{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:55:02Z","timestamp":1777496102377,"version":"3.51.4"},"reference-count":42,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2020,12,1]],"date-time":"2020-12-01T00:00:00Z","timestamp":1606780800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,12,11]],"date-time":"2020-12-11T00:00:00Z","timestamp":1607644800000},"content-version":"vor","delay-in-days":10,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100005621","name":"Kasetsart University Research and Development Institute","doi-asserted-by":"publisher","award":["Ref.2017\/2560: P-Y(D)144.60."],"award-info":[{"award-number":["Ref.2017\/2560: P-Y(D)144.60."]}],"id":[{"id":"10.13039\/501100005621","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Wireless Com Network"],"published-print":{"date-parts":[[2020,12]]},"abstract":"Abstract<\/jats:title>Traditional rogue access-point (AP) detection mechanisms are employed in network administration to protect network infrastructure and organization; however, these mechanisms do not protect end users from connecting to a rogue-AP. In this paper, a rogue-AP detection technique on the mobile-user side is proposed. By using a simple method involving walking, the round-trip time (RTT) and the modulation and coding scheme values are obtained, and a more accurate transmission rate for particular RTT values is thereby calculated. Further, the cleansed data are classified using the k-means method and the cumulative distribution function for the detection process. The results demonstrate that a rogue-AP can be detected with an F-measure value of up to 0.9. In the future, the proposed algorithm can be implemented as an application installed on mobile devices so that nontechnical users can detect rogue-APs.<\/jats:p>","DOI":"10.1186\/s13638-020-01864-5","type":"journal-article","created":{"date-parts":[[2020,12,11]],"date-time":"2020-12-11T12:18:49Z","timestamp":1607689129000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Client-side rogue access-point detection using a simple walking strategy and round-trip time analysis"],"prefix":"10.1186","volume":"2020","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9296-9094","authenticated-orcid":false,"given":"Songrit","family":"Kitisriworapan","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8592-2551","authenticated-orcid":false,"given":"Aphirak","family":"Jansang","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1824-1836","authenticated-orcid":false,"given":"Anan","family":"Phonphoem","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,12,11]]},"reference":[{"key":"1864_CR1","doi-asserted-by":"crossref","unstructured":"N. Borisov, I. Goldberg, D. Wagner, Intercepting mobile communications: the insecurity of 802.11, in Proceedings of the 7th Annual International Conference on Mobile Computing and Networking (ACM, 2001), pp. 180\u2013189","DOI":"10.1145\/381677.381695"},{"key":"1864_CR2","doi-asserted-by":"publisher","unstructured":"E. Tews, M. Beck, Practical attacks against WEP and WPA, in Proceedings of the Second ACM Conference on Wireless Network Security. WiSec \u201909 (ACM, New York, NY, USA, 2009), pp. 79\u201386. https:\/\/doi.org\/10.1145\/1514274.1514286","DOI":"10.1145\/1514274.1514286"},{"key":"1864_CR3","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1016\/j.cose.2017.12.009","volume":"74","author":"O Nakhila","year":"2018","unstructured":"O. Nakhila, M.F. Amjad, E. Dondyk, C. Zou, Gateway independent user-side wi-fi Evil Twin Attack detection using virtual wireless clients. Comput. Secur. 74, 41\u201354 (2018). https:\/\/doi.org\/10.1016\/j.cose.2017.12.009","journal-title":"Comput. Secur."