Existing rogue Wi-Fi access point (AP) detection methods predominantly rely on channel state information (CSI) or single-source received signal strength indicator (RSSI) measurements, suffering from either hardware dependency or insufficient detection accuracy. This paper proposes a novel, hardware-agnostic rogue AP detection paradigm grounded in physical location consistency. It estimates device positions using RSSI subsets collected from multiple APs via commodity mobile devices and incorporates principles from receiver autonomous integrity monitoring (RAIM) alongside uncertainty modeling. Specifically, we design a Gaussian mixture distribution overlap verification mechanism to rigorously assess positional consistency across RSSI subsets. Evaluated on real-world datasets, the method achieves significant accuracy improvements against three representative camouflage attack types—outperforming both CSI-based and conventional RSSI-based approaches.

Rogue Wi-Fi access point (AP) attacks can lead to data breaches and unauthorized access. Existing rogue AP detection methods and tools often rely on channel state information (CSI) or received signal strength indicator (RSSI), but they require specific hardware or achieve low detection accuracy. On the other hand, AP positions are typically fixed, and Wi-Fi can support indoor positioning of user devices. Based on this position information, the mobile platform can check if one (or more) AP in range is rogue. The inclusion of a rogue AP would in principle result in a wrong estimated position. Thus, the idea to use different subsets of APs: the positions computed based on subsets that include a rogue AP will be significantly different from those that do not. Our scheme contains two components: subset generation and position validation. First, we generate subsets of RSSIs from APs, which are then utilized for positioning, similar to receiver autonomous integrity monitoring (RAIM). Second, the position estimates, along with uncertainties, are combined into a Gaussian mixture, to check for inconsisten-cies by evaluating the overlap of the Gaussian components. Our comparative analysis, conducted on a real-world dataset with three types of attacks and synthetic RSSls integrated, demonstrates a substantial improvement in rogue AP detection accuracy.