Network Intrusion Detection System Using SNORT
Added on 2023-06-11
51 Pages9826 Words455 Views
MN692 Capstone Project
Network intrusion detection system
Final Report
Student Names
Student IDs
School of IT and Engineering
Trimester x 201x
Network intrusion detection system
Final Report
Student Names
Student IDs
School of IT and Engineering
Trimester x 201x
MN692 Capstone Project Report 2 51
Table of Contents
Acknowledgment.......................................................................................................................3
1 Abstract..............................................................................................................................4
2 Glossary and Abbreviations...............................................................................................6
1. Introduction........................................................................................................................7
2. Project Detailed Design......................................................................................................8
2.1 Literature Review......................................................................................................12
2.2 Objectives of the Project...........................................................................................12
2.3 Detailed Design.........................................................................................................13
2.3.1 Design and implementation.....................................................................................13
2.3.2 Table of weekly Activities for MN692...................................................................14
2.3.3 Roles& Responsibilities of each team member......................................................15
2.3.4 Gantt Chart..............................................................................................................18
2.3.5 Project methodology...............................................................................................26
Figure 14: Block diagram of NIDS..................................................................................27
3 Project Implementation and Evaluation...........................................................................27
3.1 Implementation..........................................................................................................27
3.1.1 Software Requirements......................................................................................28
3.1.2 Hardware Requirements.....................................................................................29
3.1.3 Research graphs of malware attacks..................................................................29
3.1.4 Installing Snort...................................................................................................30
3.2 Testing and troubleshooting......................................................................................32
3.3 Results.......................................................................................................................38
Ping scan results that are stored in snort log............................................................................41
Verification of snort intrusion..................................................................................................42
3.4 Discussion and analysis.............................................................................................42
3 Conclusion........................................................................................................................51
References................................................................................................................................52
Network Intrusion Detection System Using SNORT
Table of Contents
Acknowledgment.......................................................................................................................3
1 Abstract..............................................................................................................................4
2 Glossary and Abbreviations...............................................................................................6
1. Introduction........................................................................................................................7
2. Project Detailed Design......................................................................................................8
2.1 Literature Review......................................................................................................12
2.2 Objectives of the Project...........................................................................................12
2.3 Detailed Design.........................................................................................................13
2.3.1 Design and implementation.....................................................................................13
2.3.2 Table of weekly Activities for MN692...................................................................14
2.3.3 Roles& Responsibilities of each team member......................................................15
2.3.4 Gantt Chart..............................................................................................................18
2.3.5 Project methodology...............................................................................................26
Figure 14: Block diagram of NIDS..................................................................................27
3 Project Implementation and Evaluation...........................................................................27
3.1 Implementation..........................................................................................................27
3.1.1 Software Requirements......................................................................................28
3.1.2 Hardware Requirements.....................................................................................29
3.1.3 Research graphs of malware attacks..................................................................29
3.1.4 Installing Snort...................................................................................................30
3.2 Testing and troubleshooting......................................................................................32
3.3 Results.......................................................................................................................38
Ping scan results that are stored in snort log............................................................................41
Verification of snort intrusion..................................................................................................42
3.4 Discussion and analysis.............................................................................................42
3 Conclusion........................................................................................................................51
References................................................................................................................................52
Network Intrusion Detection System Using SNORT
MN692 Capstone Project Report 3 51
Acknowledgment
We like to express our gratitude to our respected A/Prof Savitri Bevinakoppa and our
supervisor, lecturer Dr. Ammar Alazab. Most significantly to our industry client Dr. Robert
Layton who provided the best guidance throughout our project on Network Intrusion
Detection System, Which aided to execute the project successfully without any hurdles, by
neutralizing and detecting the attacks on the system with different techniques.
We are thankful to our mentors.
Signatures of students:
Network Intrusion Detection System Using SNORT
Acknowledgment
We like to express our gratitude to our respected A/Prof Savitri Bevinakoppa and our
supervisor, lecturer Dr. Ammar Alazab. Most significantly to our industry client Dr. Robert
Layton who provided the best guidance throughout our project on Network Intrusion
Detection System, Which aided to execute the project successfully without any hurdles, by
neutralizing and detecting the attacks on the system with different techniques.
We are thankful to our mentors.
Signatures of students:
Network Intrusion Detection System Using SNORT
MN692 Capstone Project Report 4 51
1 Abstract
The Internet and computer networks are increasingly exposed to security threats.