},{"key":"1864_CR4","unstructured":"I.W. Group, et al., Part 11: wireless LAN medium access control (MAC) and physical layer (PHY) specifications: higher-speed physical layer extension in the 2.4 GHz band. ANSI\/IEEE Std 802.11 (1999)"},{"issue":"2","key":"1864_CR5","first-page":"34","volume":"1","author":"V Kumkar","year":"2012","unstructured":"V. Kumkar, A. Tiwari, P. Tiwari, A. Gupta, S. Shrawne, Vulnerabilities of Wireless Security protocols (WEP and WPA2). Int. J. Adv. Res. Comput. Eng. Technol. IJARCET 1(2), 34 (2012)","journal-title":"Int. J. Adv. Res. Comput. Eng. Technol. IJARCET"},{"key":"1864_CR6","unstructured":"Aircrack-ng: Aircrack-ng is a complete suite of tools to assess WiFi network security (2018). https:\/\/www.aircrack-ng.org"},{"issue":"6","key":"1864_CR7","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1109\/MCOM.2004.1304248","volume":"42","author":"P Knight","year":"2004","unstructured":"P. Knight, C. Lewis, Layer 2 and 3 virtual private networks: taxonomy, technology, and standardization efforts. IEEE Commun. Mag. 42(6), 124\u2013131 (2004). https:\/\/doi.org\/10.1109\/MCOM.2004.1304248","journal-title":"IEEE Commun. Mag."},{"key":"1864_CR8","unstructured":"E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.3 (2018). https:\/\/tools.ietf.org\/html\/rfc8446"},{"key":"1864_CR9","unstructured":"Frankel, Krishnan, IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap (2011). https:\/\/tools.ietf.org\/html\/rfc6071"},{"key":"1864_CR10","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2017.12.011","volume":"74","author":"A Bartoli","year":"2018","unstructured":"A. Bartoli, E. Medvet, F. Onesti, Evil twins and WPA2 enterprise: a coming security disaster? Comput. Secur. 74, 1\u201311 (2018). https:\/\/doi.org\/10.1016\/j.cose.2017.12.011","journal-title":"Comput. Secur."},{"issue":"5","key":"1864_CR11","doi-asserted-by":"publisher","first-page":"1056","DOI":"10.1109\/TMC.2019.2903052","volume":"19","author":"R Jang","year":"2019","unstructured":"R. Jang, J. Kang, A. Mohaisen, D. Nyang, Catch me if you can: Rogue access point detection using intentional channel interference. IEEE Trans. Mob. Comput. 19(5), 1056\u20131071 (2019)","journal-title":"IEEE Trans. Mob. Comput."},{"key":"1864_CR12","doi-asserted-by":"publisher","unstructured":"Y. Song, C. Yang, G. Gu, Who is peeping at your passwords at starbucks? 2014; to catch an evil twin access point, in 2010 IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 323\u2013332 (2010). https:\/\/doi.org\/10.1109\/DSN.2010.5544302","DOI":"10.1109\/DSN.2010.5544302"},{"issue":"5","key":"1864_CR13","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1109\/MSP.2011.75","volume":"9","author":"R Beyah","year":"2011","unstructured":"R. Beyah, A. Venkataraman, Rogue-access-point detection: challenges, solutions, and future directions. IEEE Secur. Priv. 9(5), 56\u201361 (2011)","journal-title":"IEEE Secur. Priv."},{"issue":"1","key":"1864_CR14","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/j.jnca.2012.09.004","volume":"36","author":"H-J Liao","year":"2013","unstructured":"H.-J. Liao, C.-H.R. Lin, Y.-C. Lin, K.-Y. Tung, Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16\u201324 (2013). https:\/\/doi.org\/10.1016\/j.jnca.2012.09.004","journal-title":"J. Netw. Comput. Appl."},{"issue":"5","key":"1864_CR15","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1109\/TDSC.2014.2369033","volume":"12","author":"SV Radhakrishnan","year":"2015","unstructured":"S.V. Radhakrishnan, A.S. Uluagac, R. Beyah, GTID: a technique for physical device and device type fingerprinting. IEEE Trans. Depend. Secure Comput. 