Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Intrusion Prevention System (IPS): Design, Implementation, and Evaluation

Verified

Added on 2019/09/26

AI Summary

The proposed Next Generation Intrusion Prevention System (NGIPS) aims to enhance the security and safety of corporate networks by detecting and preventing cyber threats. The system consists of five modules: Intrusion Detector, Honeypot, Honeynet, Snort, and Cyber Trap. The NGIPS will constantly monitor the network, detect potential threats, and take corrective actions to prevent attacks. The system's advantages include constant network monitoring, versatility, and ability to identify threats from both inside and outside the network. However, it also has a disadvantage in that it may incorrectly flag harmless activities as threats, leading to unnecessary lockdowns.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Project Dissertation
Title:Next-Generation Cybertrap For Corporate Intrusion Detection Servers and
Intrusion Prevention Servers in Enterprise Business.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1. INTRODUCTION
Cyber Trap becomes the trend setting word in the growing generations minds who
work upon a lot in the internet. This word will be more familiar for the corporate companies as
they come through such problems day-to-day basis. They make their process on the internet
which will make their work so easier and instant. Believing on this, these crew people collect
data from internet but they were not aware of the problems which will affect them later. Due to
this access of internet, the hidden side of the internet gets wild and gains lot of profit, but
locating and targeting the small corporate companies because they don’t maintain high security
in the internet. But they do believe that they have strong security connections that no one could
enter the area and access the data. Their intention is completely wrong because Cyber trap is a
huge background trap that takes out the data from their site with ease effort. They are
otherwise called as attackers of corporates who enjoy a lot in trapping and getting out the data
at at the most level.
According to a recent survey, it is obvious that 96% of the business people are fooled by
the Cyber Trap method. To know about the happenings, the company brought out a idea to
detect the attack made by the internet user. Then there was an emergence of processor called
honeypots to detect the malware capture, which is placed in a corner of a network to capture the
attackers. The proposed system is capable of detecting the network attacks on significant
resources and to capture the malwares being spread in the network. This system consists of
various modules to monitor the system after knowing and understanding the basics from the
human interaction. During the initial process of the detectors, they learn about the signature and
the behaviour of the malware. Later they were feeded with the modern executables and binaries

system which them capable to find out the malwares which harm the computing network. This
package checks for the malicious match to find out the harm material.
Then came into charge, the Intrusion Detection module which acts more effective which
watches out for the intrusion chances. When an attack is made, it comes into act making an
attentive alarm which intends in creating a honeypot to which will be the replica of the victim
resource. All the services which were running on the victim machine will be faked into the
honeypot, in case of this the attacker will redirected. But the IDS is very conscious clear that
the redirected work should not be found out by the attacker. This additional feature of this
makes a good hype in this intrusion module detector. This even too provides a system called
sandbox, which will not harm the operation of the original resources and maintain the records
in safe manner. There comes along an automated honeypot management system which manages
such critical circumstances.
Every particular process will have a design feature which goes from initial to final stages.
Such as this design is too made with five different modules namely Malware detector, Intrusion
detector, Honeypot Manager, Auditor and Backup manager.
To know about the attackers, the inventors had a different methods of plan to make
the attackers attract towards their honeypots. To make this happen they made their trap by
making the server most requested one and high ranking one which will lure more attackers. By
that time, the initial stage which is the Malware detector checks for the incoming threats
whereas the other modules will not get into charge unless they are needed. The honeypot
manager created the honeypots for the attackers to be detected to the server, then the Auditor
checks the system for any malicious activity and in the generated logs after particular events

