<![CDATA[Rogue Access Points (RAPs) pose a significant security threat by mimicking legitimate Wi-Fi networks and potentially compromising sensitive data. To address this issue, this research has proposed an innovative mechanism called Invisible Scout, which uses a multi-module system to identify RAPs. This study aimed to develop and validate a mechanism capable of accurately detecting RAPs in controlled setups, real-world environments, and under de-authentication attack scenarios. The proposed system consists of four key modules: sniffer, detection, probing, and comparison. To evaluate its effectiveness, tests were conducted in controlled and open environments and under de-authentication scenarios, using decision tree models and various metrics to assess performance. The decision tree model showed promising results in the controlled setup, achieving an Area Under the Curve (AUC) score of 0.921 and classification accuracy (CA) of 0.875, indicating that the model effectively distinguished between legitimate access points and RAPs. When tested in an open environment, the model's performance improved, achieving an AUC score of 0.952 and a CA of 0.994. Furthermore, under a de-authentication attack, the model achieved an AUC score of 0.955 and a CA of 0.996. To gain a deeper understanding of RAP behaviors, linear regression analysis was conducted, revealing patterns and visualizing the existence of RAPs, which could assist in further analysis. In conclusion, the results demonstrated that the proposed mechanism was highly effective in identifying RAPs. Future research should focus on refining the detection mechanism, incorporating real-time response capabilities, and expanding testing to diverse network scenarios. Doi: 10.28991/ESJ-2025-09-01-016 Full Text: PDF]]>
