A Research of Intrusion Detection System in General as Well as Snort in Detail Before Introducing it into Global Cyber Soft Company
Keywords:intrusion detection system, prevention system, Snort, IDS, NIDS, Firewall, Suricata, False positive
Nowadays, with the expanding of Internet all over the world, many hackers who try to steal some confident information to use for their own benefit or just destroy or modify it. From this, IDS/IPS (intrusion detection/prevention system) was born to help users, companies or institutions to detect and prevent this issue. My company currently is considering to install an intrusion detection system and this thesis is aim to study IDS in general to get the common knowledge and Snort in detail for our managers make a decision to implement it or not. In this Master’s thesis, I will cover two main parts: the first one includes of an intense research study about the IDS/IPS and comparing the differences between them. Subsequently, we will continue this part with some limitation points where IDS/IPS still needs to be checked and show up some requirements for the better intrusion detection system.Second part of the thesis would try to show how to configure of Snort in Windows environment. Some demo of attacking on the environment where Snort is installed will be performed in order to show its protection on reality. Finally, we will evaluate some advantages and disadvantages compared to other software to conclude whether we should implement it on our company or not.
http://vietnamnews.vn/opinion/in-the-spotlight/300848/viet-nams-network-security-at-high-risk.html [Online, access November 2016]
http://www.firewallinformation.com/ [Online, access November 2016]
Karen Scarfone, The basics of network intrusion prevention systems, http://searchsecurity.techtarget.com/feature/The-basics-of-network-intrusion-prevention-systems, [Online, access November 2016]
Rafeeq Ur Rehman, Intrusion Detection Systems with Snort: Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID, p.7, 2003
Xu, D. and P. Ning, 2008. Correlation Analysis of Intrusion Alerts. In: Intrusion Detection Systems (Advances in Information Security), Pietro, R.D.and L.V. Mancini (Eds.), ISBN: 0387772650, pp: 65-92
Maggi, F., M. Matteucci and S. Zanero, 2009. Reducing false positives in anomaly detectors through fuzzy alert aggregation. Inform. Fusion, Volume 10, issue 4.
James P. Anderson, “Computer Security threat monitoring and surveillance”, 1980
D. E. Denning, "An intrusion detection model." IEEE Transactions on Software Engineering, Feb. 1987
The Evolution of Intrusion Detection Systems by Paul Innella, Tetrad Digital Integrity, LLC http://www.securityfocus.com/infocus/1514 (visited November 2016)
Martin Roesch: “Snort Documents”, http://www.snort.org/docs/
Anomaly based Network Intrusion Detection System by Dinakara K, p. 8
Intrusion Detection Systems (IDS) Part I - (network intrusions; attack symptoms; IDS tasks; and IDS architecture) by Przemyslaw Kazienko & Piotr Dorosz [Published on 7 April 2003 / Last Updated on 7 April 2003], from http://www.windowsecurity.com/articles-tutorials/intrusion_detection/Intrusion_Detection_Systems_IDS_Part_I__network_intrusions_attack_symptoms_IDS_tasks_and_IDS_architecture.html (visited November 2016)
H. Debar, M. Dacier, A. Wespi, Towards a taxonomy of intrusion-detection systems, Computer Networks 31, 1999, pages 805-822.
E. Lundin, E. Jonsson, Survey of research in the intrusion detection area, Technical report 02-04, Department of Computer Engineering, Chalmers University of Technology, Göteborg January 2002, http://www.ce.chalmers.se/staff/emilie/papers/Lundin_survey02.pdf.
C. Krügel, T. Toth, Applying Mobile Agent Technology to Intrusion Detection, ICSE Workshop on Software Engineering and Mobility, Toronto May 2001, from http://www.elet.polimi.it/Users/DEI/Sections/Compeng/GianPietro.Picco/ICSE01mobility/papers/krugel.pdf.
C. Krügel, T. Toth, Distributed Pattern Detection for Intrusion Detection, Conference Proceedings of the Network and Distributed System Security Symposium NDSS '02, 2002, http://www.isoc.org/isoc/conferences/ndss/02/proceedings/papers/kruege.ps.
