<![CDATA[Purpose – This study implements a hybrid deception–detection approach by integrating Snort IDS and the Dionaea honeypot, supported by the ELK Stack for centralized monitoring and visualization within a wireless school network environment. The proposed approach provides a practical and low-cost security monitoring solution for educational institutions with limited cybersecurity resources.Design/methods/approach – The research method involved literature review, system design, implementation, and testing using simulated port scanning, brute force, and Denial of Service (DoS) attack scenarios. Snort IDS was configured to detect suspicious network traffic, while Dionaea operated as a decoy service to record attacker interactions. Generated alerts and interaction logs were centralized and visualized through the ELK Stack.Findings – The implementation results show that the proposed system generated alerts and interaction logs for all simulated attack scenarios within the controlled experimental environment. Snort IDS generated 2,928 port scanning alerts, 426 brute force alerts, and 3,428 DoS alerts, while Dionaea recorded 493 FTP interaction logs. The ELK Stack centralized and visualized 7,275 generated log records in near real-time. Baseline monitoring under normal traffic conditions did not produce false positive alerts. The reported values represent generated monitoring events rather than formal detection-performance metrics.Research implications/limitations – This study was conducted in a controlled school-scale wireless network environment using limited attack scenarios and short-term monitoring observations. Therefore, the findings may not directly represent large-scale production network conditions.Originality/value – This study demonstrates the feasibility of integrating traffic-based intrusion detection, deception-based interaction logging, and centralized monitoring within a unified wireless school network security architecture using open-source technologies.]]>
