Authors: Guanlin Chen; Kunlong Zhou; Yubo Peng; Liang Zhou; Yong Zhang
Addresses: School of Computer and Computing Science, Zhejiang University City College, Hangzhou, 310015, China; College of Computer Science, Zhejiang University, Hangzhou, 310027, China ' School of Computer and Computing Science, Zhejiang University City College, Hangzhou, 310015, China ' Zhejiang Province Electronic Commerce Promotion Center, Hangzhou, 310006, China ' Hangzhou Management and Service Center of Big Data, Hangzhou, 310020, China ' School of Computer and Computing Science, Zhejiang University City College, Hangzhou, 310015, China
Abstract: With the popularity of wireless networks in recent years, the mobile phone users accounted for 95.1% in China. Meanwhile, the security issues cannot be ignored. The cost of wireless attacks is getting lower, and there are more frequent occurrence of wireless fishing, wireless crack and other security events. However, the current traditional intrusion prevention method can only cope with relatively simple attack scenarios. Therefore, the development of new intrusion prevention system is particularly important. In this paper, we design and implement a novel network intrusion prevention system, which uses VpnService and TcpDump to capture traffic as a data source, cooperates with the single-step attack rule signature database and the attack chain signature database to perform real-time intrusion detection, and combines intent analysis to detect intrusion intention-behaviour and output alarms. The results show that the system is effective in recognising typical wireless attacks.
Keywords: Wi-Fi; intrusion prevention system; intrusion intent; Android; TcpDump.
International Journal of Internet Protocol Technology, 2021 Vol.14 No.2, pp.67 - 76
Received: 25 Apr 2019
Accepted: 20 Jul 2019
Published online: 15 Jul 2021 *