J.S. Balasubramaniyan, J.O. Garcia-Fernandez, D. Isaco, E. Spafford, D. Zamboni, An Architecture for Intrusion Detection using Autonomous Agents, 14th IEEE Computer Security Applications Conference ACSAC ’98, December 1998, pages 13-24, http://www.cs.umbc.edu/cadip/docs/NetworkIntrusion/tr9805.ps.
D.J. Ragsdale, C.A. Carver, J.W. Humphries, U.W. Pooh, Adaptation techniques for intrusion detection and intrusion response systems, Proceedings of the IEEE International Conference on Systems, Man and Cybernetics, 2000, pages 2344-2349, http://www.itoc.usma.edu/ragsdale/pubs/adapt.pdf.
Abhishek Pharate, Harsha Bhat, Vaibhav Shilimkar, Classification of Intrusion Detection Systems, retrieve from https://www.academia.edu/11395235/CLASSIFICATION_OF_INTRUSION_DETECTION_SYSTEMS, pages 1-6
Pengertian Intrusion Detection System (16 Jan 2016), retrieve fromhttp://luwuk59.blogspot.com/2016/01/pengertian-intrusion-detection-system_16.html (visited November 2016)
Marion Bogdanov ,“An approach to developing an information assurance environment”, https://www.academia.edu/10025339/An_Approach_to_Developing_An_Information_Assurance_Environment (visited November 2016)
Sailesh Kumar, Survey of Current Network Intrusion Detection Techniques, retrieve from http://www.cse.wustl.edu/~jain/cse571-07/ftp/ids/ (visited November 2016)
Sanjay Kumar Sharma, Pankaj Pande, Susheel Kumar Tiwari and Mahendra Singh Sisodia, “An Improved Network Intrusion Detection technique based on k-means clustering via naïve Byes Classification”
Thanvarat Komviriyavut, Phurivit Sangkatsanee, Naruemon Wattanapongsakorn, “Network intrusion detection and classification with decision tree and rule based approach”
Deris Stiawan, Ala’ Yaseen Ibrahim Shakhatreh, Mohd. Yazid Idris, Kamarulnizam Abu Bakar,Abdul Hanan Abdullah, “Intrusion prevention system: a survey”.
N. Wattanapongsakorn, S. Srakaew, E. Wonghirunsombat, C. Sribavonmongkol, T. Junhom, P.Jongsubsook, C. Charnsripinyo, “A Practical Network based Intrusion Detection and Prevention System”
K.B.Chandradeep, “A scheme for the design and implementation of a distributed ids”
Kjetil Haslum, Ajith Abraham and Svein Knapskog, “Fuzzy online risk assessment for distributed intrusion prediction and prevention systems”
Hakan Albag, “Network & agent based intrusion detection systems.”
Vinod Kumar, Dr. Om Prakash Sangwan, “Signature based intrusion detection system using Snort”.
V. Jyothsna, V. V. Rama Prasad, K. Munivara Prasad, “A review of anomaly based intrusion detection systems”.
Noonan, W. J. (2004). Hardening network infrastructures: Bulletproof your systems before they get hacked. New York: Osborne.
