A Lightweight Real-time Framework for Detecting Rogue Switches in Wired Local Area Network

Abstract

In today’s digital landscape, securing wired network infrastructure is essential, particularly for Small and Medium
Enterprises (SMEs) that often lack dedicated security personnel and resources. This project presents a fully automated, costeffective
method for detecting rogue switches, which are unauthorized devices that may be introduced by malicious insiders
or external attackers to bypass network controls. Unmanaged (dumb) switches facilitate lateral movement, network sniffing,
and long-term persistence, allowing adversaries to blend into legitimate traffic without detection. To counter this threat, the
proposed system employs a correlation-based detection mechanism, supported by a three-layer validation model, to
systematically verify infrastructure changes. The layered design reduces false positives and ensures accurate identification
of unauthorized network modifications. Tailored for SME environments, this solution removes the need for manual
inspection, offering a scalable, real-time response to rogue switch detection and mitigation.