Optimized Packet Filtering Honeypot with Snooping Agents in Intrusion Detection System for WLAN

Optimized Packet Filtering Honeypot with Snooping Agents in Intrusion Detection System for WLAN

Gulshan Kumar (Lovely Professional University, Punjab, India), Rahul Saha (Lovely Professional University, Punjab, India), Mandeep Singh (Lovely Professional University, Punjab, India) and Mritunjay Kumar Rai (Lovely Professional University, Punjab, India)
Copyright: © 2018 |Pages: 10
DOI: 10.4018/IJISP.2018010105
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Wireless LAN networks are considered to be widely used and efficient infrastructure used in different domains of communication. In this paper, we worked on Network Intrusion Detection System (NIDS) to prevent intruder's activities by using snooping agents and honeypot on the network. The idea behind using snooping agents and honeypot is to provide network management in term of monitoring. Honey pot is placed just after the Firewall and intrusion system have strongly coupled synchronize with snooping agents Monitoring is considered at packet level and pattern level of the traffic. Simulation filtered and monitor traffic for highlight the intrusion in the network. Further attack sequence has been created and have shown the effects of attack sequence on scenario which have both honey pot and snoop agent with different network performance parameters like throughput, network load, queuing delay, retransmission attempt and packet. The simulation scenario shows the impact of attack on the network performance.
Article Preview

Introduction

As the usage of internet increases most commonly user tasks are accomplished through it and for this the concept of distributed applications or databases has been considerably grown at the peak to provide fast access. Due to this wide network number of intruders also increases. So, there is need to put some strong mechanism across the network to restrict unauthorised access and for this various network devices such as firewall and Intrusion Detection Systems (IDS) (Mohame, Idris, Shanmugum, 2012) have been developed to block variety of attacks/threats to the network through incoming connections. Intrusion detection is the process of monitoring and capturing the network traffic and events occurring in a computer system that is later used to analysing them for malicious activities and possible signs of incident which are violations or threats of violation of computer security policies, acceptable use of policies and standard security practices that is defined by system administrators. An intrusion detection system (IDS) plays an important role in a network to provide good security environment. It enables the administrators to detect suspicious packets, activities, network vulnerabilities and attacks. All network traffic can be observed with the help of IDS and t is easy to detect as well as decode malicious traffic on a honey net (Li, Sun, & Zhang, 2011). and log some malicious packets at a centralized database.

The honeypot (Zhai & Wang, 2012) is an effective tool for observing and understanding intruder’s methods, tactics, behaviour and motivations. A honeypot observes and suspects every packet that is transmitted to and from it, giving it the ability to collect and capture less noisy datasets for network attack analysis. However, they do not replace traditional security systems they provide extension to network security whose value lies in unauthorized or illicit use of that resource. Honeypot (Mairh, Barik, Verma & Jena, 2011) is an emerging technology with great network security potential that can be placed inside, outside of the network as well as deployed inside of the firewall. It is a trap set used to divert attackers and hackers away from critical resources for unauthorised use. It can also be used to study an attacker’s methods and tools. It provides a large amount of valuable information that is used for analysis through which variety of attacks can be detected even working within an encrypted environment. All honeypot work (Mairh, Barik, Verma & Jena, 2011) same as they do not have any production value and they have no authorized activity so any interaction with honeypot is treated as malicious and unauthorized activity It acts as a warning tool which produce alarm if any malicious activity detected but it has risks associated with it such as firewalls being penetrated, encryption can be broken, failing of IDS sensors etc. Honey pot have many advantages such as small data sets which collect limited amount of information instead of gigabytes of data logging, reduced false positive for legitimate activity, catching false negatives for malicious activities, working with encrypted and IPV6 environment, highly flexible and simple, require minimal resources to capture bad activity. A generic implementation of honeypot has been shown in Figure 1.

Figure 1.

Generic implementation of honeypot

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 12: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing