Skip to main content
SpringerLink
Log in

Wireless Rogue Access Point Detection Using Shadow Honeynet

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Network security is becoming a great challenge as the popularity of wireless network is increasing. On account of open medium, insignificant software implementation, potential for hardware deficits, and improper configuration; Wi-Fi network is vulnerable to rogue access point (RAP). RAP is an unauthorized access point which can be installed by end-users without the knowledge of security administrator. When this rogue device is connected to the Internet, it can be used by an attacker to breach the security of the network. Attackers can also install RAP to lure other users for sniffing sensitive data. In this paper, a method called “Shadow Honeynet” has been proposed for the detection and prevention of RAP. The concept of Shadow Honeynet arrives from Shadow Honeypot that integrate the best features of anomaly detection system (ADS) and Honeypot. The shadow is an instance of protected software that share all internal states with the regular (“production”) instance of the application to detect potential attacks. The proposed architecture improves the overall performance of the system by diminishing false positives rate generated by ADS and can be able to sustain the overall workload of honeypot.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

References

  1. Fluhrer, S., Mantin, I., & Shamir, A. (2001). Weaknesses in the key scheduling algorithm of RC4. Berlin: Springer.

    Book  Google Scholar 

  2. Borisov, N., Goldberg, I., & Wagner, D. (2001). Intercepting mobile communications: The insecurity of 802.11. In Proceedings of the seventh annual international conference on mobile computing and networking, ACM.

  3. Bittau, A., Handley, M., Lackey, J. (2006). The final nail in WEPs coffin. In IEEE symposium on security and privacy.

  4. Tews, E., Weinmann, R. P., & Pyshkin, A. (2007). Breaking 104 bit WEP in less than 60 seconds. Berlin: Springer.

    Book  Google Scholar 

  5. Ma, L., Teymorian, A. Y., & Cheng, X. (2007). RAP: Protecting commodity Wi-Fi networks from rogue access points. In The fourth international conference on heterogeneous networking for quality, reliability, security and robustness and workshops, ACM.

  6. Beyah, R., Kangude, S., Yu, G., Strickland, B., & Copeland, J. (2004). Rogue access point detection using temporal traffic characteristics. In GLOBECOM.

  7. Motorola Solusions. (2011). AirDefense enterprise: A wireless intrusion prevention.

  8. Adya, A., Bahl, P., Chandra, R., & Qiu, L. (2004). Architecture and techniques for diagnosing faults in ieee 802.11 infrastructure networks. In MobiCom 04 (pp. 30–44).

  9. Bahl, P., Chandra, R., Padhye, J., Ravindranath, L., Singh, M., Wolman, A., et al. (2006). Enhancing the security of corporate wi-fi networks using dair. In MobiSys 06 (p. 114), ACM Press.

  10. Chirumamilla, M. K., & Ramamurthy, B. (2003). Agent based intrusion detection and response system for wireless LANs. In ICC 03 (pp. 492–496).

  11. Gomez, Z., Gil, C., Padilla, N., Banos, R., & Jimenez, C. (2009). Design of SNORT based hybrid intrusion detection sysytem. Berlin: Springer.

    Google Scholar 

  12. Anagnostakis, K. G., Sidiroglou, S., Akritidis, P., Polychronakis, M., Keromytis, A. D., & Markatos, E.P. (2010). Shadow Honeypots. International Journal of Computer and Network Security, 2(9), 1–16.

  13. Mustapha, Y. B., Debar, H., & Jacob, G. (2012). Limitation of honeypot/honeynet databases to enhance alert correlation. Berlin: Springer.

    Book  Google Scholar 

  14. Levine, J., LaBella, R., Owen, H., Contis, D., & Culve, B. (2003). The use of honeynets to detect exploited systems across large enterprise networks. In Proceedings of the 2003 IEEE workshop on information assurance. West Point, NY: United States Military Academy.

  15. http://ettercap.github.io/ettercap/

  16. http://www.wireshark.org/

  17. http://www.snort.org/

  18. Singh, S., Estan, C., Varghese, G., & Savage, S. (2004). Automated worm fingerprinting. In Proceedings of the 6th symposium on operating systems design and implementation (OSDI).

  19. http://www.txl.ca/txldocs.html

  20. http://www.txl.ca/learningtxl.html

  21. http://www.txl.ca/txlworld.html

  22. Cordy, J. R. (2001). A practical introduction to TXL.

  23. Sidiroglou, S., Giovanidis, G., & Keromytis, A. D. (2005). A dynamic mechanism for recovering from buffer overflow attacks. In Proceedings of the 8th international conference, ISC 2005, Singapore. Berlin: Springer.

Download references

Author information

Authors and Affiliations

  1. ABV-Indian Institute of Information Technology and Management, Gwalior, India

    Neha Agrawal & Shashikala Tapaswi

Authors
  1. Neha Agrawal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shashikala Tapaswi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Neha Agrawal.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Agrawal, N., Tapaswi, S. Wireless Rogue Access Point Detection Using Shadow Honeynet. Wireless Pers Commun 83, 551–570 (2015). https://doi.org/10.1007/s11277-015-2408-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-015-2408-0

Keywords

Search

Navigation