The Performance Analysis of Honeypot Based Intrusion Detection System for Wireless Network



Wireless network security is becoming a great challenge as its popularity is in the high spirit. On account of open medium, insignificant software implementation, potential for hardware deficits, and improper configuration; Wi-Fi network is vulnerable to Rogue Access Point (RAP). Rogue Access Point is an unauthorized access point which can be installed by end-users without the knowledge of security administrator. When this rogue device is connected to the Internet, it can be used by an assailant to breach the security of the network. Existing RAPs detection techniques have limited capabilities and are not able to detect all variants of assaulters activities. In this paper, a method named Honeypot Intrusion Detection System (Honeypot IDS) is proposed for the detection and prevention of Rogue Access Point via attack detection performed by internal and external malicious users. Honeypot IDS combines Intrusion Detection System and Honeypot, to reduce false alarm rate generated by existing IDS. The proposed approach consist of three phases; filtering, intrusion detection system and honeypot. The traffic after passing filtering and intrusion detection system is rerouted to honeypot for in-depth investigation. The proposed architecture improves the overall performance of the system by diminishing false alarm rate generated by intrusion detection system and is able to sustain the overall workload of honeypot.


Rogue access point Intrusion detection system Honeypot Wired equivalent privacy Wi-Fi protected access Network attacks 


  1. 1.
    S. Fluhrer, I. Mantin and A. Shamir, Weaknesses in the Key Scheduling Algorithm of RC4. Selected Areas in Cryptography, 8th Annual International Workshop, SAC, Toronto, Ontario, Canada (Springer-Verlag Berlin Heidelberg 2001), pp. 1–24.Google Scholar
  2. 2.
    N. Borisov, I. Goldberg and D. Wagner, Intercepting mobile communications: The insecurity of 802.11. In the proceedings of the Seventh Annual International Conference on Mobile Computing And Networking, ACM New York USA, pp. 16–21 (2001).Google Scholar
  3. 3.
    A. Bittau, M. Handley and J. Lackey, The Final Nail in WEPs Coffin. In the Proceedings of IEEE symposium on security and privacy, pp. 1–15 (2006).Google Scholar
  4. 4.
    E. Tews, R. P. Weinmann and A. Pyshkin, Breaking 104 bit WEP in less than 60 seconds. In the Proceedings of the 8th International Conference on Information Security Applications, Springer Verlag Berlin Heidelberg, pp. 188–202 (2007).Google Scholar
  5. 5.
    L. Ma, A. Y.Teymorian, X. Cheng and M. Song, RAP: Protecting commodity Wi-Fi networks from rogue access points. In the Proceedings of Fourth International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness and Workshops, ACM New York USA, pp. 1–7 (2007).Google Scholar
  6. 6.
    Y. B. Mustapha, H. Debar and G. Jacob, Limitation of Honeypot/Honeynet Databases to Enhance Alert Correlation. Computer Network Security, 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security (Springer-Verlag Berlin Heidelberg 2012), pp. 203–217.Google Scholar
  7. 7.
    J. Levine, R. L. Bella, H. Owen, D. Contis and B. Culve, The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks, In the Proceedings of IEEE Workshop on Information AssuranceNew York USA, 2003. pp. 92–99.Google Scholar
  8. 8.
    R. Beyah, S. Kangude, G. Yu, B. Strickland and J. Copeland, Rogue access point detection using temporal traffic characteristics. In the Proceedings of IEEE Conference on Global Telecommunications (GLOBECOM), pp. 2271–2275 (2004).Google Scholar
  9. 9.
    Motorola Solusions. AirDefense Enterprise: a wireless intrusion prevention, 2011.Google Scholar
  10. 10.
    A. Adya, P. Bahl, R. Chandra and L. Qiu, Architecture and techniques for diagnosing faults in ieee 802.11 infrastructure networks. In the Proceedings of 10th Annual International Conference on Mobile Computing and Networking (MobiCom), ACM New York, USA, pp. 30–44 (2004).Google Scholar
  11. 11.
    P. Bahl, R. Chandra, J. Padhye, L. Ravindranath, M. Singh, A. Wolman and B. Zill, Enhancing the security of corporate wi-fi networks using DAIR. In the Proceedings of 10th Annual International Conference on Mobile Computing and Networking (MobiCom), ACM New York, USA, pp. 1–14 (2006).Google Scholar
  12. 12.
    M. K. Chirumamilla and B. Ramamurthy, Agent based intrusion detection and response system for wireless LANs. In the proceedings of IEEE International Conference on Communications, pp. 492–496 (2003).Google Scholar
  13. 13.
    J. Milliken, V. Selis and A. Marshall, Detection and analysis of the Chameleon WiFi access point virus. EURASIP Journal on Information Security, Springer, No. 1, (2013).Google Scholar
  14. 14.
    N. Agrawal and S. Tapaswi, Wireless rogue access point detection using shadow honeynet. International Journal of Wireless Personal Communications, Springer Science+Business Media New York, Vol. 83, No. 1, pp. 551–570 (2015).Google Scholar
  15. 15.
    W. Wei, Y. Dong, D. Lu and G. Jin, Combining cross-correlation and fuzzy classification to detect distributed Denial-of-Service attacks. Computational Science ICCS (Springer-Verlag Berlin Heidelberg 2006), pp. 57–64.Google Scholar
  16. 16.
    J. Seo, C. Lee, T. Shon and J. Moon, SVM approach with CTNT to detect DDoS attacks in grid computing. Grid and Cooperative Computing GCC (Springer-Verlag Berlin Heidelberg 2005), pp. 59–70.Google Scholar
  17. 17.
    Z. Gomez, C. Gil, N. Padilla, R. Banos and C. Jimenez, Design of SNORT based hybrid Intrusion Detection System. Distributed Computing, Artificial Intelligence, Bioinformatics, Soft Computing, and Ambient Assisted Living, 10th International Work-Conference on Artificial Neural Networks (Springer-Verlag Berlin Heidelberg 2009), pp. 515–522.Google Scholar
  18. 18.
    J. Song, H. Ohba, H. Takakura, Y. Okabe, K. Ohira and Y. Kwon, A Comprehensive Approach to Detect Unknown Attacks Via Intrusion Detection Alerts, Computer and Network Security (Springer-Verlag, Berlin HeidelbergAdvances in Computer Science ASIAN, 2007. pp. 247–253.Google Scholar
  19. 19.
    N. Agrawal, P. Bhale and S. Tapaswi, Preventing ARP spoofing in WLAN using SHA-512, In the Proceedings of IEEE International Conference on Computational Intelligence and Computing Research (ICCIC), pp. 1–5 (2013).Google Scholar
  20. 20.
  21. 21.
  22. 22.
  23. 23.
  24. 24.
  25. 25.

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  1. 1.Atal Bihari Vajpayee-Indian Institute of Information Technology and ManagementGwaliorIndia

Personalised recommendations