When there are new types of attacks that occur constantly, the development of flexible and
adaptive security-oriented approaches is a serious problem. In this context, a network based
on anomaly intrusion detection methods are a valuable technology for protecting target
systems and networks against malicious activities. Intrusion detection systems (IDS) are
based on the belief that the behaviour of an attacker will be markedly different from that of a
legitimate user and that many unauthorized actions can be detected [1]. Typically, IDS uses
statistical anomalies and abuse patterns based on rules to detect intrusions. A number of IDS
prototypes were developed in several institutions and some of them were also deployed on an
experimental basis. However, despite the variety of such methods security tools that include
the detection of anomalies functionality is just beginning to emerge, and a number of
important problems remain unsolved. In this process, the system tries to neutralize the attacks
that are being happened. IDS are being installed in the network rather than being installed in
individual hosts to provide security to the system. Using signature and anomaly-based
detection the attacks are being detected and stopped. Snort is the major IDS tool which
detects the attack successfully by installing and configuring it in a network. The system
provides a continuous response to the intrusions that happen [2].
The intention of the project is to implement a NIDS successfully in detecting the
malware and inform the system about the incoming malicious traffic using different tools.
Network Intrusion Detection System Using SNORT
1 Abstract
The Internet and computer networks are increasingly exposed to security threats.
When there are new types of attacks that occur constantly, the development of flexible and
adaptive security-oriented approaches is a serious problem. In this context, a network based
on anomaly intrusion detection methods are a valuable technology for protecting target
systems and networks against malicious activities. Intrusion detection systems (IDS) are
based on the belief that the behaviour of an attacker will be markedly different from that of a
legitimate user and that many unauthorized actions can be detected [1]. Typically, IDS uses
statistical anomalies and abuse patterns based on rules to detect intrusions. A number of IDS
prototypes were developed in several institutions and some of them were also deployed on an
experimental basis. However, despite the variety of such methods security tools that include
the detection of anomalies functionality is just beginning to emerge, and a number of
important problems remain unsolved. In this process, the system tries to neutralize the attacks
that are being happened. IDS are being installed in the network rather than being installed in
individual hosts to provide security to the system. Using signature and anomaly-based
detection the attacks are being detected and stopped. Snort is the major IDS tool which
detects the attack successfully by installing and configuring it in a network. The system
provides a continuous response to the intrusions that happen [2].
The intention of the project is to implement a NIDS successfully in detecting the
malware and inform the system about the incoming malicious traffic using different tools.
Network Intrusion Detection System Using SNORT
MN692 Capstone Project Report 5 51
2 Glossary and Abbreviations
NIDS: Network Intrusion Detection System
IDS: Intrusion Detection System
DDoS: Distributed Denial of Service
SVM: Support Vector Machine
STP: Spanning Tree Protocol
WEKA: Waikato environment for knowledge and analysis
QP: Quadratic programming
SMO: Sequential minimal optimization
NIDS: Network intrusion detection system
Network Intrusion Detection System Using SNORT
2 Glossary and Abbreviations
NIDS: Network Intrusion Detection System
IDS: Intrusion Detection System
DDoS: Distributed Denial of Service
SVM: Support Vector Machine
STP: Spanning Tree Protocol
WEKA: Waikato environment for knowledge and analysis
QP: Quadratic programming
SMO: Sequential minimal optimization
NIDS: Network intrusion detection system
Network Intrusion Detection System Using SNORT
MN692 Capstone Project Report 6 51
1. Introduction
Intrusion Detection Systems are security tools that, like other measures such as
antivirus software, firewalls, and access control schemes, are intended to strengthen the
security of information and communication systems. Over the years, several IDS approaches
have been proposed in literature since the creation of this technology, two highly relevant
works in this direction reddening [3].
An intrusion detection system (IDS) can be considered an application which is
associated with monitoring a network or systems for detecting various kinds of malicious
activity or policy violations. Various malicious activities or violations are typically reported
either to the administrator or are generally collected centrally by making use of a security
information and event management (SIEM) system. The SIEM system is associated with
combining the outputs from multiple sources, which is followed by the usage of the alarm
filtering techniques in order to distinguish the various type of malicious activity from the
alarms that are false.
