Wireless Rogue Access Point Detection Using Shadow Honeynet

摘要

Network security is becoming a great challenge as the popularity of wireless network is increasing. On account of open medium, insignificant software implementation, potential for hardware deficits, and improper configuration; Wi-Fi network is vulnerable to rogue access point (RAP). RAP is an unauthorized access point which can be installed by end-users without the knowledge of security administrator. When this rogue device is connected to the Internet, it can be used by an attacker to breach the security of the network. Attackers can also install RAP to lure other users for sniffing sensitive data. In this paper, a method called "Shadow Honeynet" has been proposed for the detection and prevention of RAP. The concept of Shadow Honeynet arrives from Shadow Honeypot that integrate the best features of anomaly detection system (ADS) and Honeypot. The shadow is an instance of protected software that share all internal states with the regular ("production") instance of the application to detect potential attacks. The proposed architecture improves the overall performance of the system by diminishing false positives rate generated by ADS and can be able to sustain the overall workload of honeypot.