Real-Time Threat Detection and Forensic Readiness in Wireless LANs: A Case Study Using Snort and HoneyPy
DOI:
https://doi.org/10.61978/digitus.v2i1.751Keywords:
WLAN Security, Intrusion Detection, Honeypot, Snort, Honeypy, Forensic Readiness, Port Scanning; Brute-Force Attacks, Ddos MitigationAbstract
Wireless Local Area Networks (WLANs), especially in public sector infrastructures, face escalating security challenges due to their open architecture and exposure to various cyber threats. This study aims to evaluate the effectiveness of integrating Snort, an intrusion detection system (IDS), with HoneyPy, a low-interaction honeypot, to enhance real-time monitoring and forensic capabilities in WLAN environments. The methodology involved deploying Snort and HoneyPy within a simulated public network setup, using Ubuntu Server as the operating platform. Network attacks were emulated using tools such as Nmap, Hydra, and Metasploit to simulate various threat scenarios. Key metrics such as detection rate, false positive rate, and system responsiveness were used to evaluate performance. Visualization and log analysis tools including Kibana and Snorby were also incorporated to interpret intrusion data effectively. Results demonstrated that Snort successfully identified common scanning techniques and DDoS patterns using rule-based detection. HoneyPy effectively captured brute-force attack behaviors and provided rich interaction logs. The integrated setup facilitated enhanced incident correlation and provided valuable insights for forensic investigation. Visualization dashboards improved threat analysis and supported adaptive response strategies. In conclusion, the combined use of Snort and HoneyPy offers a scalable and cost-effective solution for public WLAN security. It enhances detection accuracy, supports forensic readiness, and provides actionable intelligence on attack behaviors. The findings highlight the practical relevance of layered defense models, offering concrete guidance for public institutions in strengthening WLAN security and forensic readiness.
References
Abbas-Escribano, M., & Debar, H. (2023). An improved honeypot model for attack detection and analysis. https://doi.org/10.1145/3600160.3604993 DOI: https://doi.org/10.1145/3600160.3604993
Abe, S., Tanaka, Y., Uchida, Y., & Horata, S. (2018). Developing deception network system with traceback honeypot in ICS network. SICE Journal of Control Measurement and System Integration, 11(4), 372–379. https://doi.org/10.9746/jcmsi.11.372 DOI: https://doi.org/10.9746/jcmsi.11.372
AlFraih, A., & Chen, W. (2014). Design of a worm isolation and unknown worm monitoring system based on honeypot. https://doi.org/10.2991/lemcs-14.2014.150 DOI: https://doi.org/10.2991/lemcs-14.2014.150
Alodat, I. (2022). Examining wireless networks encryption by simulation of attacks. https://doi.org/10.21203/rs.3.rs-1361227/v1 DOI: https://doi.org/10.21203/rs.3.rs-1361227/v1
Alotaibi, F., Al-Dhaqm, A., & Al‐Otaibi, Y. (2022). A novel forensic readiness framework applicable to the drone forensics field. Computational Intelligence and Neuroscience, 2022, 1–13. https://doi.org/10.1155/2022/8002963 DOI: https://doi.org/10.1155/2022/8002963
Althobaiti, A. (2019). An extensive study of honeypot technique. International Journal of Advanced Trends in Computer Science and Engineering, 8(6), 3318–3326. https://doi.org/10.30534/ijatcse/2019/103862019 DOI: https://doi.org/10.30534/ijatcse/2019/103862019
Bakar, R., et al. (2020). An effective mechanism to mitigate real-time DDoS attack. IEEE Access, 8, 126215–126227. https://doi.org/10.1109/access.2020.2995820 DOI: https://doi.org/10.1109/ACCESS.2020.2995820
Baykara, M., & Daş, R. (2019). Softswitch: A centralized honeypot-based security approach using software-defined switching for secure management of VLAN networks. Turkish Journal of Electrical Engineering & Computer Sciences, 27(5), 3309–3325. https://doi.org/10.3906/elk-1812-86 DOI: https://doi.org/10.3906/elk-1812-86
Ceron, J., Scholten, C., Pras, A., & Santanna, J. (2020). Mikrotik devices landscape, realistic honeypots, and automated attack classification. https://doi.org/10.1109/noms47738.2020.9110336 DOI: https://doi.org/10.1109/NOMS47738.2020.9110336
Chawda, K., & Patel, A. (2014). Dynamic & hybrid honeypot model for scalable network monitoring. https://doi.org/10.1109/icices.2014.7033844 DOI: https://doi.org/10.1109/ICICES.2014.7033844
