A Research of Intrusion Detection System in General as Well as Snort in Detail Before Introducing it into Global Cyber Soft Company

Authors

  • Mohamed Aly Pasha Vietnamese-German University, Thu Dau Mot, Vietnam

DOI:

https://doi.org/10.53555/cse.v8i1.1919

Keywords:

intrusion detection system, prevention system, Snort, IDS, NIDS, Firewall, Suricata, False positive

Abstract

Nowadays, with the expanding of Internet all over the world, many hackers who try to steal some confident information to use for their own benefit or just destroy or modify it. From this, IDS/IPS (intrusion detection/prevention system) was born to help users, companies or institutions to detect and prevent this issue. My company currently is considering to install an intrusion detection system and this thesis is aim to study IDS in general to get the common knowledge and Snort in detail for our managers make a decision to implement it or not. In this Master’s thesis, I will cover two main parts: the first one includes of an intense research study about the IDS/IPS and comparing the differences between them. Subsequently, we will continue this part with some limitation points where IDS/IPS still needs to be checked and show up some requirements for the better intrusion detection system.Second part of the thesis would try to show how to configure of Snort in Windows environment. Some demo of  attacking on the environment where Snort is installed will be performed in order to show its protection on reality. Finally, we will evaluate some advantages and disadvantages compared to other software to conclude whether we should implement it on our company or not.

 

Downloads

Download data is not yet available.

References

http://vietnamnews.vn/opinion/in-the-spotlight/300848/viet-nams-network-security-at-high-risk.html [Online, access November 2016]

http://www.firewallinformation.com/ [Online, access November 2016]

Karen Scarfone, The basics of network intrusion prevention systems, http://searchsecurity.techtarget.com/feature/The-basics-of-network-intrusion-prevention-systems, [Online, access November 2016]

Rafeeq Ur Rehman, Intrusion Detection Systems with Snort: Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID, p.7, 2003

Xu, D. and P. Ning, 2008. Correlation Analysis of Intrusion Alerts. In: Intrusion Detection Systems (Advances in Information Security), Pietro, R.D.and L.V. Mancini (Eds.), ISBN: 0387772650, pp: 65-92

Maggi, F., M. Matteucci and S. Zanero, 2009. Reducing false positives in anomaly detectors through fuzzy alert aggregation. Inform. Fusion, Volume 10, issue 4.

James P. Anderson, “Computer Security threat monitoring and surveillance”, 1980

D. E. Denning, "An intrusion detection model." IEEE Transactions on Software Engineering, Feb. 1987

The Evolution of Intrusion Detection Systems by Paul Innella, Tetrad Digital Integrity, LLC http://www.securityfocus.com/infocus/1514 (visited November 2016)

Martin Roesch: “Snort Documents”, http://www.snort.org/docs/

Anomaly based Network Intrusion Detection System by Dinakara K, p. 8

Intrusion Detection Systems (IDS) Part I - (network intrusions; attack symptoms; IDS tasks; and IDS architecture) by Przemyslaw Kazienko & Piotr Dorosz [Published on 7 April 2003 / Last Updated on 7 April 2003], from http://www.windowsecurity.com/articles-tutorials/intrusion_detection/Intrusion_Detection_Systems_IDS_Part_I__network_intrusions_attack_symptoms_IDS_tasks_and_IDS_architecture.html (visited November 2016)

H. Debar, M. Dacier, A. Wespi, Towards a taxonomy of intrusion-detection systems, Computer Networks 31, 1999, pages 805-822.

E. Lundin, E. Jonsson, Survey of research in the intrusion detection area, Technical report 02-04, Department of Computer Engineering, Chalmers University of Technology, Göteborg January 2002, http://www.ce.chalmers.se/staff/emilie/papers/Lundin_survey02.pdf.

C. Krügel, T. Toth, Applying Mobile Agent Technology to Intrusion Detection, ICSE Workshop on Software Engineering and Mobility, Toronto May 2001, from http://www.elet.polimi.it/Users/DEI/Sections/Compeng/GianPietro.Picco/ICSE01mobility/papers/krugel.pdf.