12(5), 519\u2013532 (2015). https:\/\/doi.org\/10.1109\/TDSC.2014.2369033","journal-title":"IEEE Trans. Depend. Secure Comput."},{"issue":"2","key":"1864_CR16","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1145\/1330332.1330334","volume":"11","author":"CD Mano","year":"2008","unstructured":"C.D. Mano, A. Blaich, Q. Liao, Y. Jiang, D.A. Cieslak, D.C. Salyers, A. Striegel, RIPPS: rogue identifying packet payload slicer detecting unauthorized wireless hosts through network traffic conditioning. ACM Trans. Inf. Syst. Secur. 11(2), 2\u20131223 (2008). https:\/\/doi.org\/10.1145\/1330332.1330334","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"1864_CR17","doi-asserted-by":"crossref","unstructured":"V. Roth, W. Polak, E. Rieffel, T. Turner, Simple and effective defense against evil twin access points, in Proceedings of the First ACM Conference on Wireless Network Security (ACM, 2008), pp. 220\u2013235","DOI":"10.1145\/1352533.1352569"},{"key":"1864_CR18","doi-asserted-by":"crossref","unstructured":"V. Brik, S. Banerjee, M. Gruteser, S. Oh, Wireless device identification with radiometric signatures, in Proceedings of the 14th ACM International Conference on Mobile Computing and Networking (ACM, 2008), pp. 116\u2013127","DOI":"10.1145\/1409944.1409959"},{"key":"1864_CR19","doi-asserted-by":"crossref","unstructured":"S. Srilasak, K. Wongthavarawat, A. Phonphoem, Integrated wireless rogue access point detection and counterattack system, in International Conference on Information Security and Assurance, 2008. ISA 2008 (IEEE, 2008), pp. 326\u2013331","DOI":"10.1109\/ISA.2008.103"},{"issue":"3","key":"1864_CR20","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1109\/TMC.2009.145","volume":"9","author":"S Jana","year":"2010","unstructured":"S. Jana, S.K. Kasera, On fast and accurate detection of unauthorized wireless access points using clock skews. IEEE Trans. Mob. Comput. 9(3), 449\u2013462 (2010)","journal-title":"IEEE Trans. Mob. Comput."},{"key":"1864_CR21","doi-asserted-by":"publisher","unstructured":"F. Lanze, A. Panchenko, B. Braatz, T. Engel, Letting the puss in boots sweat: detecting fake access points using dependency of clock skews on temperature, in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. ASIA CCS \u201914 (ACM, New York, NY, USA, 2014), pp. 3\u201314. https:\/\/doi.org\/10.1145\/2590296.2590333","DOI":"10.1145\/2590296.2590333"},{"key":"1864_CR22","doi-asserted-by":"crossref","unstructured":"C. Arackaparambil, S. Bratus, A. Shubina, D. Kotz, On the reliability of wireless fingerprinting using clock skews, in Proceedings of the Third ACM Conference on Wireless Network Security (ACM, 2010), pp. 169\u2013174","DOI":"10.1145\/1741866.1741894"},{"key":"1864_CR23","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1016\/j.jnca.2009.07.005","volume":"33","author":"K Salah","year":"2010","unstructured":"K. Salah, A. Kahtani, Performance evaluation comparison of Snort NIDS under Linux and Windows Server. J. Netw. Comput. Appl. 33, 6\u201315 (2010). https:\/\/doi.org\/10.1016\/j.jnca.2009.07.005","journal-title":"J. Netw. Comput. Appl."},{"key":"1864_CR24","doi-asserted-by":"crossref","unstructured":"S. Kitisriworapan, A. Jansang, A. Phonphoem, Evil-twin detection on client-side, in 2019 16th International Conference on Electrical Engineering\/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON) (IEEE, 2019), pp. 718\u2013721","DOI":"10.1109\/ECTI-CON47248.2019.8955158"},{"issue":"2","key":"1864_CR25","doi-asserted-by":"publisher","first-page":"426","DOI":"10.1016\/j.eswa.2013.07.068","volume":"41","author":"C-M Chen","year":"2014","unstructured":"C.-M. Chen, Y.-H. Chen, Y.-H. Lin, H.