A lightweight portable intrusion detection communication system for auditing applications

Summary The goal of this paper is to develop, deploy, test, and evaluatea a lightweight portable intrusion detection system (LPIDS) over wireless networks by adopting two different string matching algorithms: Aho‐Corasick algorithm and Knuth‐Morris‐Pratt algorithm (KMP). Thus, this research contributes in three ways. First, an efficient and lightweight IDS (LPIDS) is proposed. Second, the LPIDS was developed, implemented, tested, and evaluated using Aho‐Corasick and KMP on two different hardware platforms: Wi‐Fi Pineapple and Raspberry Pi. Third, a comparative analysis of proposed LPIDS is done in terms of network metrics such as throughput, power consumption, and response time with regard to their counterparts. Additionally, the proposed LPIDS is suggested for consultants while performing security audits. The experimental results reveal that Aho‐Corasick performs better than KMP throughout the majority of the process, but KMP is typically faster in the beginning with fewer rules. Similarly, Raspberry Pi shows remarkably higher performance than Wi‐Fi Pineapple in all of the measurements. Moreover, we compared the throughput between LPIDS and Snort, it is observed and analyzed that former has significantly higher throughput than later when most of the rules do not include content parameters. This paper concludes that due to computational complexity and slow hardware processing capabilities of Wi‐Fi Pineapple, it could not become suitable IDS in the presence of different pattern matching strategies. Finally, we propose modification of Snort to increase the throughput of the system.