Cheng, J., Hu, L., Liu, J., Zhang, Q., & Yan, C. (2014). A new mechanism for network monitoring and shielding in wireless LAN. Mathematical Problems in Engineering, 2014(1). https://doi.org/10.1155/2014/620926 DOI: https://doi.org/10.1155/2014/620926
Cheng, K., Wu, Z., Li, D., Li, X., & Ren, M. (2022). The TaintDroid based honeypot monitoring system for embedded device. Journal of Physics Conference Series, 2203(1), 012077. https://doi.org/10.1088/1742-6596/2203/1/012077 DOI: https://doi.org/10.1088/1742-6596/2203/1/012077
Dogra, A. (2024). Enhancing DDoS attack detection and network resilience through ensemble-based packet processing and bandwidth optimization. Int Res J Adv Engg Hub, 2(04), 930–937. https://doi.org/10.47392/irjaeh.2024.0130 DOI: https://doi.org/10.47392/IRJAEH.2024.0130
Faldi, F., Romadoni, D., & SUMADI, M. (2023). The implementation of network server security system using honeypot. JIKO (Jurnal Informatika dan Komputer), 6(2). https://doi.org/10.33387/jiko.v6i2.6385 DOI: https://doi.org/10.33387/jiko.v6i2.6385
Fan, W., & Fernández, D. (2017). A novel SDN based stealthy TCP connection handover mechanism for hybrid honeypot systems. https://doi.org/10.1109/netsoft.2017.8004194 DOI: https://doi.org/10.1109/NETSOFT.2017.8004194
Gao, D., et al. (2024). Risk‐aware SDN defense framework against anti‐honeypot attacks using safe reinforcement learning. International Journal of Network Management, 34(6). https://doi.org/10.1002/nem.2297 DOI: https://doi.org/10.1002/nem.2297
Huang, C., Han, J., Zhang, X., & Liu, J. (2019). Automatic identification of honeypot server using machine learning techniques. Security and Communication Networks, 2019, 1–8. https://doi.org/10.1155/2019/2627608 DOI: https://doi.org/10.1155/2019/2627608
Husák, M., Bartoš, V., Sokol, P., & Gajdoš, A. (2021). Predictive methods in cyber defense: Current experience and research challenges. Future Generation Computer Systems, 115, 517–530. https://doi.org/10.1016/j.future.2020.10.006 DOI: https://doi.org/10.1016/j.future.2020.10.006
Ismail, I., Nor, S., & Marsono, M. (2014). Stateless malware packet detection by incorporating Naive Bayes with known malware signatures. Applied Computational Intelligence and Soft Computing, 2014, 1–8. https://doi.org/10.1155/2014/197961 DOI: https://doi.org/10.1155/2014/197961
Karim, I., Vien, Q., Le, T., & Mapp, G. (2017). A comparative experimental design and performance analysis of Snort-based intrusion detection system in practical computer networks. Computers, 6(1), 6. https://doi.org/10.3390/computers6010006 DOI: https://doi.org/10.3390/computers6010006
Katakwar, H., et al. (2020). Influence of network size on adversarial decisions in a deception game involving honeypots. Frontiers in Psychology, 11. https://doi.org/10.3389/fpsyg.2020.535803 DOI: https://doi.org/10.3389/fpsyg.2020.535803
Kejiou, A., & Bekaroo, G. (2022). A review and comparative analysis of vulnerability scanning tools for wireless LANs. https://doi.org/10.1109/nextcomp55567.2022.9932245 DOI: https://doi.org/10.1109/NextComp55567.2022.9932245
Li, Y., Shi, L., & Feng, H. (2019). A game-theoretic analysis for distributed honeypots. Future Internet, 11(3), 65. https://doi.org/10.3390/fi11030065 DOI: https://doi.org/10.3390/fi11030065
Meng, W., & Kwok, L. (2014). Enhancing the performance of signature-based network intrusion detection systems: An engineering approach. HKIE Transactions, 21(4), 209–222. https://doi.org/10.1080/1023697x.2014.970750 DOI: https://doi.org/10.1080/1023697X.2014.970750
Nawrocki, M., et al. (2023). SOK: A data-driven view on methods to detect reflective amplification DDoS attacks using honeypots. https://doi.org/10.48550/arxiv.2302.04614 DOI: https://doi.org/10.1109/EuroSP57164.2023.00041
Pei, J., Chen, Y., & Ji, W. (2019). A DDoS attack detection method based on machine learning. Journal of Physics Conference Series, 1237(3), 032040. https://doi.org/10.1088/1742-6596/1237/3/032040 DOI: https://doi.org/10.1088/1742-6596/1237/3/032040
Raman, J., & Varadharajan, V. (2021). HoneynetCloud investigation model, a preventive process model for IoT forensics. Ingénierie Des Systèmes D’Information, 26(3), 319–327. https://doi.org/10.18280/isi.260309 DOI: https://doi.org/10.18280/isi.260309
