Lightweight Portable Intrusion Detection System for Auditing Applications : Implementation and evaluation of a lightweight portable intrusion detection system using Raspberry Pi and Wi-Fi Pineapple

Abstract: The goal of this thesis was to develop, deploy and evaluate a lightweight portable intrusion detection system (LPIDS) over wireless networks. The LPIDS was developed by adopting two different string matching algorithms: Aho-Corasick algorithm and Knuth–Morris–Pratt algorithm (KMP). The LPIDS was implemented and tested on the hardware platforms Wi-Fi Pineapple and Raspberry Pi. To evaluate and test the LPIDS as well as the algorithms, performance metrics such as throughput, response time and power consumption are considered. The experimental results reveal that Aho-Corasick performed better than KMP throughout the majority of the process, but KMP was typically faster in the beginning with fewer rules. Similarly, Raspberry Pi shows remarkably higher performance than Wi-Fi Pineapple in all of the measurements. Moreover, we compared the throughput between LPIDS and Snort. It was concluded that the throughput was significantly higher for LPIDS when most of the rules do not include content parameters. This thesis concludes that due to computational complexity and slow hardware processing capabilities of Wi-Fi Pineapple, it could not become suitable IDS in the presence of different pattern matching strategies. Finally, we propose a modification of Snort to increase the throughput of the system.