There exist several types of IDS, and this scopes from a single computer to a
widespread network. The most common Type of IDS includes the “network intrusion
detection systems” (NIDS) and “host-based intrusion detection systems” (HIDS). The system
which is associated with monitoring the important operating system files can be considered as
an example of a HIDS, whereas a system which is associated with the analysing the network
traffic which is incoming can be considered as an example of a NIDS. The IDS can be
classified according to the detection approach that is used amongst which the most well-
known variants include the signature-based detection or recognizing the bad patterns, such as
malware and anomaly-based detection or the detecting deviations from a model of "good"
traffic, which often relies on machine learning. Some IDS have the ability to respond to
Network Intrusion Detection System Using SNORT
1. Introduction
Intrusion Detection Systems are security tools that, like other measures such as
antivirus software, firewalls, and access control schemes, are intended to strengthen the
security of information and communication systems. Over the years, several IDS approaches
have been proposed in literature since the creation of this technology, two highly relevant
works in this direction reddening [3].
An intrusion detection system (IDS) can be considered an application which is
associated with monitoring a network or systems for detecting various kinds of malicious
activity or policy violations. Various malicious activities or violations are typically reported
either to the administrator or are generally collected centrally by making use of a security
information and event management (SIEM) system. The SIEM system is associated with
combining the outputs from multiple sources, which is followed by the usage of the alarm
filtering techniques in order to distinguish the various type of malicious activity from the
alarms that are false.
There exist several types of IDS, and this scopes from a single computer to a
widespread network. The most common Type of IDS includes the “network intrusion
detection systems” (NIDS) and “host-based intrusion detection systems” (HIDS). The system
which is associated with monitoring the important operating system files can be considered as
an example of a HIDS, whereas a system which is associated with the analysing the network
traffic which is incoming can be considered as an example of a NIDS. The IDS can be
classified according to the detection approach that is used amongst which the most well-
known variants include the signature-based detection or recognizing the bad patterns, such as
malware and anomaly-based detection or the detecting deviations from a model of "good"
traffic, which often relies on machine learning. Some IDS have the ability to respond to
Network Intrusion Detection System Using SNORT
MN692 Capstone Project Report 7 51
detected intrusions. Systems with response capabilities are typically referred to as an
intrusion prevention system.
Network intrusion detection systems (NIDS) has been placed at a strategic point or
points inside a network for the purpose of monitoring the traffic that is generally towards or
from all devices connected with the network. This is generally associated with performing an
analysis of the traffic that is passing on the entire subnet, which is followed by matching of
the traffic which is generally passed on the subnets to the library of known attacks. After the
identification of the attack or abnormal behaviour is done, then an alert is sent to the
administrator. (An example of a NIDS would be installing it on the subnet where firewalls are
located in order to see if someone is trying to break into the firewall. Ideally one would scan
all inbound and outbound traffic, however doing so might create a bottleneck that would
impair the overall speed of the network.).Some of the common tools used for simulating
network intrusion detection systems mainly includes the OPNET and Net Sim. This type of
Systems is also capable of comparing signatures for similar packets in order to link and drop
the harmful detected packets that are consisting of a signature matching with the records in
the NIDS. When the classification of the design of NIDS is done according to the system
interactivity property, then it can be concluded that there are two types and this mainly
includes the 5fon-line and off-line NIDS, which are often referred to as inline and tap mode,
respectively. On-line NIDS is associated with dealing with the network on a real-time basis.
This is also associated with analysing the Ethernet packets along with the application of some
rules in order to decide if it is an attack or not. Off-line NIDS are associated with dealing
with the stored data, which is initially associated with the passing of it through some
processes in order to decide if it is an attack or not.
Network Intrusion Detection System Using SNORT
detected intrusions. Systems with response capabilities are typically referred to as an
intrusion prevention system.
Network intrusion detection systems (NIDS) has been placed at a strategic point or
points inside a network for the purpose of monitoring the traffic that is generally towards or
from all devices connected with the network. This is generally associated with performing an
analysis of the traffic that is passing on the entire subnet, which is followed by matching of
the traffic which is generally passed on the subnets to the library of known attacks. After the
identification of the attack or abnormal behaviour is done, then an alert is sent to the
administrator. (An example of a NIDS would be installing it on the subnet where firewalls are
located in order to see if someone is trying to break into the firewall. Ideally one would scan
all inbound and outbound traffic, however doing so might create a bottleneck that would
impair the overall speed of the network.).Some of the common tools used for simulating
network intrusion detection systems mainly includes the OPNET and Net Sim. This type of
Systems is also capable of comparing signatures for similar packets in order to link and drop
the harmful detected packets that are consisting of a signature matching with the records in
the NIDS. When the classification of the design of NIDS is done according to the system
interactivity property, then it can be concluded that there are two types and this mainly
includes the 5fon-line and off-line NIDS, which are often referred to as inline and tap mode,
respectively. On-line NIDS is associated with dealing with the network on a real-time basis.