next comes the Backup manager who will in charge to backup the resources and honeypots
whenever necessary.
1. Malware Detector:
The malware detector works with collaboration and runs independently on the
internet to detect and capture any malwares in the network. This module consists of various
functions, search for malwares in different ways, and later submits the result to the server for
further research. This module too has 3 types naming fetcher, watcher and hunter. A fetcher is a
service which does cross-matching to catch any malicious files. Watcher watches the network
for any harm file to capture. Hunter is a pre-processor which extracts Windows binaries which
come into the network and checks them for the unwanted harm files.
2. Intrusion detector:
Intrusion detector is similar when compared with the Hunter detector
which is a pre-processor which controls the calling of other modules. Whenever there is an
intrusion, the intrusion detector detects and shoots out an alert and calls other modules if
necessary alone. The intrusion detector module has a function for log parsing, which keeps its
eyes on the log for intrusion attempts. Even in this case, if a harm is detected an alarm is
provided to the administrator. The module looks for the harm, if any harm is detected, it
connects with honeypot module to create a honeypot and deal further with attacker.
3. Honeypot Manager:
This is one of the important module is the honeypot manager, which creates a honeypot to
locate the threats. The main function of this to create a honeypot to take out the threats by

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

fetching information form the intrusion detector. This module provides a sandbox feature, so
that the attacker can play inside the honeypot without interrupting the original resources.
4. Auditor:
The auditor module functions to collect all the data connecting to the network to check
for the intrusion or network changes. It checks for all changes which should be sent to the
Honeypot manager so that it can able to create an absolute replica of the damaged data.
5. Backup Manager:
The function of the Backup manager is so relevant to the name of the heading that it
should keep an backup of resources and the honeypots. This module takes regular backups and
always will be ready to provide the replica of resources and honeypots, to provide restoration in
case of any sudden events. It would also be capable of creating a Honeypot which was
previously attacked by the attacker. When instead of getting a clean honeypot, if an attacker
gets resource with plenty amount, he might tend to leave some traces as the attacker will be
keen on taking out the data and the attacker will not be recognising that they are playing with
honeypot which would easily find out the attacker. The Honeypot manager too contains the
backup of the resource.
INTRUSION PREVENTION SERVER
Intrusion prevention is a as similar to intrusion detector in which it is detected and taken out ,
but the advance level of it, is the intrusion preventor which prevents the attackers enter into the
network which is much required every corporate company who maintain their most valuable
and important data in the network. An exploit may carry out instant, after the attackers gain

access whereas the intrusion prevention detector have the ability to take quick action on it
based on a some kind of rules framed by the administrator. An effective intrusion detector
should perform very complex monitoring and analysis such as watching to the activity and
responding to the administrator patterns and individual patterns. To be factual, an Intrusion
Prevention System should use any product or method which used to keep away the attackers
from gaining access to the network suing the concept of firewalls and anti-virus software.
FIREWALL
Firewall is an internet security which controls the incoming signals and outgoing
signals in the networking server. Network firewalls filters the traffic between the signals and
run on computer hardware. Mostly, a firewall is often installed away from the rest of the
network so that no other illegal signals enter into the private sector of the company.
Firewall has three layers which protect the data to be attacked.
1. Packet filters firewall
2. Stateful filters firewall
3. Application layer firewall
CHALLENGES OF INTRUSIVE DETECTION SERVER
Network and intrusion detection systems play a huge role in security of the data by
preventing the data enter into the servers of corporates. To realise the full power of the
technology, the organisations must come over a variety of challenges.

The challenges are,
1. Ensuring an effective deployment:
While receiving such threats from the attackers, the organisations must make sure that the
security is in high level that is an effective deployment. In the world, many companies were not
aware of the complete overview of their network, however, deploying Intrusive Detection
server can be so difficult .so the organisation have to make sure that they ensure a good
deployment.
2. Managing the high volume of alerts:
To manage high level threats, the server is fixed with great alert signal which indicates the
illegal entry in the network or when the receiving signal does not match the pattern. So that the
alert volume should be hyper-active so that the company can compete the internet world with
full confidence which too helps them maintain their data in a secure manner.
3. Understanding and investigating the alerts:
Intrusive Detection Server consists of a very base level security, it looks so normal type of
security when it is place alone. When updated with an alert, it looks good and effective for
detecting the threats. When the IDS is investigated for its alerts it takes very less time and less
resources when compared to the other system which tends to determine the seriousness of the
alarm. Special skills are required for interrupting the system output where the organization may
lack the security in performing such functions.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