-M. Sun, Eliminating rouge femtocells based on distance bounding protocol and geographic information. Expert Syst. Appl. 41(2), 426\u2013433 (2014). https:\/\/doi.org\/10.1016\/j.eswa.2013.07.068","journal-title":"Expert Syst. Appl."},{"key":"1864_CR26","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1016\/j.compeleceng.2015.10.010","volume":"59","author":"F-H Hsu","year":"2015","unstructured":"F.-H. Hsu, C.-S. Wang, Y.-L. Hsu, Y.-P. Cheng, Y.-H. Hsneh, A client-side detection mechanism for evil twins. Comput. Electr. Eng. 59, 76\u201385 (2015)","journal-title":"Comput. Electr. Eng."},{"key":"1864_CR27","doi-asserted-by":"publisher","unstructured":"H. Han, B. Sheng, C.C. Tan, Q. Li, S. Lu, A measurement based rogue AP detection scheme, in INFOCOM 2009 (IEEE, 2009), pp. 1593\u20131601. https:\/\/doi.org\/10.1109\/INFCOM.2009.5062077","DOI":"10.1109\/INFCOM.2009.5062077"},{"issue":"11","key":"1864_CR28","doi-asserted-by":"publisher","first-page":"1912","DOI":"10.1109\/TPDS.2011.125","volume":"22","author":"H Han","year":"2011","unstructured":"H. Han, B. Sheng, C.C. Tan, Q. Li, S. Lu, A timing-based scheme for rogue ap detection. IEEE Trans. Parallel Distrib. Syst. 22(11), 1912\u20131925 (2011). https:\/\/doi.org\/10.1109\/TPDS.2011.125","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"issue":"5","key":"1864_CR29","doi-asserted-by":"publisher","first-page":"1638","DOI":"10.1109\/TIFS.2012.2207383","volume":"7","author":"C Yang","year":"2012","unstructured":"C. Yang, Y. Song, G. Gu, Active user-side evil twin access point detection using statistical techniques. IEEE Trans. Inf. Forensics Secur. 7(5), 1638\u20131651 (2012). https:\/\/doi.org\/10.1109\/TIFS.2012.2207383","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"2","key":"1864_CR30","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1109\/TNET.2005.845533","volume":"13","author":"B-J Kwak","year":"2005","unstructured":"B.-J. Kwak, N.-O. Song, M. Miller, Performance analysis of exponential backoff. IEEE\/ACM Trans. Netw. 13(2), 343\u2013355 (2005)","journal-title":"IEEE\/ACM Trans. Netw."},{"issue":"5","key":"1864_CR31","doi-asserted-by":"publisher","first-page":"1702","DOI":"10.1109\/TWC.2007.360372","volume":"6","author":"T Sakurai","year":"2007","unstructured":"T. Sakurai, H.L. Vu, Mac access delay of IEEE 802.11 dcf. IEEE Trans. Wirel. Commun. 6(5), 1702\u20131710 (2007). https:\/\/doi.org\/10.1109\/TWC.2007.360372","journal-title":"IEEE Trans. Wirel. Commun."},{"issue":"8","key":"1864_CR32","doi-asserted-by":"publisher","first-page":"1558","DOI":"10.1109\/TMC.2012.128","volume":"12","author":"L Dai","year":"2013","unstructured":"L. Dai, X. Sun, A unified analysis of IEEE 802.11 DCF networks: stability, throughput, and delay. IEEE Trans. Mob. Comput. 12(8), 1558\u20131572 (2013)","journal-title":"IEEE Trans. Mob. Comput."},{"issue":"3","key":"1864_CR33","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1109\/49.840210","volume":"18","author":"G Bianchi","year":"2000","unstructured":"G. Bianchi, Performance analysis of the IEEE 802.11 distributed coordination function. IEEE J. Sel. Areas Commun. 18(3), 535\u2013547 (2000). https:\/\/doi.org\/10.1109\/49.840210","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"1864_CR34","doi-asserted-by":"publisher","unstructured":"O. Nakhila, E. Dondyk, M.F. Amjad, C. Zou, User-side wi-fi evil twin attack detection using SSL\/TCP protocols, in 2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC) (2015), pp. 239\u2013244. https:\/\/doi.org\/10.1109\/CCNC.2015.7157983","DOI":"10.1109\/CCNC.2015.7157983"},{"key":"1864_CR35","doi-asserted-by":"publisher","unstructured":"F. Lanze, A. Panchenko, I. Ponce-Alcaide, T. Engel, Hacker\u2019s toolbox: detecting software-based 802.11 evil twin access points, in 2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC) (2015), pp. 225\u2013232. https:\/\/doi.org\/10.1109\/CCNC.2015.7157981","DOI":"10.1109\/CCNC.2015.7157981"},{"issue":"3","key":"1864_CR36","doi-asserted-by":"publisher","first-page":"1261","DOI":"10.1007\/s11277-016-3390-x","volume":"90","author":"B Alotaibi","year":"2016","unstructured":"B. Alotaibi, K. Elleithy, Rogue access point detection: taxonomy, challenges, and future directions. Wirel. Pers. Commun. 