This is also associated with analysing the Ethernet packets along with the application of some
rules in order to decide if it is an attack or not. Off-line NIDS are associated with dealing
with the stored data, which is initially associated with the passing of it through some
processes in order to decide if it is an attack or not.
Network Intrusion Detection System Using SNORT
MN692 Capstone Project Report 8 51
2. Project Detailed Design
NIDS monitors the traffic that is headed towards the main system using applications.
It can be used either software or hardware based. It creates alert to the admin when the
attacker tries to enter the system. NIDS detects different kinds of attacks that try to enter into
the main system. There are several applications used in order to detect network intrusions,
snort is one of the major tools which is used to detect the intrusions and alert it regularly. As
these tools are open source and easy to install on any network which is cost-efficient. Snort is
mainly based on the rules which are stored in a file name called local. Rules which can be
customized according to the user requirements. It reads the customized rules and applies it to
the captured data.
There exists various kind of techniques in the literature for detecting the behaviours
related to intrusion. In recent times, intrusion detection has been associated with receiving a
lot of interest amongst the researchers and this has mainly happened due to the wide
application of this for preserving the security within a network. Here, we present some of the
techniques used for intrusion detection.
S. F. Owens and R. R. Levaryhas been associated with stating the fact that the
intruder detection systems have been commonly created by making use of the expert system
technology. However, the Intrusion Detection System (IDS) researchers have been associated
with biasing which is generally related to the construction of the systems which are generally
difficult to handle, along with lacking in insightful user interfaces, besides this, they are also
very inconvenient for usage with real-life circumstances. The adaptive expert system
proposed by them has been associated with the utilizing of fuzzy sets in order to detect the
attacks. Besides this, the implementation of the expert system can be considered as
comparatively easy while using it with computer system networks which have the capability
of getting adjusted to nature or to the degree of the threat. Experiments with Clips have been
Network Intrusion Detection System Using SNORT
2. Project Detailed Design
NIDS monitors the traffic that is headed towards the main system using applications.
It can be used either software or hardware based. It creates alert to the admin when the
attacker tries to enter the system. NIDS detects different kinds of attacks that try to enter into
the main system. There are several applications used in order to detect network intrusions,
snort is one of the major tools which is used to detect the intrusions and alert it regularly. As
these tools are open source and easy to install on any network which is cost-efficient. Snort is
mainly based on the rules which are stored in a file name called local. Rules which can be
customized according to the user requirements. It reads the customized rules and applies it to
the captured data.
There exists various kind of techniques in the literature for detecting the behaviours
related to intrusion. In recent times, intrusion detection has been associated with receiving a
lot of interest amongst the researchers and this has mainly happened due to the wide
application of this for preserving the security within a network. Here, we present some of the
techniques used for intrusion detection.
S. F. Owens and R. R. Levaryhas been associated with stating the fact that the
intruder detection systems have been commonly created by making use of the expert system
technology. However, the Intrusion Detection System (IDS) researchers have been associated
with biasing which is generally related to the construction of the systems which are generally
difficult to handle, along with lacking in insightful user interfaces, besides this, they are also
very inconvenient for usage with real-life circumstances. The adaptive expert system
proposed by them has been associated with the utilizing of fuzzy sets in order to detect the
attacks. Besides this, the implementation of the expert system can be considered as
comparatively easy while using it with computer system networks which have the capability
of getting adjusted to nature or to the degree of the threat. Experiments with Clips have been
Network Intrusion Detection System Using SNORT
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Cyber Security Detection of Common Attacks Using SNORT Project 2022lg...
|56
|14273
|14
Penetration Testing and Intrusion Detection Name of the University Authorlg...
|57
|5094
|316
MN692 Capstone Project (pdf)lg...
|20
|4252
|34
Network Intrusion Detection System: MN691 Research Methods and Project Designlg...
|44
|9418
|181
Manage Network and Data Integritylg...
|62
|2549
|302
ITC595 Research Project (Distributed Denial of Service Attacks)lg...
|6
|3302
|205