Title
Anomaly-Based Detection of Rogue Access Points in High-Risk Network Infrastructures
Authors
[ 1 ] Wydział Techniczny, Akademia im. Jakuba z Paradyża | [ P ] employee
Scientific discipline (Law 2.0)
[2.3] Information and communication technology[2.9] Mechanical engineering
Year of publication
2025
Chapter type
chapter in monograph / paper
Publication language
english
Keywords
EN
- Wi-Fi anomaly detection
- machine learning
- Rogue AP
Abstract
EN This article presents a comprehensive and scalable system for the detection and mitigation of Rogue Access Points (APs) in Wi-Fi networks, addressing a significant security risk in distributed infrastructures. The proposed solution integrates multiple analytical layers, including passive and active traffic analysis, anomaly detection (Isolation Forest, One-Class SVM), supervised machine learning (Random Forest, XGBoost), and explainable artificial intelligence (XAI) mechanisms. A local whitelist is used for initial verification, with unknown devices triggering advanced analysis. Detected threats generate alerts via Snort and are logged and visualized in real time using OpenSearch and a lightweight browser plugin. Unlike previous approaches, this system combines detection with automated response, real-time stream analytics, and interpretable decision-making within a unified architecture. Experimental results in real-world conditions demonstrate over 95% detection accuracy and strong resilience to false positives. The solution shows high potential for deployment in high-risk, dynamic wireless network environments.
Date of online publication
12.10.2025
Pages (from - to)
15 - 28
Ministry points / chapter
20
Ministry points / conference (CORE)
140
This website works thanks to the software SINUS
created by Poznan Supercomputing and Networking Center
Log in to submit to SIS: