AN EVALUATION OF INTRUSION DETECTION SYSTEMS FOR

HIGHER EDUCATION INSTITUTIONS’ WIRELESS LOCAL AREA

NETWORK (WLAN)

BY

AJUONUMA GODSWILL O. BD/14/68151

A RESEARCH PROJECT PRESENTED TO DEPARTMENT OF

COMPUTER SCIENCE, SCHOOL OF SCIENCES, ALVAN IKOKU
FEDERAL COLLEGE OF EDUCATION, OWERRI.

IN PARTIAL FULFILMENT OF THE REQUIREMENT FOR AWARD OF

BACHELOR OF SCIENCE (B.Sc.) DEGREE IN COMPUTER EDUCATION
OF THE UNIVERSITY OF NIGERIA, NSUKKA

DECEMBER, 2018
TABLE OF CONTENTS
Table Of Contents i
Statement Of The Problem 3
Purpose Of The Study 4
Scope Of The Study 4
Significance Of The Study 4
Hypotheses 5
Chapter Two 6
Review Of Related Literature 6
Conceptual Framework 6
Empirical Framework 19
Summary Of Literature Review 20
Design Of The Study 22
Area Of The Study 22
Population Of The Study 23
Sample And Sampling Technique 24
Instrument For Data Collection 24
Method Of Data Collection 24
Validation Of The Instrument 24
Chapter Four 25
Data Presentation And Analysis Of Data 25
Chapter Five 30
Discussion Of Findings 30
Educational Implication Of The Study 31
Recommendation 32
Suggestion For Further Studies 32
Limitation Of The Study 33
Summary 33
References 34

i
 CHAPTER ONE

INTRODUCTION

Background to the study

The availability of Wireless networks has opened a new and exciting world for many
users IT technology is advancing and changing every day and its popularity is
increasing. The biggest concern with wireless network, however, has been security.
For some time wireless network security has been an issue the world over. In
addition to improved encryption schemes a new solution to help combat this problem
is the Wireless Intrusion Detection System (WIDS).

In the security and wireless technology, this has fast become a major part of securing
a network. The next sections will cover details of what a WIDS is and can do, along
with incident response, and creating a wireless policy. Today, wireless technology
plays a significant role in every aspect of our lives, both personal and public.
However, the growth in the use of wireless technology has brought new challenges
and limitations to user's privacy. This is because wireless networks are vulnerable to
a number of attacks and threats; examples include unauthorized access, Denial of
Service, and Distributed Denial of Service attacks. The intrusion problem in a
wireless network has become one of the leading causes of concern with the increased
use of wireless networks. While the intrusion problem has existed for decades, the
problem has been rising in intensity and vigour as more end-users use computers,
the internet, The Web, mobile, and ad-hoc wireless networks.

According to Samaher Al-Janabi and Ibrahim Alshourbaji (2017), Wireless and

mobile networks provide new challenges because of their nature to rely on network
signals without exact or known boundaries. In addition, wireless systems are very
competitive in regard to their performance, price, and convenience in connection.

1
However, there is a wide-spread, and connection convenience means that an attack
can happen at multiple remote locations at any time. Therefore, the field of wireless
network and communication security has become essential and needs to be protected
from attacks. Further, the integrity and availability of these systems must be
protected to provide the necessary facilities to make them safe from unexpected
attacks.

Intrusion Detection

Intrusion Detection Systems (IDSs) attempt to identify computer system and

network intrusions and misuse by gathering and analysing data. Intrusion Detection
Systems (IDSs) have traditionally been developed to detect intrusions and misuse
for wired systems and networks. More recently, IDSs have been developed for use
on wireless networks. These wireless IDSs can monitor and analyse user and system
activities, recognize patterns of known attacks, identify abnormal network activity,
and detect policy violations for WLANs. Wireless IDSs gather all local wireless
transmissions and generate alerts based either on predefined signatures (M. Gerken,
1997) or on anomalies in the traffic (J. Farshchi, 2003).

Wireless Intrusion Detection Systems

A Wireless IDS is similar to a standard, wired IDS, but has additional deployment
requirements as well as some unique features specific to WLAN intrusion and
misuse detection.

2
Statement of the Problem
A variety of other WLAN threats exist and additional vulnerabilities that could affect
a Higher Institution or Campus’ WLAN are being identified at an ever-increasing
pace, these include:

o Unauthorized access into an Institution’s Database via wireless network

o Manipulation of staff or student-related files
o Introduction of viruses into a network, which could corrupt files in the
nodes within the network
o Unauthorized monitoring of activities within a wireless network, to say
but few.

The point is that these threats are real, they can cause extensive damage, and they
are becoming more prevalent. Without some sort of detection mechanism, it can be
difficult to identify the threats to a WLAN. A lack of threat awareness can lead to a
network not adequately secured against the threats facing it. Only when the Network
Administrators identify are realize the threats to the network can the WLAN be
properly equipped with the necessary security measures

There’s no denying that a strong campus wireless local area network is critical in
terms of attracting and retaining students in higher education. Here we are dealing
with a user base that expects to be connected via desktop PCs, laptops, smartphones,
tablets, gaming devices and more, plus the load of Internet of Things (IoT) Integrated
Technologies that campuses should be adopting to stay on the cutting edge and
remain competitive among institutions. IT professionals managing Higher
Institutions WLANs must be constantly evaluating the strength and performance of
their network since colleges and universities cannot know how secure their networks
are unless they conduct wireless vulnerability assessment. This research will
describe the need for wireless intrusion detection, provide an explanation of wireless
3
intrusion detection systems, and identify the benefits and drawbacks of a wireless
intrusion detection solution.

Purpose of the Study

Generally, this study aims to evaluate wireless intrusion and detection systems for
higher education institution’s wireless local area network.

