📘 Wireless Intrusion Detection (WIDS) — Exam Notes (Network Security)
📡 1. Definition
Wireless Intrusion Detection System (WIDS) is a security system that monitors wireless networks (Wi-Fi) to detect unauthorized access, attacks, and suspicious activity.
👉 Simple idea:
WIDS is like a security guard for Wi-Fi networks that watches for intruders and alerts administrators.
🎯 2. Objectives of Wireless Intrusion Detection
- Detect unauthorized wireless access
- Identify malicious activities in Wi-Fi networks
- Monitor rogue access points
- Prevent data theft and sniffing
- Improve overall wireless security
🧱 3. How WIDS Works
- Continuously monitors wireless traffic
- Collects data from access points and clients
- Compares activity with known attack patterns
- Detects anomalies or suspicious behavior
- Sends alerts to administrators
👉 Important: WIDS does NOT block attacks, it only detects them.
⚠️ 4. Types of Wireless Intrusion Detection Systems
🔹 1. Host-Based WIDS (HIDS-WiFi)
- Installed on individual devices
- Monitors local wireless activity
✔ Good for endpoint security
🔹 2. Network-Based WIDS (NIDS-WiFi)
- Monitors entire wireless network
- Uses sensors placed around access points
✔ Most commonly used
🔹 3. Standalone WIDS
- Dedicated system for intrusion detection
- Independent of access points
🔹 4. Integrated WIDS
- Built into wireless access points or controllers
🔍 5. What WIDS Detects
🔸 Rogue Access Points
- Unauthorized Wi-Fi devices connected to network
🔸 Evil Twin Attacks
- Fake access points imitating real Wi-Fi
🔸 Unauthorized Clients
- Unknown devices trying to connect
🔸 Packet Sniffing
- Capturing wireless traffic
🔸 DoS/DDoS Attacks
- Flooding wireless network
🔸 MAC Spoofing
- Fake MAC addresses used to bypass security
🧠 6. Detection Techniques
🔹 Signature-Based Detection
- Matches known attack patterns
✔ Accurate for known threats
🔹 Anomaly-Based Detection
- Detects unusual behavior compared to normal usage
✔ Can detect new attacks
❌ May generate false alarms
🔹 Hybrid Detection
✔ More reliable
🛡️ 7. WIDS vs WIPS
| Feature |
WIDS |
WIPS |
| Function |
Detects attacks |
Detects + Prevents attacks |
| Action |
Alerts only |
Blocks attacks |
| Response |
Passive |
Active |
| Usage |
Monitoring |
Protection |
🔐 8. Advantages of WIDS
- Early detection of attacks
- Identifies rogue access points
- Improves network visibility
- Enhances wireless security
- Helps forensic analysis
❌ 9. Limitations of WIDS
- Does not prevent attacks (only detection)
- May produce false alerts
- Requires continuous monitoring
- Can be expensive in large networks
📊 10. Important Concept
🔸 WIDS Rule
If Wireless Activity ≠ Normal Pattern → Raise Alert
🖼️ 11. Diagram Descriptions
📌 WIDS Architecture
- Wireless devices → Access Points → WIDS sensor → Admin console
📌 Rogue AP Detection
- Fake access point detected by WIDS sensors
📌 Attack Monitoring Flow
- Traffic → Analysis → Detection → Alert
🧾 12. Real-Life Examples
- 🏢 Companies detecting rogue Wi-Fi hotspots
- 🎓 Universities monitoring campus wireless networks
- 🏦 Banks securing wireless communication
- 🌐 Airports detecting fake Wi-Fi access points
📝 Likely Exam Questions
- Define Wireless Intrusion Detection System (WIDS).
- What are the objectives of WIDS?
- Explain working of WIDS.
- Differentiate between WIDS and WIPS.
- What types of attacks can WIDS detect?
- Explain signature-based and anomaly-based detection.
- What is a rogue access point?
- Describe advantages and limitations of WIDS.
- What is hybrid detection in WIDS?
- Write short notes on:
- Evil twin attack
- MAC spoofing
- Network-based WIDS
📌 Quick Summary / Conclusion
- WIDS is used to detect attacks in wireless networks.
- It monitors Wi-Fi traffic and identifies rogue devices and malicious activities.
- It uses signature, anomaly, and hybrid detection methods.
- WIDS is passive (detects only), while WIPS also prevents attacks.
👉 In short:
Wireless Intrusion Detection System helps secure Wi-Fi networks by detecting and alerting administrators about suspicious or malicious activities.