90(3), 1261\u20131290 (2016). https:\/\/doi.org\/10.1007\/s11277-016-3390-x","journal-title":"Wirel. Pers. Commun."},{"key":"1864_CR37","doi-asserted-by":"publisher","unstructured":"IEEE Standard for Information technology\u2014telecommunications and information exchange between systems local and metropolitan area networks\u2014specific requirements\u2014part 11: wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Std 802.11-2016 (Revision of IEEE Std 802.11-2012), 1\u20133534 (2016). https:\/\/doi.org\/10.1109\/IEEESTD.2016.7786995","DOI":"10.1109\/IEEESTD.2016.7786995"},{"key":"1864_CR38","doi-asserted-by":"crossref","unstructured":"G.F. Riley, T.R. Henderson, The ns-3 Network Simulator, 15\u201334 (2010)","DOI":"10.1007\/978-3-642-12331-3_2"},{"key":"1864_CR39","doi-asserted-by":"publisher","unstructured":"IEEE Standard for Information technology\u2014local and metropolitan area networks\u2014specific requirements\u2014part 11: Wireless LAN Medium Access Control (MAC)and Physical Layer (PHY) Specifications Amendment 1: Radio Resource Measurement of Wireless LANs. IEEE Std 802.11k-2008 (Amendment to IEEE Std 802.11-2007), 1\u2013244 (2008). https:\/\/doi.org\/10.1109\/IEEESTD.2008.4544755","DOI":"10.1109\/IEEESTD.2008.4544755"},{"key":"1864_CR40","doi-asserted-by":"crossref","unstructured":"M.-D. Dianu, J. Riihij\u00e4rvi, M. Petrova, Measurement-based study of the performance of IEEE 802.11 ac in an indoor environment, in 2014 IEEE International Conference on Communications (ICC) (IEEE, 2014), pp. 5771\u20135776","DOI":"10.1109\/ICC.2014.6884242"},{"issue":"9","key":"1864_CR41","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1371\/journal.pone.0162259","volume":"11","author":"YP Raykov","year":"2016","unstructured":"Y.P. Raykov, A. Boukouvalas, F. Baig, M.A. Little, What to do when k-means clustering fails: a simple yet principled alternative algorithm. PLoS ONE 11(9), 1\u201328 (2016). https:\/\/doi.org\/10.1371\/journal.pone.0162259","journal-title":"PLoS ONE"},{"key":"1864_CR42","unstructured":"S. Raschka, STAT 479: Machine Learning Lecture Notes (2018)"}],"container-title":["EURASIP Journal on Wireless Communications and Networking"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13638-020-01864-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s13638-020-01864-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13638-020-01864-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,11]],"date-time":"2020-12-11T12:48:43Z","timestamp":1607690923000},"score":1,"resource":{"primary":{"URL":"https:\/\/jwcn-eurasipjournals.springeropen.com\/articles\/10.1186\/s13638-020-01864-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12]]},"references-count":42,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,12]]}},"alternative-id":["1864"],"URL":"https:\/\/doi.org\/10.1186\/s13638-020-01864-5","relation":{},"ISSN":["1687-1499"],"issn-type":[{"value":"1687-1499","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,12]]},"assertion":[{"value":"11 December 2019","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 November 2020","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 December 2020","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"252"}}