Specifically, the study aims to:

• Determine the importance of an Intrusion Detection system for wireless

networks in the Alvan Ikoku Federal College of Education.
• Find out the security impact of Intrusion Detection System in Alvan Ikoku
Federal College of Education if it is implemented.
• To Ascertain if Intrusion Detection Systems for Wireless Local Area Network
is in use Alvan Ikoku Federal College of Education.

Scope of the Study

The scope of the study was ICT Department/Alvan Ikoku Federal College of
Education.

Significance of the Study

• The study will be of benefit to computer users, network designers, and
network administrators in the following ways:
• It will help them understand the concept of Wireless Intrusion and
Detection Systems.
• It will help network administrators to know the methods and strategies to
prevent unauthorized individuals from getting access to sensitive
information within the network.

4
 • It will further help designers increase the network security measures for
wireless networks.
• The study will further serve as a useful material for researchers in related
fields.

Research Questions

• Of what importance is Wireless Intrusion Detection Systems on the

Wireless Local Area Network of Alvan Ikoku Federal College of
Education?
• How does Wireless Intrusion Detection Systems improve on the Wireless
Network Security in Alvan Ikoku Federal College of Education
• To what extent is Wireless Intrusion and Detection System used in Alvan
Ikoku Federal College of Education?

Hypotheses
• There is no significant importance of Intrusion Detection Systems to
Wireless Local Area Network in AIFCE.
• Wireless Intrusion Detection Systems do not improve network security of
AIFCE
• Wireless Intrusion and Detection System is not extensively used in Alvan
Ikoku Federal College of Education.

5
 CHAPTER TWO

REVIEW OF RELATED LITERATURE

This chapter focuses on reviewing literature related to the study. This will be
reviewed under the following sub-headings:

Conceptual Framework

Theoretical Framework

Empirical Framework and

Summary of Literature Review

CONCEPTUAL FRAMEWORK
Concept of Local Area Network

A Local Area Network (LAN) is a group of computers and associated devices that
share a common communications line or wireless link to a server. Typically, a Local
Area Network (LAN) encompasses computers and peripherals connected to a server
within a distinct geographic area such as an office or a commercial establishment.
Computers and other mobile devices use a LAN connection to share resources such
as a printer or network storage.

The increasing demand and use of computers in universities and research

laboratories in the late 1960s generated the need to provide high-speed
interconnections between computer systems. A 1970 report from the Lawrence
Radiation Laboratory detailing the growth of their "Octopus" network gave a good
indication of the situation.

Cambridge Ring was developed at Cambridge University starting in 1974. Ethernet

was developed at Xerox PARC between 1973 and 1974. ARCNET was developed

6
by Data point Corporation in 1976 and announced in 1977. It had the first
commercial installation in December 1977 at Chase Manhattan Bank in New York.

The development and proliferation of personal computers using the CP/M operating
system in the late 1970s, and later DENIAL OF SERVICE -based systems starting
in 1981, meant that many sites grew to dozens or even hundreds of computers. The
initial driving force for networking was generally to share storage and printers,
which were both expensive at the time. There was much enthusiasm for the concept
and for several years, from about 1983 onward, computer industry pundits would
regularly declare the coming year to be, “The year of the LAN”.

Concept of Wireless Local Area Network

Techopedia (www.techopedia.com) defines a Wireless Local Area Network

(WLAN) as a wireless distribution method for two or more devices that use high-
frequency radio waves and often include an access point to the Internet. A WLAN
allows users to move around the coverage area, often a home or small office, while
maintaining a network connection. A WLAN is sometimes call a Local Area
Wireless Network (LAWN). A Wireless Local Area Network (WLAN) is a wireless
computer network that links two or more devices using wireless communication
within a limited area such as a home, school, computer laboratory, or office building.
This gives users the ability to move around within a local coverage area and yet still
be connected to the network. Through a gateway, a Wireless Local Area Network
(WLAN) can also provide a connection to the wider Internet. Most modern WLANs
are based on IEEE 802.11 standards and are marketed under the Wi-Fi brand name.

In the early 1990s, WLANs were very expensive and were only used when wired
connections were strategically impossible. By the late 1990s, most WLAN solutions

7
and proprietary protocols were replaced by IEEE 802.11a and IEEE802.11n.
Wireless Local Area Network (WLAN) prices also began to decrease significantly.

Wireless Local Area Network (WLAN) should not be confused with the Wi-Fi
Alliance's Wi-Fi trademark. Wi-Fi is not a technical term, but is described as a
superset of the IEEE 802.11 standard and is sometimes used interchangeably with
that standard. However, not every Wi-Fi device actually receives Wi-Fi Alliance
certification, although Wi-Fi is used by more than 700 million people through about
750,000 Internet connection hot spots.

Every component that connects to a Wireless Local Area Network (WLAN) is

considered a station and falls into one of two categories: Access Points (APs) and
clients. APs transmit and receive radio frequency signals with devices able to receive
transmitted signals; they normally function as routers. Clients may include a variety
of devices such as desktop computers, workstations, laptop computers, IP phones
and other cell phones and Smartphone’s. All stations able to communicate with each
other are called Basic Service Sets (BSSs), of which there are two types: independent
and infrastructure. Independent Basic Service Sets (IBSS) exist when two clients
communicate without using APs, but cannot connect to any other BSS. Such
WLANs are called a peer-to-peer or an ad-hoc WLANs. The second BSS is called
an infrastructure BSS. It may communicate with other stations but only in other
BSSs and it must use APs.

Intrusion

Anderson (1980) in Padhi and Senapati (2011) defined an Intrusion an any

unauthorized attempt to access, manipulate, modify or destroy information or to
render a system unreliable. Intrusion detection attempts to detect these types of
activities.

