A Lightweight Wireless Intrusion Detection System for Real-Time Deauthentication and Rogue Access Point Mitigation.

Abstract: The pervasive deployment of IEEE 802.11 wireless networks has revolutionized digital connectivity, but it has simultaneously expanded the attack surface for threat actors. A critical vulnerability within legacy Wi-Fi protocols is the transmission of management frames in an unencrypted and unauthenticated format. This flaw is routinely exploited to execute deauthentication denial-of-service (DoS) attacks and deploy Rogue Access Points (RAPs) or "Evil Twins" to intercept sensitive data. This paper presents a lightweight, low-cost Wireless Intrusion Detection System (WIDS) architecture utilizing a Raspberry Pi and monitor-mode network adapters. By employing a Python-based detection engine leveraging Scapy and tcpdump, the proposed system effectively identifies deauthentication floods, SSID-BSSID duplication, MAC spoofing, and abnormal Received Signal Strength Indicator (RSSI) variations. Experimental results validate the system's ability to provide real-time alerts and forensic packet captures (PCAP) with minimal computational overhead, offering a highly scalable solution for enterprise and edge-network security.