Rogue Access Point Detection by Analyzing Network Traffic Characteristics

One of the most challenging network security concerns for network administrators is the presence of rogue access points. Rogue access points, if undetected, can be an open door to sensitive information on the network. Many data raiders have taken advantage of the undetected rogue access points in enterprises to not only get free Internet access, but also to view confidential information. Most of the current solutions to detect rouge access points are not automated and are dependent on a specific wireless technology. In this paper, we present a rogue access point detection approach. The approach is an automated solution which can be installed on any router at the edge of a network. The main premise of our approach is to distinguish authorized WLAN hosts from unauthorized WLAN hosts connected to rogue access points by analyzing traffic characteristics at the edge of a network. Simulation results verify the effectiveness of our approach in detecting rogue access points in a heterogeneous network comprised of wireless and wired subnets.