8
Wiktionary defines intrusion as the forcible inclusion or entry of an external group
or individual; the act of intruding.

According To www.dictionary.com defines intrusion thus:

An illegal act of entering, seizing, or taking possession of another's property.

A wrongful entry after the determination of a particular estate, made before the
remainderman or reversioner has entered .

Detection

Detection, according to www.dictionary.com is defined as the discovery, as of error

or crime: chance detection of smuggling. In telecommunications detection is defined
as the rectification of alternating signal currents in a radio receiver. It is also the
conversion of an alternating, modulated carrier wave or current into a direct,
pulsating current equivalent to the transmitted information-bearing signal.

Intrusion Detection System

Jeff Dixon (2012) defines an Intrusion Detection System (IDS) as a device or

software application that monitors a network or systems for malicious activity or
policy violations. Any malicious activity or violation is typically reported either to
an administrator or collected centrally using a security information and event
management (SIEM) system. A SIEM system combines outputs from multiple
sources, and uses alarm filtering techniques to distinguish malicious activity from
false alarms.

While there are several types of IDS, ranging in scope from single computers to large
networks, the most common classifications are Network Intrusion Detection
Systems (NIDS) and Host-Based Intrusion Detection Systems (HIDS). A system that
monitors important operating system files is an example of Host-Based Intrusion

9
Detection Systems (HIDS), while a system that analyses incoming network traffic is
an example of a Network Intrusion Detection Systems (NIDS). It is also possible to
classify IDS by detection approach: the most well-known variants are signature-
based detection (recognizing bad patterns, such as malware) and anomaly-based
detection (detecting deviations from a model of "good" traffic, which often relies on
machine learning). Some IDS have the ability to respond to detected intrusions.
Systems with response capabilities are typically referred to as an intrusion
prevention system.

Wireless Security

Wireless Security, according to Wikipedia (en.m.wikipedia.org/wiki/wireless

security) is the prevention of unauthorized access or damage to computers using
wireless networks. The most common types of wireless security are Wired
Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is a
notoriously weak security standard. The password it uses can often be cracked in a
few minutes with a basic laptop computer and widely available software tools. WEP
is an old IEEE 802.11 standard from 1999, which was outdated in 2003 by WPA, or
Wi-Fi Protected Access. WPA was a quick alternative to improve security over
WEP. The current standard is WPA2; some hardware cannot support WPA2 without
firmware upgrade or replacement. WPA2 uses an encryption device that encrypts
the network with a 256-bit key; the longer key length improves security over WEP.
Enterprises often enforce security using a certificate -based system to authenticate
the connecting device, following the standard 802.1X.

Many laptop computers have wireless cards pre-installed. The ability to enter a
network while mobile has great benefits. However, wireless networking is prone to
some security issues. Hackers have found wireless networks relatively easy to break
into, and even use wireless technology to hack into wired networks. As a result, it is
10
very important that enterprises define effective wireless security policies that guard
against unauthorized access to important resources. Wireless Intrusion Prevention
Systems (WIPS) or Wireless Intrusion Detection Systems (WIDS) are commonly
used to enforce wireless security policies.

WLAN Security Objectives

Rupinder Singh Gill (2009) identified some security objectives that a WLAN should
provide to the network nodes. These include:

Confidentiality: The WLAN must provide strong confidentiality protection of data

transmitted over it. No unauthorized parties should be able to read the
communication between two legitimate WLAN nodes.

Integrity: The WLAN must be able to detect any changes that happen to the data in
transit, both intentional and unintentional.

Availability: The WLAN and its resources should be accessible to all individuals
and devices on demand. WLAN should prevent or at least mitigate against attacks
on the usability of the network such as denial of service attacks.

Access Control: The WLAN should restrict the rights of the devices and individuals
to access the network and its resources. The identities of WLAN nodes should be
established and verified using strong authentication.

Wireless Intrusion Detection Systems

Wireless Intrusion Detection Systems (IDSs) can be purchased through a vendor or

developed in-house. There are currently only a handful of vendors who offer a
wireless IDS solution - but the products are effective and have an extensive feature
set. Popular wireless IDS solutions include Airdefense RogueWatch and Airdefense
Guard (Yu-Xi Lim, Tim Schmoyer, John Levine, Henry L. Owen 2003) and Internet

11
Security Systems Real-secure Server sensor and wireless scanner products (Internet
Security Systems Wireless Products). A homegrown wireless IDS can be developed
with the use of the Linux operating system, for example, and some freely available
software. Open source solutions include Snort among others.

Architecture

A wireless IDS can be centralized or decentralized. A centralized wireless IDS is

usually a combination of individual sensors which collect and forward all 802.11
data to a central management system, where the wireless IDS data is stored and
processed. Decentralized wireless intrusion detection usually includes one or more
devices that perform both the data gathering and processing/reporting functions of
the IDS. The decentralized method is best suited for smaller (1-2 WAP) WLANs
due to cost and management issues. The cost of sensors with data processing
capability can become prohibitive when many sensors are required. Also,
management of multiple processing/reporting sensors can be more time intensive
than in a centralized model.

WLANs typically encompass a relatively large physical coverage area. In this

situation, many WAPs can be deployed in order to provide adequate signal strength
to the given area. An essential aspect of implementing a wireless IDS solution is to
deploy sensors wherever a WAP is located. By providing comprehensive coverage
of the physical infrastructure with sensors at all WAP locations, the majority of
attacks and misuse can be detected. Another benefit of positioning the sensors in
close proximity to the WAPs is the enhanced ability to physically pinpoint the
geographical location of an attacker.