Security All the Way, retrieve from https://infosecprimer.wordpress.com/2013/07/09/introducing-ids-and-ips/ (visited November 2016)
An Evaluation of current IDS, Master thesis performed in Information Coding by Ignacio Porres Ruiz And María del Mar Fernández de Ramón, p 32
Johan Nilsson, Vulnerability scanners, May 2006, p 31-38
Marco de Vivo, Eddy Carrasco, Germinal Isern and Gabriela O. de Vivo, A review of port scanning techniques, 1999, http://portal.acm.org/citation.cfm?id=505737
John Wack, Miles Tracy, Murugiah Souppaya Guideline on Network Security Testing,2003, NIST Special Publication 800-42, www.iwar.org.uk/comsec/resources/netsec-testing/sp800-42.pdf
Jay Beale, Haroon Meer, Roelof Temmingh, Charl Van Der Walt, Renaud Deraison, Nessus Network Auditing, 2004, http://dl.acm.org/citation.cfm?id=993973
Loras R. Even, Honey Pot Systems Explained July 2000, retrieve from https://www.sans.org/security-resources/idfaq/what-is-a-honeypot/1/9/ (visited December 2016)
Duy Long, Tìm hiểu về "Honeypot" và "honeynet", retrieve from http://quantrimang.com/tim-hieu-ve-honeypot-va-honeynet-37896/ (visited December 2016)
http://www.honeynet.org/ (visited December 2016)
http://homes.cerias.purdue.edu/~kaw/research/honeynet/HoneynetTutorial/honeynet/gen2.html (visited December 2016)
https://www.techopedia.com/definition/25830/cia-triad-of-information-security (visited December 2016)
Rebecca Bace and Peter Mell, Intrusion Detection Systems (2001), http://csrc.nist.gov/publications/nistpubs/800-31/sp800-31.pdf
Sailesh Kumar, Survey of Current Network Intrusion Detection Techniques, http://www.cse.wustl.edu/~jain/cse571-07/ftp/ids/#sec6.1 (visited December 2016)
Distributed Denial of Service Attack (DDoS) Definition (June 2011), retrieve from http://www.hostglobal.tech/security/distributed-denial-of-service-attack-ddos-definition/ (visited December 2016)
Penetration attack, http://itlaw.wikia.com/wiki/Penetration_attack (visited December 2016)
Yue Jiang, Snort - a network intrusion prevention and detection system, www.csee.wvu.edu/~cukic/CS665/Snort.ppt
Rafeeq Ur Rehman, Intrusion Detection Systems with Snort: Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID, p.12-16, 2003
https://www.winpcap.org/install/ (February, 2017)
https://www.snort.org/downloads (February, 2017)
MySQL database http://www.mysql.org (February, 2017)
http://www.mysqltutorial.org/install-mysql/ (February, 2017)
https://nmap.org/ (February, 2017)
https://www.aldeid.com/wiki/Suricata-vs-snort (March, 2017)
Chintan Kacha1& Kirtee A. Shevade, Comparison of Different Intrusion Detection and Prevention Systems, December 2012
http://wiki.aanval.com/wiki/Snort_vs_Suricata (March, 2017)
David J. Day& Benjamin M. Burns, A Performance Analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines, Feb 2011
Albin, Eugene, A comparative analysis of the Snort and Suricata intrusion-detection systems, Sep 2011
http://opentodo.net/2012/10/snort-from-scratch-part-iii/ (access on March, 2017)
Leon Ward, Improving your custom Snort rules, November 2010, http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=B32D105C35982E4AC8A1DB5C73789566?doi=10.1.1.225.1866
David J. Bianco, EZ Snort Rules, Find the Truffles, Leave the Dirt, www.vorant.com/files/EZ_Snort_Rules.pdf
https://wiki.archlinux.org/index.php/snort (February, 2017)
https://idatalabs.com/tech/products/snort (February, 2017)
How to Cite
Copyright (c) 2022 International Journal For Research In Advanced Computer Science And Engineering (ISSN: 2208-2107)
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
In consideration of the journal, Green Publication taking action in reviewing and editing our manuscript, the authors undersigned hereby transfer, assign, or otherwise convey all copyright ownership to the Editorial Office of the Green Publication in the event that such work is published in the journal. Such conveyance covers any product that may derive from the published journal, whether print or electronic. Green Publication shall have the right to register copyright to the Article in its name as claimant, whether separately
or as part of the journal issue or other medium in which the Article is included.
By signing this Agreement, the author(s), and in the case of a Work Made For Hire, the employer, jointly and severally represent and warrant that the Article is original with the author(s) and does not infringe any copyright or violate any other right of any third parties, and that the Article has not been published elsewhere, and is not being considered for publication elsewhere in any form, except as provided herein. Each author’s signature should appear below. The signing author(s) (and, in