Catch me if you can: Rogue access point detection using intentional channel interference

Rhongho Jang, Jeonil Kang, Aziz Mohaisen, Daehun Nyang

Research output: Contribution to journalArticlepeer-review

15 Scopus citations


In this paper, we introduce a powerful hardware-based rogue access point (PrAP), which can relay back and forth traffic between a legitimate AP and a wireless station, and act as a man-in-the-middle attacker. Our PrAP is built of two dedicated wireless routers interconnected physically, and can relay traffic rapidly between a station and a legitimate AP. Through experiments, we demonstrate that the state-of-the-art time-based rogue AP (rAP) detectors cannot detect our PrAP, although perhaps effective against software-based rAP. In demonstrating that, we unveil new insight into fundamentals of time-based detectors for software-based rAPs and their operation: such techniques are only capable of detecting rAPs due to the speed of wireless AP bridging. To address the threat of such PrAPs, we propose a new tool for network administrators, a PrAP-Hunter based on intentional channel interference. Our PrAP-Hunter is highly accurate, even under heavy traffic scenarios. Using a high-performance (desktop) and low-performance (mobile phone) experimental setups of our PrAP-Hunter in various deployment scenarios, we demonstrate close to 100 percent of detection rate, compared to 60 percent detection rate by the state-of-the-art. We show that our PrAP-Hunter is fast (takes 5-10 seconds), does not require any prior knowledge, and can be deployed in the wild by real-world experiments at 10 coffee shops.

Original languageEnglish
Article number8658163
Pages (from-to)1056-1071
Number of pages16
JournalIEEE Transactions on Mobile Computing
Issue number5
StatePublished - 1 May 2020

Bibliographical note

Publisher Copyright:
© 2002-2012 IEEE.


  • Channel interference
  • Ieee 802.11n
  • Intrusion detection
  • Rogue ap
  • Wireless lan


Dive into the research topics of 'Catch me if you can: Rogue access point detection using intentional channel interference'. Together they form a unique fingerprint.

Cite this