12
Threat Detection

According to Jamil Farshschi (2003), a wireless IDS can also aid in the detection of
a number of attacks. Not only can a wireless IDS detect rogue WAPS, identify non-
encrypted 802.11 traffic, and help isolate an attacker's physical location, as
mentioned earlier - a wireless IDS can detect many of the standard (and not-so
standard) wireless attacks and probes as well (LURHQ Threat Intelligence Group)

In an effort to identify potential WAP targets, hackers commonly use scanning

software. Hackers or curious individuals will use tools such as Netstumbler or
Kismet to map out a given area's WAPs. Used in conjunction with a Global
Positioning System (GPS) these scans not only locate WAPs, but also log their
geographical coordinates. These tools have become so popular that there are web
sites dedicated to mapping the world's WAP geography. A wireless IDS can detect
these and other scans, helping to improve awareness of the threats to the WLAN.

Types of Intrusion Detection Systems

Intrusion Detection systems fall into two broad categories. These are:

Network Based Systems: These types of systems are placed on the network, nearby
the system or systems being monitored. They examine the network traffic and
determine whether it falls within acceptable boundaries.

Host Based Systems: These types of systems actually run on the system being
monitored. These examine the system to determine whether the activity on the
system is acceptable.

There are also recent types of intrusion detection system: Those that reside in the
operating system kernel and monitor activity at the lowest level of ,’1the system.

13
These systems have recently started becoming available for a few platforms, and are
relatively platform specific.

Network Based Intrusion Detection

Network Based Intrusion Detection Systems are those that monitor traffic on the
entire network segment. A Network Interface Card (NIC) can operate in one of two
modes, these being:

Normal Mode: where packets which are destined for the computer (as determined
by the ethernet or MAC address of the packet) are relayed through to the host system.

Promiscuous Mode: where all packets that are seen on the ethernet are relayed to
the host system.

A network card can normally be switched from normal mode to promiscuous mode,
and vice-versa, by using a low-level function of the operating system to talk directly
to the network card to make that change. Network based intrusion detection systems
normally require that a network interface card is in promiscuous mode.

Host Based Intrusion Detection

Once a network packet has arrived at the host that it was intended for, there is still
available a third line of defence behind the firewall and network monitor. This is
called "host based intrusion detection", and comes in several flavours.

The two main types of host based intrusion detection are:

Network monitors: These monitor incoming network connections to the host, and
attempt to determine whether any of these connections represent a threat. Network
connections that represent some kind of intrusion attempt are acted on. Note that this
is different to network based intrusion detection, as it only looks at network traffic

14
coming to the host it is running on, and not all traffic passing the network. For this
reason it does not require promiscuous mode on the network interface.

Host monitors: These monitor files, file systems, logs, or other parts of the host
itself to look for particular types of suspicious activity that might represent an
intrusion attempt (or a successful intrusion). Systems administration staff can then
be notified about any problems that are found.

Monitoring Incoming Connections

It is possible on most hosts to monitor packets that attempt to access the host before
those packets are passed onto the networking layer of the host itself. This mechanism
attempts to protect a host by intercepting packets that arrive for the host before they
can do any damage.

Kernel Based Intrusion Detection

Kernel based intrusion detection is a relatively new art form, and one that is starting
to become prevalent, especially within Linux.

There are two main kernel based intrusion detection systems currently available for
Linux. These are OpenWall and LIDS. These systems take the approach of
preventing buffer overflows, increasing file system protection, blocking signals, and
generally making it difficult for an attacker to compromise a system. LIDS also takes
steps to prevent certain actions by the root user, such as installing a packet sniffer or
changing firewall rules.

Kernel Protection Vs File System Monitoring

Obviously, systems like LIDS and systems such as Tripwire take a rather different
approach to attempting to achieve the same thing. Both of these packages attempt to
prevent a cracker from using the system for unauthorised purposes.

15
At first glance, one might think that a system such as Tripwire is less than perfectly
useful. While it is a Good Thing to monitor file systems for signs of abuse, it is
readily accepted that once your system has been compromised by an external
intruder, it is time to shut down and rebuild. The damage has been done, and the
system integrity cannot be guaranteed so it is best to re-build your operating system
from the pristine version supplied on CD from your vendor. The approach offered
by LIDS seems much more attractive - to protect the system from damage rather
than to note that the gate was left open after the horse has bolted, so to speak.

Although I tend to agree with this analysis in principle, there is a stronger level of
security offered by running both LIDS and Tripwire together. While LIDS is
exceptional in its capability to protect the file system, it is worth using a file system
monitoring package such as Tripwire as an "independent" auditor, in the event that
an exceptionally knowledgeable hacker should manage to somehow defeat LIDS.

Wireless IDS Drawbacks

The benefits to a wireless IDS are numerous, but there are several drawbacks to
consider before deploying such a system. Wireless intrusion detection is a rather new
technology. Caution should be taken before applying any new technology to an
operational network. Because the technology is new, there may be bugs, or worse
vulnerabilities which could potentially weaken the WLAN security. Wireless
Intrusion Detection System technology is developing at a rapid pace though, and this
caveat may not be a deterrent in the future. A potential turn-off to a wireless IDS
solution may be cost.

The expense of the vendor solutions may be prohibitive. In such a case, a home-
grown solution can be developed, but this approach may prove costly as well due to
the extensive human capital that may be required to develop such a solution. Also,

16
the cost of the wireless IDS solution (vendor-based or home-grown) will grow in
conjunction with the size of the WLAN to be monitored, due to the requirement for
a greater number of sensors. Therefore, the larger the WLAN, the more expensive
the wireless IDS deployment will be.