Rambaldelli, G., et al. (2025). Characterization of small nucleolar RNA retaining transcripts in human normal and cancer cells. Non-Coding RNA Research, 13, 153–161. https://doi.org/10.1016/j.ncrna.2025.05.004 DOI: https://doi.org/10.1016/j.ncrna.2025.05.004
Satria, E., et al. (2021). The investigation on Cowrie honeypot logs in establishing rule signature Snort. IOP Conference Series Earth and Environmental Science, 644(1), 012031. https://doi.org/10.1088/1755-1315/644/1/012031 DOI: https://doi.org/10.1088/1755-1315/644/1/012031
Singh, R., & Sharma, T. (2014). On the IEEE 802.11i security: A denial‐of‐service perspective. Security and Communication Networks, 8(7), 1378–1407. https://doi.org/10.1002/sec.1079 DOI: https://doi.org/10.1002/sec.1079
Sibe, R., & Muller, S. (2022). Digital forensic readiness of cybercrime investigating institutions in Nigeria: A case study of EFCC and the Nigeria Police Force. 34, 53–57. https://doi.org/10.15439/2022m9438 DOI: https://doi.org/10.15439/2022M9438
Suhaimi, H., et al. (2020). Genetic algorithm for intrusion detection system in computer network. Indonesian Journal of Electrical Engineering and Computer Science, 19(3), 1670. https://doi.org/10.11591/ijeecs.v19.i3.pp1670-1676 DOI: https://doi.org/10.11591/ijeecs.v19.i3.pp1670-1676
Surber, J., & Zantua, M. (2022). Intelligent interaction honeypots for threat hunting within the Internet of Things. Journal of the Colloquium for Information Systems Security Education, 9(1), 5. https://doi.org/10.53735/cisse.v9i1.147 DOI: https://doi.org/10.53735/cisse.v9i1.147
Suroto, S. (2018). WLAN security: Threats and countermeasures. JOIV International Journal on Informatics Visualization, 2(4), 232–238. https://doi.org/10.30630/joiv.2.4.133 DOI: https://doi.org/10.30630/joiv.2.4.133
TAŞÇI, H., et al. (2021). Password attack analysis over honeypot using machine learning. Turkish Journal of Mathematics and Computer Science, 13(2), 388–402. https://doi.org/10.47000/tjmcs.971141 DOI: https://doi.org/10.47000/tjmcs.971141
Tian, W., et al. (2019). Honeypot game‐theoretical model for defending against APT attacks with limited resources. ETRI Journal, 41(5), 585–598. https://doi.org/10.4218/etrij.2019-0152 DOI: https://doi.org/10.4218/etrij.2019-0152
Trajanovski, T., & Zhang, N. (2021). An automated and comprehensive framework for IoT botnet detection and analysis. IEEE Access, 9, 124360–124383. https://doi.org/10.1109/access.2021.3110188 DOI: https://doi.org/10.1109/ACCESS.2021.3110188
Ujjan, R., et al. (2021). Entropy based features distribution for anti-DDoS model in SDN. Sustainability, 13(3), 1522. https://doi.org/10.3390/su13031522 DOI: https://doi.org/10.3390/su13031522
Veluchamy, S., & Kathavarayan, R. (2021). Deep reinforcement learning for building honeypots against runtime DoS attack. International Journal of Intelligent Systems, 37(7), 3981–4007. https://doi.org/10.1002/int.22708 DOI: https://doi.org/10.1002/int.22708
Waili, A. (2023). Analysis of traffic using the Snort tool for the detection of malware traffic. International Journal of Information Technology and Computer Engineering, 33, 30–37. https://doi.org/10.55529/ijitc.33.30.37 DOI: https://doi.org/10.55529/ijitc.33.30.37
Wang, K., et al. (2016). Game-theory-based active defense for intrusion detection in cyber-physical embedded systems. ACM Transactions on Embedded Computing Systems, 16(1), 1–21. https://doi.org/10.1145/2886100 DOI: https://doi.org/10.1145/2886100
Wang, S., et al. (2023). AI‐enabled blockchain and SDN‐integrated IoT security architecture for cyber‐physical systems. Advanced Control for Applications Engineering and Industrial Systems, 6(2). https://doi.org/10.1002/adc2.131 DOI: https://doi.org/10.1002/adc2.131
Wang, L., et al. (2024). AARF: Autonomous attack response framework for honeypots to enhance interaction based on multi-agent dynamic game. Mathematics, 12(10), 1508. https://doi.org/10.3390/math12101508 DOI: https://doi.org/10.3390/math12101508
Xiao, P., Qu, W., Qi, H., & Li, Z. (2015). Detecting DDoS attacks against data center with correlation analysis. Computer Communications, 67, 66–74. https://doi.org/10.1016/j.comcom.2015.06.012 DOI: https://doi.org/10.1016/j.comcom.2015.06.012
Yao, J., & Chen, J. (2016). The design of website security defense system based on honeypot technology. https://doi.org/10.2991/wartia-16.2016.305 DOI: https://doi.org/10.2991/wartia-16.2016.305