4. Knowing how to respond to threats:
IDS is very much effective in identifying the appropriate problem which is a great
feedback for the corporate companies but they couldn’t be too confident that they have high
security because Intrusion detection server just locates the problem which is just half the
problem solved. To solve the problem is important whereas responding correctly to the problem
is more important which behaves as the half the process in solving the problem. The lack
happens here in this IDS. Effective incident requires skills in this and have to know about the
robust procedures to solve the problem. To highlight the importance of having an appropriate
incident response plan in place, the incoming General Data Protection Regulation(GDPR)
requires organisations that continues any type of data to have right controls in right place to
report breaches to a relevant authority within two days or it will lead to a huge amount of dues.
Advantages of Intrusion Detection server:
1. Constant Network Monitoring:
Constant Network monitoring continuously work all 24*7 for the corporates which
make them fear free from the attackers. This feature allows the server to be safe even when the
user is in sleep or awake. It maintains security and detects the attacker and produces an alert
signal to the management.
2. Versatility of the system:
Intrusive detection server are customizable to accommodate special client needs. The
appointment will be based on versatile performance of an individual so that he can be efficient
enough to analyse the attacks and produce solutions to it. The system can monitor the threats

from both the inside and outside the network with the help of the system behavior the threats
can be identified.
Disadvantage of Intrusive detection server:
1. Telling threat from a friend:
The main disadvantage is that they does not have ability to tell the information from friend
to foe. Users inside may have harmless activity which will lead to lockdown to network. It will
be as same as locked until a undetermined period of time. The professional has to be on site to
identify the problem and reset the threat. For a business class people, this can cause a drastic
loss of revenue an client confidence, as any of companies partner may take business elsewhere
to a company with reliable network.
AIM AND OBJECTIVES
The main aim of this project is to find out that whether the organizations have enough
security measures to protect or prevent the information and data from cyber-attacks on the
World Wide Web. The main objectives for selecting this project are to find out whether the
available security standards and security practices are capable to protect the organizational data
and information from security threats and attacks.
Background and motivation
Cyber trap products nowadays installed in the private and public sectors all over the world.
Cyber trap products mainly applied to analyze the big data for monitoring the traffic in the
network and provide visibility on both the end of the network of the organizations. It also
provides a plan for the organization to show how they can secure their data and information.

Also, the cyber trap system is going to provide the information about IP and other suspicious
activities of the user as well as a system administrator. The cyber trap technology is going to
support the different type of technology among currently available technologies in the market
and from another different type of security threat situations.
PROBLEM
Nowadays, different types of organizations that have daily multiple types of traffic generations
at the applications level and from another different type of security threats use a cyber trap to
protect their network. Different types of security threats are possible so that most of the largest
global organization uses cyber trap methods to manage and secure the information and
identities as well as their technology infrastructure.
PROPOSED SOLUTION
Cyber trap is the leading solutions that can provide security to loss of data and
information over the system network of the organizations.
STRUCTURE OF THESIS
The thesis starts with the chapter 1.Introduction of next generation cyertrap for the
corporate. In chapter 2. Literature review about the intrusion prevention and detection are
surveyed. In chapter 3. Technologies used in the intrusion detection and prevention systems are
explained. In chapter 4. Design methodology used in the system is briefly explained. In chapter
5. Approaches used in the intrusion detection and prevention systems are illustrated. In chapter
6. Implementation of design is described. In chapter 7. Conclusion and future work of the
project is described.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

SUMMARY
Next Generation Intrusion Prevention System is also called as Intrusion Detection and
Prevention System (IDPS) where the cyber trap is implemented in the corporate for improving
its safety and security. Even though there are many security applications in the enterprise they
need additional security that to be implemented. The report is based on the explanation of
different mitigation methods or techniques that are used for storing the information and data in
the secure network system.

1 out of 11

+13062052269

info@desklib.com

Intrusion Prevention System (IPS): Design, Implementation, and Evaluation

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Regular Upgrade of Cybersecurity at Different Levels

Enhancing Cybersecurity: Developing a Trustworthy System

Spectral Analysis and Robust Controller for Drone Fleet Management

Impact of Cybersecurity Threats on Computer and IoT Resources

Network Forensics: Features and Benefits

Assignment | INFORMATION GOVERNANCE 2022