C. Krügel, T. Toth, Distributed Pattern Detection for Intrusion Detection, Conference Proceedings of the Network and Distributed System Security Symposium NDSS '02, 2002, http://www.isoc.org/isoc/conferences/ndss/02/proceedings/papers/kruege.ps.

J.S. Balasubramaniyan, J.O. Garcia-Fernandez, D. Isaco, E. Spafford, D. Zamboni, An Architecture for Intrusion Detection using Autonomous Agents, 14th IEEE Computer Security Applications Conference ACSAC ’98, December 1998, pages 13-24, http://www.cs.umbc.edu/cadip/docs/NetworkIntrusion/tr9805.ps.

D.J. Ragsdale, C.A. Carver, J.W. Humphries, U.W. Pooh, Adaptation techniques for intrusion detection and intrusion response systems, Proceedings of the IEEE International Conference on Systems, Man and Cybernetics, 2000, pages 2344-2349, http://www.itoc.usma.edu/ragsdale/pubs/adapt.pdf.

Abhishek Pharate, Harsha Bhat, Vaibhav Shilimkar, Classification of Intrusion Detection Systems, retrieve from https://www.academia.edu/11395235/CLASSIFICATION_OF_INTRUSION_DETECTION_SYSTEMS, pages 1-6

Pengertian Intrusion Detection System (16 Jan 2016), retrieve fromhttp://luwuk59.blogspot.com/2016/01/pengertian-intrusion-detection-system_16.html (visited November 2016)

Marion Bogdanov ,“An approach to developing an information assurance environment”, https://www.academia.edu/10025339/An_Approach_to_Developing_An_Information_Assurance_Environment (visited November 2016)

Sailesh Kumar, Survey of Current Network Intrusion Detection Techniques, retrieve from http://www.cse.wustl.edu/~jain/cse571-07/ftp/ids/ (visited November 2016)

Sanjay Kumar Sharma, Pankaj Pande, Susheel Kumar Tiwari and Mahendra Singh Sisodia, “An Improved Network Intrusion Detection technique based on k-means clustering via naïve Byes Classification”

Thanvarat Komviriyavut, Phurivit Sangkatsanee, Naruemon Wattanapongsakorn, “Network intrusion detection and classification with decision tree and rule based approach”

Deris Stiawan, Ala’ Yaseen Ibrahim Shakhatreh, Mohd. Yazid Idris, Kamarulnizam Abu Bakar,Abdul Hanan Abdullah, “Intrusion prevention system: a survey”.

N. Wattanapongsakorn, S. Srakaew, E. Wonghirunsombat, C. Sribavonmongkol, T. Junhom, P.Jongsubsook, C. Charnsripinyo, “A Practical Network based Intrusion Detection and Prevention System”

K.B.Chandradeep, “A scheme for the design and implementation of a distributed ids”

Kjetil Haslum, Ajith Abraham and Svein Knapskog, “Fuzzy online risk assessment for distributed intrusion prediction and prevention systems”

Hakan Albag, “Network & agent based intrusion detection systems.”

Vinod Kumar, Dr. Om Prakash Sangwan, “Signature based intrusion detection system using Snort”.

V. Jyothsna, V. V. Rama Prasad, K. Munivara Prasad, “A review of anomaly based intrusion detection systems”.

Noonan, W. J. (2004). Hardening network infrastructures: Bulletproof your systems before they get hacked. New York: Osborne.

