Design And Implementation Of A Wireless Intrusion Detection System

With the advantage of mobility and rapid deployment, wireless network’s applicationrange is expanding, and its security issues become increasingly prominent. For exposingin the air directly,802.11packets can easily be intercepted and forged. So WLANnetworks are vulnerable to the impact of a variety of network threats, such as unauthorizedAP, ad-hoc networks and denial of service attacks. With the increase of system complexityand maturity of invasive technology, it is not enough to rely solely on encryption andauthentication. In this case, intrusion detection technology is becoming the hot spot ofWLAN security.In this paper, the wireless intrusion detection system is mainly used P2DR model,protocol analysis and rules matching technology. And it is designed and implemented inaccordance with the software engineering approach. First, the software requirementsanalysis. To analyze WLAN security issues, common network attacks and WLAN securitytechnology, the paper proposed the problem which the system is to solve. Then, thesoftware detailed design. The system consists of four functional blocks which are arule-based matching of illegal device detection module, based on protocol analysistechnology of denial of service attack detection module, intrusion prevention module anduser configuration module. And, denial of service attack and defense is based on the P2DRmodel. In system implementation phase, we describe the identify the type of wirelessdevice, the rule matching process, denial of service attack detection, and intrusion defenseprocesses and data structures in detail. Finally, the system tests, which is mainly for illegaldevice detection and denial of service attack detection.The network is constructed of AC, APs and switches. It is through the command-lineconfiguration and wireless user login for functional verification. With periodicallysubmitted the scan report by monitor AP, the system dynamically updates the status of network devices. Based on MAC address, SSID and other configuration rules, the systemclassifies network devices, identifies illegal equipment in the network and takesappropriate counter-measures, which maximum ensure the reliability of the access devices.For legal Communications by parsing802.11packets, the system can update trafficstatistics of eight kinds of packets in the wireless network, detect denial of service attack,and use the dynamic blacklist as recoverability attacking defense. It is greatly improvingthe safety and reliability of the data link layer.