A wireless IDS is only as effective as the individuals who analyse and respond to
the data gathered by the system. A wireless IDS, like a standard IDS, can require
vast human resources to analyse and respond to threat detection. In fact, it can be
argued that a wireless IDS will require more human resources than a standard IDS
because with a wireless IDS, individuals will be required to both attend to the logical
(alert data) and physical aspects (finding and catching the hackers) of an attack.
While the technology is still relatively new, the costs may be prohibitive, and the
human capital outlay may be higher than that of a standard IDS, a wireless IDS can
still prove to be a beneficial component of a security solution.

Theoretical Framework

This study will rely on the Game Theory, a mathematical model that enables the
analysis of the interactions between several decision makers (called players) who
can have conflicting or common objectives (Bacci G., Lasaulce S., Saad, W., &
Sanguinetti L. 2015)

The Game Theory

Game Theory is a branch of mathematics that enables the modelling and analysis of
the interactions between several decision makers (called players) who can have
conflicting or common objectives. A game is a situation in which the benefit or cost
achieved by each player from an interactive situation not only depends on its own
decisions but also on those taken by the other players. In a game, the actions and
objectives of the players are tightly coupled. The interactions that take place in a

17
network can often be modelled as a game, in which the network nodes are the players
that compete or form coalitions to get some advantage and enhance their quality of
service.

Animesh Patcha and Jung-Min Park (2005) in their paper, gave some assumptions
that one makes while formulating a game as:

• There are at least two players in a game and each player has two or more well-
specified choices or sequences of choices
• Every possible combination of plays available to the players leads to a well-
defined end-state (win, loss, or draw) that terminates the game.
• Associated with each possible outcome of the game is a collection of numerical
payoffs. These payoffs represent the value of the outcome to the different players
• All decision makers are rational; that is, each player, given two alternatives, will
select the one that yields the greater payoff.

They categorized Game theory into cooperative game theory and non-cooperative
game theory but focused on Non-Cooperative Game Theory as it relates to intrusion
detection. Non-cooperative games can also be classified as complete information
games or incomplete information games, based on whether the players have
complete or incomplete information about their adversaries in the game. Here,
information denotes the payoff-relevant characteristics of the adversaries. In a
complete information game, each player has complete knowledge about his/her
adversary’s characteristics, strategy paces and so on.

The interaction between an attacker and a host-based Intrusion Detection System is

a dynamic two-player non-cooperative game with incomplete information. In a non-
cooperative game with incomplete information, some of the players have some
private information before the beginning of the game.

18
In the intrusion detection game, the objective of the attacker is to send a malicious
message from some attack node with the intention of attacking the target node. The
intrusion is deemed successful when the malicious message reaches the target
machine without being detected by the Host IDS. We assume that an intrusion is
detected and the intruding node is blocked when a message sent by a probable
intruder is intercepted and the Host IDS can say with certainty that the message is
malicious in nature. Wireless Intrusion Detection Systems are frameworks that are
designed and have been deployed to assess what happens beyond the firewall and
either take direct action when problems crop up or alert network security
administrators or team members of a looming breach in wireless network security.

Empirical Framework
A number of studies have been conducted to investigate on Intrusion and Detection
systems and strategies for wireless networks.

Rupinder Singh Gill (2009) made a similar research (thesis) on “Intrusion Detection
Techniques in Wireless Local Area Networks”. The research was carried out to
investigate wireless intrusion and detection techniques for detecting attacks on IEEE
802.11i Robust Secure Networks (RSNs). The research proposed novel intrusion
detection strategies with which to tackle the requirements for monitoring network
security and also studied the correlation of the generated alarms across wireless
intrusion detection systems (WIDS) sensors and the detection strategies or
techniques for greater reliability. After the research had been carried out, it was
concluded that despite using a number of preventive security measures, IEEE 802.Iii
RSNs still suffers from multiple vulnerabilities that can be exploited by an adversary
to launch attacks against them, hence the need for using a monitoring framework as
a second layer of defense for WLANs. Such a monitoring capability can be
19
implemented using a wireless intrusion detection system. The research thesis
developed wireless intrusion detection techniques that could be applied extensively
to any radio communication network.

Ibrahim Al-Shourbaji & Samalor Al-Janabi (2017) made a similar research on

“Intrusion Detection and Prevention Systems in Wireless Networks”. The research
sought to give an overview description of Intrusion Detection and Prevention
Systems (IDPS) technology on how it can be used to monitor and analyze signal for
any intrusion or infiltration. They gave a description of IDPs and their core
functions, the primary types of intrusion detection mechanisms and some of their
limitations. In summary, they stated that Wireless Networks represent the next wave
of networking because of their relevance in assisting in a growing information
oriented society, but presents many challenges in regard to application, software,
hardware, network designers and implementers. They also stated in the research that
unauthorized access, Denial of Service (DoS), Distributed Denial of Service
(DDoS), Man-in-the-Middle, Jamming and Medium Access Control (MAC)
Address Spoofing are the primary concerns/challenges to wireless networks.

Summary of Literature Review

Wireless Intrusion and Detection Systems (WIDS) are a very vital element in
wireless network security, without which the network will be so porous, lacking the
tool with which to measure and detect intrusions and security breaches. Not only can
the wireless intrusion detection systems increase network security, it also can
complement traffic analyzers to monitor Wireless Local Area Network performance,
providing valuable insight for troubleshooting whenever performance issues are
detected. (Lisa Phifer 2006). It is possible, using the most up to date tools that are

20
available, to protect against virtually every type of threat that is currently known
about.