Security All the Way, retrieve from https://infosecprimer.wordpress.com/2013/07/09/introducing-ids-and-ips/ (visited November 2016)

An Evaluation of current IDS, Master thesis performed in Information Coding by Ignacio Porres Ruiz And María del Mar Fernández de Ramón, p 32

Johan Nilsson, Vulnerability scanners, May 2006, p 31-38

Marco de Vivo, Eddy Carrasco, Germinal Isern and Gabriela O. de Vivo, A review of port scanning techniques, 1999, http://portal.acm.org/citation.cfm?id=505737

John Wack, Miles Tracy, Murugiah Souppaya Guideline on Network Security Testing,2003, NIST Special Publication 800-42, www.iwar.org.uk/comsec/resources/netsec-testing/sp800-42.pdf

Jay Beale, Haroon Meer, Roelof Temmingh, Charl Van Der Walt, Renaud Deraison, Nessus Network Auditing, 2004, http://dl.acm.org/citation.cfm?id=993973

Loras R. Even, Honey Pot Systems Explained July 2000, retrieve from https://www.sans.org/security-resources/idfaq/what-is-a-honeypot/1/9/ (visited December 2016)

Duy Long, Tìm hiểu về "Honeypot" và "honeynet", retrieve from http://quantrimang.com/tim-hieu-ve-honeypot-va-honeynet-37896/ (visited December 2016)

http://www.honeynet.org/ (visited December 2016)

http://homes.cerias.purdue.edu/~kaw/research/honeynet/HoneynetTutorial/honeynet/gen2.html (visited December 2016)

https://www.techopedia.com/definition/25830/cia-triad-of-information-security (visited December 2016)

http://www.omnisecu.com/security/infrastructure-and-email-security/difference-between-firewall-and-intrusion-detection-system.php (visited December 2016)

Rebecca Bace and Peter Mell, Intrusion Detection Systems (2001), http://csrc.nist.gov/publications/nistpubs/800-31/sp800-31.pdf

Sailesh Kumar, Survey of Current Network Intrusion Detection Techniques, http://www.cse.wustl.edu/~jain/cse571-07/ftp/ids/#sec6.1 (visited December 2016)

Distributed Denial of Service Attack (DDoS) Definition (June 2011), retrieve from http://www.hostglobal.tech/security/distributed-denial-of-service-attack-ddos-definition/ (visited December 2016)

Penetration attack, http://itlaw.wikia.com/wiki/Penetration_attack (visited December 2016)

Yue Jiang, Snort - a network intrusion prevention and detection system, www.csee.wvu.edu/~cukic/CS665/Snort.ppt

Rafeeq Ur Rehman, Intrusion Detection Systems with Snort: Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID, p.12-16, 2003

https://www.winpcap.org/install/ (February, 2017)

https://www.snort.org/downloads (February, 2017)

https://notepad-plus-plus.org/download/v7.3.1.html (February,2017)

https://www.sans.org/security-resources/idfaq/running-snort-under-windows/6/4 (February, 2017)

MySQL database http://www.mysql.org (February, 2017)

http://www.mysqltutorial.org/install-mysql/ (February, 2017)

https://nmap.org/ (February, 2017)

https://www.aldeid.com/wiki/Suricata-vs-snort (March, 2017)

Chintan Kacha1& Kirtee A. Shevade, Comparison of Different Intrusion Detection and Prevention Systems, December 2012

http://wiki.aanval.com/wiki/Snort_vs_Suricata (March, 2017)

https://priyachalakkal.wordpress.com/2016/03/24/suricata-snort-bro/ (March, 2017)

David J. Day& Benjamin M. Burns, A Performance Analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines, Feb 2011

Albin, Eugene, A comparative analysis of the Snort and Suricata intrusion-detection systems, Sep 2011

http://opentodo.net/2012/10/snort-from-scratch-part-iii/ (access on March, 2017)

Leon Ward, Improving your custom Snort rules, November 2010, http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=B32D105C35982E4AC8A1DB5C73789566?doi=10.1.1.225.1866

David J. Bianco, EZ Snort Rules, Find the Truffles, Leave the Dirt, www.vorant.com/files/EZ_Snort_Rules.pdf

https://wiki.archlinux.org/index.php/snort (February, 2017)

https://idatalabs.com/tech/products/snort (February, 2017)

Published

2022-02-28

How to Cite

Pasha, M. A. (2022). A Research of Intrusion Detection System in General as Well as Snort in Detail Before Introducing it into Global Cyber Soft Company. International Journal For Research In Advanced Computer Science And Engineering, 8(1), 01–68. https://doi.org/10.53555/cse.v8i1.1919