Detecting rogue access points using client-side bottleneck bandwidth analysis

A rogue access point (AP) is an unauthorized AP plugged into a network. This poses a serious security threat. To detect an AP, a network manager traditionally takes the electric wave sensor across an entire protected place. This task is very labor-intensive and inefficient. This study presents a new AP detection method without extra hardware or hard work. This new method determines whether the network packets of an IP address are routed from APs, according to client-side bottleneck bandwidth. The network manager can perform his job from his office by monitoring the packets passing through the core switch. The accuracies remain above 99% when the parameter, sliding window size, of the proposed algorithm is larger than 20, according to experimental results. The proposed method effectively reduces the network manager's workload, and increases network security.