Network Security administrators in Higher Education Institutions managing the

institution’s WLAN should be aware and keep abreast of the threats to the
institution’s wireless network security as it is important in any environment to know
what types of threats you might be facing. Be aware of any potential security holes
in your system, and take care to prevent attacks against these. For example, a web
server that is connected to the internet and placed behind a firewall may be
reasonably secure against most packet based attacks, but a CGI program on the
server might expose vulnerability. Pay special attention to ensuring that CGI
programs correctly bounds check all arrays and validates input data before
processing. An intrusion detection program between the firewall and the web server
might configured to throw out any accesses that are suspicious; while there are
drawbacks to implementing a wireless intrusion detection system in Higher
Education Institutions, the benefits will most likely prove to outweigh the challenges
or drawbacks encountered when fully implemented.

21
 CHAPTER THREE

RESEARCH METHODOLOGY

This chapter is presented under the following sub-headings: Design of the Study,
Area of the Study, Sample and Sampling Technique, Instrument for Data Collection,
Validity of Instrument, Reliability of Instruments, Administration of the Instrument,
Method of Data Analysis.

Design of the Study

This research is designed to evaluate wireless intrusion and detection strategies for
higher education institution WLAN. This research employed the descriptive survey
method (Non-experimental design).

Area of the Study

The area of the Study is Alvan Ikoku Federal College of Education, Owerri. Alvan
Ikoku Federal College of Education is located in Owerri, the capital of Imo State,
Nigeria. The Educational Institution was established in April, 1963 as the Advanced
Teachers Training College by the defunct Eastern Nigeria Government on the
grounds of the Old Shell Camp, Owerri. It has since expanded across the Orlu Road
on the Nworie River. It awards the National Certificate in Education (NCE) and the
Professional Diploma in Education (PDE) and, in affiliation, with the University of
Nigeria, Nsukka, awards the Bachelor of Education Degrees (B. Ed) in various
subject area since 1984. They started the Bachelor of Science Degree in Computer
Education (B.Sc) programme in the year 2000.

22
The Institution has six schools which include the:

School of Agriculture and Vocational Studies

School of Arts

School of Education

School of Sciences

School of Social Sciences

School of General Studies

The educational institution also has an ICT/MIS Centre with was set up/established
on the 29th of October, 2013. The ICT Centre is a Service unit which is responsible
for students’ biographic and demographic data, staff data management, staff and
student training, and offers advisory ICT services to the College management. The
ICT/MIS Centre has a Director and Deputy Director, who manage its day-to-day
running. The Centre also has staff from all disciplines of ICT who help ensure the
centre functions as it should. The ICT training lab is equipped with fifty computers
and networked through wireless connections.

Population of the Study

The population of the study comprises of all ICT Personnel Alvan Ikoku Federal
College of Education ICT/MIS Centre. According to data gotten from
https://www.alvanikoku.edu.ng/ the-college-ict-centre, the number of personnel are
about 25 personnel.

23
Sample and Sampling Technique
Since the population is small, the whole population will be used to carry out the
research.

Instrument for Data Collection

The instrument for data collection for this study is a questionnaire on “Extent of Use
of Intrusion Detection System”. Section A of the instrument was used to gather
personal data, while section B was designed to elicit information on the respondent’s
knowledge and extent of use of intrusion detection system to secure the wireless
networks.

Method of Data Collection

The instrument will be administered to respondents face to face by the researcher
and will collect the questionnaires after completion by the respondents to avoid loss
of questionnaires.

Validation of the Instrument

The instrument was validated by the supervisor who read and approved it. Necessary
corrections were also made by the supervisor before its approval.

24
 CHAPTER FOUR

DATA PRESENTATION AND ANALYSIS OF DATA

In this chapter, the researchers present the result for the analysis. The presentation is

done using the research question as follow below.

Research 4.1: Responses on the Importance of Intrusion Detection System to

Wireless Network in Alvan Ikoku Federal. College of Education.

Table 4.1: Responses on the Importance of Intrusion Detection System to Wireless

Network in Alvan Ikoku Fed. College of Education

S/N ITEM SA A D SD Σx X Remark

1. It boosts the efficiency of the 5 5 10 5 25 2.4 Reject
network 20 15 20 5 64
2. It assists experts in ensuring 5 11 8 1 25 2.8 Accept
security of the wireless network 20 33 16 1 70
3. It prevents unauthorized access 11 11 3 - 25 3.32 Accept
to a network 44 33 6 - 83
4. It alerts network administrators 7 11 5 2 25 2.92 Accept
in the case of suspected attempt 28 33 10 2 73
to intrude into the network
5. Data from a Wireless Intrusion 6 14 3 2 25 2.96 Accept
and Detection system can be 24 42 6 2 74
analyzed to identify bugs or
network configuration problems

𝛴𝑥 2.4+2.8+3.32+2.92+2.96
Average mean score, x = 𝑁
= 5
= 2.88, accepted.

Table 4.1 above contains items 1 to 5 with mean scores of 2.4, 2.8, 3.32, 2.92 and

2.96respectively from the opinions of the respondents. Mean score of 2.4 indicated

that respondents rejected that intrusion detection system assit expertsin ensuring
25
 security of the wireless network. The mean score of 3.32 reveals acceptance of the

respondents that intrusion detection systems prevent unauthorized access to a

network. The mean score of 2.92 show that the respondents accept that intrusion

detection system alerts network administrators in the case of suspected attempt to

intrude into the network. The mean score of 2.96 reveal acceptance that data from

intrusion detection systems can be analysed to identify bugs or network

configuration systems. The average mean, when calculated, gave a value of 2.88,

which is above the cut off mark of 2.5 for which we accept that intrusion detection

system is important to wireless network.

