ABSTRACT
General trend in industry is a shift from Intrusion Detection Systems (IDS) to Intrusion Prevention Systems (IPS). In this paper, we have investigated the motivations behind this trend. In addition, we have surveyed some of the available IDS/IPS tools. Real time analysis of several Internet attacks was done using SNORT, "the de facto standard for intrusion detection/prevention", and Nmap in order to study malicious behavior of our network. Simulation results of Scanning attack as well as DoS attack performed on test computer have been provided. A comparative analysis of the results obtained with Snort and EagleX showed the higher efficiency of Snort.
- Bace, R., & Mell, P., "Intrusion Detection Systems", NIST Special PublicationonIntrusionDetectionSystem. http://www.snort.org/docs/nist-ids.pdf.Google Scholar
- Cabrera, J., Lewis, L., Qin, L, Lee, W., & Mehra, R., "Proactive Intrusion Detection and Distributed Denial of Service Attacks -- A Case Study in Security Management", Journal of Network and Systems Management, Vol. 10, No. 2, (pp 225--253), 2002, June. Google ScholarDigital Library
- Comer, D. (2004), "Computer Networks and Internets", 4th ed. Upper Saddle River, NJ: Pearson Prentice Hall. Google ScholarDigital Library
- de Vivo, M., de Vivo, G., & Isern, G., "Internet Security Attacks at the Basic Levels", ACM SIGOPS Operating Systems Review, Vol. 32, No. 2, SIGOPS, ACM, April 1998, (pp 4--15), 1998, April. Google ScholarDigital Library
- Firewall (networking). Wikipedia. http://en.wikipedia.org/wiki/Firewall_%28networking%29Google Scholar
- Intrusion-detection system. Wikipedia. http://en.wikipedia.org/wiki/Intrusion_detection_systemGoogle Scholar
- Intrusion-prevention system. Wikipedia. http://en.wikipedia.org/wiki/Intrusion_prevention_systemGoogle Scholar
- IPS gaining ground over IDS. (2005, February 14). Network World. http://www.networkworld.com/news/2005/021405ids.htmlGoogle Scholar
- NSS Group. (2004, January). Intrusion Prevention Systems (IPS). http://www.nss.co.uk/WhitePapers/intrusion_prevention_systems.htmGoogle Scholar
- Oppliger, R., "Internet Security: Firewalls and Beyond", Communications of the ACM, May 1997/Vol. 40, No. 5, (pp 92--102). Google ScholarDigital Library
- Roesch, M., "Snort -- Lightweight Intrusion Detection for Networks", Proceedings of LISA '99: 13th Systems Administration Conference, Seattle, WA, USA, November 7--12, 1999. Google ScholarDigital Library
- Snort. http://snort.org/Google Scholar
- Whitman, M., "Enemy At The Gate: Threats to Information Security", Communications of the ACM, Vol. 46, No. 8, August 2003, (pp 91--95). Google ScholarDigital Library
- Zhang, X., Li, C., & Zheng, W., "Intrusion Prevention System Design", The Fourth International Conference on Computer and InformationTechnology (CIT'04), 2004 Google ScholarDigital Library
- Kistler, U. "Eagle-X Preconfigured Intrusion Detection System" http://www.engagesecurity.com/products/eaglexGoogle Scholar
Index Terms
- Study of snort-based IDS
Recommendations
Detecting Intrusion in Cloud using Snort: An Application towards Cyber-Security
ICCA '22: Proceedings of the 2nd International Conference on Computing AdvancementsInternet, various kinds of services are delivered using cloud computing. These resources include storing data, servers, databases records, networking systems, and software. Many people choose cloud computing for businesses because of it’s budget-...
HawkEye solutions: a network intrusion detection system
ICWET '11: Proceedings of the International Conference & Workshop on Emerging Trends in TechnologyAn Intrusion Detection System (IDS) is a computer-based information system designed to collect information about malicious activities in a set of targeted IT resources, analyze the information and respond according to some predefined security policy. In ...
A Survey on Intrusion Detection and Prevention Systems
AbstractIn the digital world, malicious activities that violate the confidentiality, integrity, or availability of data and devices are known as intrusions. An intrusion detection system (IDS) analyses the activities of a single system or a network to ...
Comments