Anomaly-Based Detection of Rogue Access Points in High-Risk Network Infrastructures
摘要
This article presents a comprehensive and scalable system for the detection and mitigation of Rogue Access Points (APs) in Wi-Fi networks, addressing a significant security risk in distributed infrastructures. The proposed solution integrates multiple analytical layers, including passive and active traffic analysis, anomaly detection (Isolation Forest, One-Class SVM), supervised machine learning (Random Forest, XGBoost), and explainable artificial intelligence (XAI) mechanisms. A local whitelist is used for initial verification, with unknown devices triggering advanced analysis. Detected threats generate alerts via Snort and are logged and visualized in real time using OpenSearch and a lightweight browser plugin. Unlike previous approaches, this system combines detection with automated response, real-time stream analytics, and interpretable decision-making within a unified architecture. Experimental results in real-world conditions demonstrate over 95% detection accuracy and strong resilience to false positives. The solution shows high potential for deployment in high-risk, dynamic wireless network environments.