Research Question 2: What are the Security Impacts of Wireless Intrusion

Detection Systems on Network in Alvan Ikoku Federal College of Education

Table 4.2: Responses on the security impacts of Intrusion Detection System on

Network in Alvan Ikoku Federal College of Education

S/N ITEM SA A D SD Σx X Remark

6. The use of WIDS has increased 9 10 3 3 25 3.0 Accept
security in the wireless network by
36 30 6 3 75
detecting and preventing intrusion
into the network
7. WIDS has increased confidentiality of 12 8 4 1 25 3.24 Accept
data/resources within the network
48 24 8 1 81

26
8. WIDS has reduced the risk of 7 7 10 1 25 2.8 Accept
unauthorized manipulation of
28 21 20 1 70
data/resources within the network
9. WIDS has increased ready availability 3 6 9 7 25 2.2 Reject
of data/resources
12 18 18 7 55
10. WIDS has made it easier for 5 6 7 7 25 2.36 Reject
legitimate users to access
20 18 14 7 59
data/resources appropriately.

3.0+3.24+2.8+2.2+2.36 13.76
Average mean score = = = 2.75 = 2.8
5 5

Table 4.2 above contains items 6-10 with mean scores of 3.0, 3.24, 2.8, 2.2 and 2.36

respectively. Mean score of 3.0 shows that the use of Intrusion Detection System has

increased security in the wireless network by detecting and preventing intrusion into

the network. The mean score of 3.24 shows that Intrusion Detection System has

increased confidentiality of data/resources within the network. The mean score of

2.8 reveals acceptance of the respondent that Intrusion Detection System has reduced

the risk of unauthorized manipulation of data/resources within the network. The

mean score of 2.2 shows that the respondents reject that Intrusion Detection System

has increased ready availability of data/resources and the mean score of 2.36 shows

rejection of the respondents that Intrusion Detection System has made it easier for

legitimate users to access data/resources appropriately. The average mean value of

2.8 is above the cut off mark of 2.5, therefore, it is accepted that intrusion detection

27
system shave security impact on network in Alvan Ikoku Federal College of

Education.

Research Question 3: Is Wireless Intrusion Detection Systems used to Secure

Wireless Network in Alvan Ikoku Federal College of Education ICT Resource

Centre

Table 4.3: Responses on the Use of Wireless Intrusion Detection System

S/N ITEM SA A D SD Σx X Remark

11. The ICT resource centre has 5 12 6 2 25 2.8 Accept
trained personnel that 20 36 12 2 70
administrate the wireless network
using Intrusion Detection tools

12. The ICT resource centre uses 5 5 10 5 25 2.4 Reject

Snort as one of its network 20 15 20 5 60
Intrusion Detection tools

13. The ICT resource centre network 4 7 10 4 25 2.44 Reject

administrators use Analysis tools 16 21 20 4 61
like ELSA, Squert, Squil etc for
Network Performance Analysis

14. The ICT resource centre uses 11 10 2 2 25 3.2 Accept

Host based monitors to check for 44 30 4 2 80
files, file system, logs, etc in
order to detect suspicious activity
in the network
15. The ICT Resource Centre uses 7 10 6 2 25 2.88 Accept
Network Monitors to ascertain 28 30 12 2 72
the network performance and
monitor traffic

28
 2.8+2.4+2.44+3.2+2.88 13.72
Average mean score = 5
= 5
= 2.74

Table 4.3 above contains 5 items, 11-15 with mean scores of 2.8, 2.4, 2.44, 3.2 and

2.88 respectively. The mean score of 2.8 shows that the respondent accept that there

are trained personnel in the ICT resource centre that administrate the wireless

network using intrusion detection tools. The mean score of 2.4 shows rejection by

the respondents that the ICT centre uses Snort as one of its network Intrusion

Detection tools. The mean score of 2.44 shows that the respondents rejected that the

ICT resource centre network administrators use Analysis tools like ELSA, Squert,

Squid for network Performance Analysis. The mean score of 3.2 shows that the

respondents accept that the ICT resource centre uses Host based monitors to check

for files, file systems, logs, etc. in order to detect suspicious activity in the network.

The mean score of 2.88 reveals acceptance by the respondents that the ICT resource

centre uses network monitors to ascertain the network performance and monitor

traffic. The average mean value of 2.74 is greater than the cut off mark of 2.5,

therefore, we accept that Wireless Intrusion Detection System is used to secure

wireless network in Alvan Ikoku Federal College of Education ICT Resource Centre.

29
 CHAPTER FIVE
DISCUSSION OF FINDINGS, EDUCATIONAL IMPLICATION,
CONCLUSION, RECOMMENDATION, LIMITATION OF THE STUDY,
SUGGESTIONS FOR FURTHER STUDIES AND SUMMARY

Discussion of Findings
The findings of research work through the data collected and analysed in chapter
four are interpreted and discussed one after the other in the chapter. Conclusion is
drawn based on the interpretations. The educational implication of the study,
recommendations and limitation of the study are also presented.

Research Question One: Of what importance is an intrusion detection system

to Wireless Network in Alvan Ikoku Federal College of Education?

From the data collected ad analysed in table 4.1, t shows that wireless intrusion
detection is of importance to the network. It was accepted that it assists experts in
ensuring security of the wireless network, it prevents unauthorized access to a
network, it alerts network administrators in the case of suspected attempt to intrude
into the network due to mean scores of 2.8, 3.32, 2.92 and 2.96 respectively. It was
further rejected that it boosts the efficiency of a network due to the mean score of
2.4 which is below the average mean value of 2.5

Research Question Two: what are the security impacts of wireless intrusion
detection systems on Network in Alvan Ikoku Federal College of Education?

From the analysis o data in table 4.2, it was accepted that the use of wireless intrusion
detection system has increased security of in the wireless network by detecting or
preventing intrusion into the wireless network. Wireless intrusion detection system
has increased confidentiality of data/resources within the network, wireless intrusion
detection system has reduced risk of unauthorized manipulation of data/resources

30
within the network with mean scores of 3.0, 3.24 and 2.8 respectively. It was rejected
that wireless intrusion detection system has increased ready availability of resources
and that wireless intrusion detection system has made it easier for legitimate users
to access data/resources appropriately, with mean scores of 2.2 and 2.36
respectively, which are below the average mean value of 2.5.

