3 downgrade attacks in next-generation Wi-Fi systems. PLOS ONE, 20(9), e0331443. https://doi.org/10.1371/journal.pone.0331443
Wang, Y., Xiu, C., Zhang, X., & Yang, D. (2018). WiFi indoor localization with CSI fingerprinting-based random forest. Sensors, 18(9), 2869. https://doi.org/10.3390/s18092869
Dai, J., Wang, M., Wu, B., Shen, J., & Wang, X. (2023). A survey of latest Wi-Fi-assisted indoor positioning on different principles. Sensors, 23(18), 7961. https://doi.org/10.3390/s23187961
Sun, G., Chen, J., Guo, W., & Liu, K. J. R. (2005). Signal processing techniques in network-aided positioning: A survey of state-of-the-art positioning designs. IEEE Signal Processing Magazine, 22(4), 12–23. https://doi.org/10.1109/MSP.2005.1458273
Ma, Y., Zhou, G., & Wang, S. (2019). WiFi sensing with channel state information: A survey. ACM Computing Surveys, 52(3), Article 46. https://doi.org/10.1145/3310194
Li, X., Wang, J., Liu, C., Zhang, Y., & Wu, Z. (2018). Device-free Wi-Fi indoor localization using channel state information and machine learning. Sensors, 18(11), 3968. https://doi.org/10.3390/s18113968
Yang, Z., Wu, C., & Liu, Y. (2012). Locating in fingerprint space: Wireless indoor localization with little human intervention. In Proceedings of the 18th Annual International Conference on Mobile Computing and Networking (pp. 269–280). ACM. https://doi.org/10.1145/2348543.2348578
He, S., & Chan, S.-H. G. (2016). Wi-Fi fingerprint-based indoor positioning: Recent advances and comparisons. IEEE Communications Surveys & Tutorials, 18(1), 466–490. https://doi.org/10.1109/COMST.2015.2464084
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Дмитро Прокопович-Ткаченко, Юлія Хохлачова, Валерій Магро, Давид Черкаський, Данило Переметчик
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
