Detecting misbehaviour in WiFi using multi-layer metric data fusion

One of the main problems in open wireless networks is the inability of authenticating the identity of a wireless client or Access Point (AP). This issue is a concern because, a malicious entity could masquerade as the legal AP and entice a wireless client to establish a connection with a Rogue AP. Previous work by the authors has developed the algorithms used in this work but, in contrast to prior work, there was no analysis or experimentation with Rogue AP attacks. Our purpose in this work is to detect injection type of Rogue AP activity by identifying whether a frame is genuinely transmitted by the legal AP or not. To this end, an identity profile for the legal AP is built by fusing multi-layer metrics, using the Dempster-Shafer algorithm. The results show high detection results with low false alarms for detecting Rogue AP attacks without requiring configuration from an administrator. © 2013 IEEE.