Research Question 3: Is wireless intrusion detection system used to secure

wireless network in alvan Ikoku Federal College of Education ICT resource
centre?

From the analysis of data from table 4.3, it shows that the ICT resource centre has
trained personnel and staff that administrate the wireless network using intrusion
detection tools which was accepted, having a mean of 2.8, it was rejected that the
ICT resource centre uses Snort as one of its network intrusion detection tools, having
a mean score of 2.4. it was also rejected that the ICT resource centre network
administrators use Analysis tools like ELSA, Squert, Sguil, etc for network
performance analysis due to a mean score of 2.44. it was further accepted that the
ICT resource centre uses Host Based monitors to check for files, file systems, logs,
etc. in order to detect suspicious activity in the network and that the ICT resource
centre and monitor traffic, having mean scores of 3.2 and 2.88 respectively.

Educational Implication of the Study

The findings from this research work proved that wireless intrusion detection system
is important to be employed in higher education institution’s wireless network. The
following are the implications of this research.

31
 • Wireless Network administrators should be available to administer wireless
intrusion detection systems on the network.
• There should be regular checks on the wireless intrusion detection system to
attend to alerts of activity.
• There should be frequent analysis of the data from wireless intrusion detection
system to check for the performance of the network.
• All nodes in the network should have host based monitors in order to increase
network security and ensure validity and confidentiality of student-related or
school-related data/resources in the network.

Recommendation
• There should be provision of wireless intrusion systems across the ICT to
monitor and secure student and other related files and data.
• Network administrators should be trained regularly and kept abreast of
contemporary intrusion detection tools
• Wireless intrusion detection tools should be updated regularly so as to
improve and keep up with contemporary wireless security.
• All computers/nodes used within the school that has its source from the central
wireless local area network should have host-based monitors installed into
them, to avoid introduction of foreign materials like viruses into the network
or eavesdropping into the institution’s confidential files/resources.

Suggestion for Further Studies

This work is by no means complete. It is an effort only within the Alvan Ikoku
Federal College of Education ICT Centre/MIS unit. Other schools’ wireless
networks should be investigated or researched on to ascertain if wireless intrusion
detection systems are in use.

32
Limitation of the Study
In carrying out this study, certain challenges militated against swift execution of the
research work. The respondents were very busy staff of the ICT/MIS Unit and had
little or no time to spare to attend to the questionnaires though they finally did,
though some were very reluctant. Financial constraints were also encountered.

Summary
The research intended to evaluate intrusion detection system for higher education
institution’s wireless local area network. In carrying out the research work, three (3)
research questions were adopted with the target population being all staff from the
ICT/MIS Unit. Simple mean score was used for the data analysis.

Within the limited resources at the researchers’ disposal, the research was carried
out intensively on the ICT Resource Centre/MIS Unit of the College and it was found
out from the research that intrusion detection systems are of importance to higher
education institutions’ wireless local area network.

33
REFERENCES
Al-Janabi S. and Alshourbaji I. (2017) Intrusion Detection and Prevention Systems.
Kurdistan Journal for Applied Research, Volume 2, Issue 3, August 2017.

Animesh Patcha and Jung-Min Park (2006) A Game Theoretic Formulation for
Intrusion Detection in Mobile Ad Network. International Journal of Network
Security, Vol. 2, NO. 2, Pp. 131-, Mar. 2006 (http://isrc.nchu.edu.tw/ijns/)

Bacci G., Lasaulce S., Saad, W., & Sanguinetti L. (2015). Game Theory for
Networks: A tutorial on game-theoretic tools for emerging signal processing
applications. IEEE Signal Processing Society ieeexplore.ieee.org/document
/7366693.

Crescenzo, G. D., Gihosh A. & Talpade R. (2005) Towards a Theory of Intrusion

Detection. Telcordia Technologies, Piscataway, NJ, USA.

Dixon, J. (2005) Wireless Intrusion Detection Systems including incident response

& wireless policy.

Game theory applications in wireless networks: A survey © 2018 Cornell University

Huang, M.Y., Jasper, R.J., (1999) A Large Scale Distributed Intrusion Detection
Framework based on Attack Strategy Analysis, Computer Networks, pp. 2465-2475.

Kachirsk, O., Guha, R., “Effective Intrusion Detection using Multiple Sensors”,
Proceedings of the 36th Hawaii International Conference on System Sciences – 2003
in Wireless Ad Hoc Networks.

Liang, X. and Xiao Y. (2013) Game Theory for Network Security. IEEE
Communications Surveys & Tutorials, vol. 15 No. 1

34
Patil, M. R., Patil, M R. and Ramakrishnan K.V. (2009) Techniques of Wireless
Intrusion Detection System: T-WIDZ. Computer Science and Engineering
Department, BHSFGC Vijaya College, Bangakore, India.

Sardar, T. H., Ansari Z., Khan A. (2014) A Methodology for Wireless Intrusion
Detection System. Internal Journal of Computer Applications (0975-8887).
International Conference on Information and Communication Technologies (ICIT-
2014).

Senapati D., & Padhi, D. (2011). An Approach to Wireless Intrusion Detection

System for Wireless Network basedon Multiagent System of Ant Colony
Optimization Algorithm. IJA Special Issue on “2nd National Conference-
Computing, Communication and Sensor Network” CCSN, 2011.

Wikipedia:en.m.wikipedia.org/wiki/Alvan_Ikoku_Federal_College_of_Education.

35