Auckland University Case Study: Forensic Evidence Availability in IDSs
VerifiedAdded on  2023/06/14
|8
|2383
|95
Case Study
AI Summary
This case study analyzes the effectiveness of three Intrusion Detection Systems (IDS) – OSSEC, PRELUDE, and PADS – in detecting and providing forensic evidence related to network attacks. The experimental setup involved deploying these IDSs in a LAN environment and subjecting them to various attacks such as TCP SYN flood, Port Scan, DDoS, and Packet Sniffing. The evaluation focused on the ability of each IDS to generate alerts and provide data for forensic investigation. The study found that PRELUDE was the most promising IDS, capable of detecting most attacks except TCP SYN flood. The PADS system required additional software (Sguil) for user interface and alert management, while OSSEC was enhanced with Splunk for data integrity. The reflection highlights the importance of cryptographic hash values in verifying system integrity and the benefits of Prelude IDS in securing LAN networks. The study concludes that Prelude is the most effective single IDS, while combining all three IDSs may reduce overall efficiency.
Interpretation and Critique of Research Findings
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
Introduction:...............................................................................................................................2
Discussion..................................................................................................................................2
Reflection...................................................................................................................................4
Conclusion..................................................................................................................................6
References..................................................................................................................................7
Introduction:...............................................................................................................................2
Discussion..................................................................................................................................2
Reflection...................................................................................................................................4
Conclusion..................................................................................................................................6
References..................................................................................................................................7
Introduction:
The proposed paper assists in focusing on the effectiveness of the Intrusion detection system
(IDS) implemented in the LAN network system. The security level of the physical and
conceptual asset can be improved with the implementation of IDS environment. The
evaluation of the IDS in preventing the four different attacks helps in analysing the efficiency
and effectiveness of the IDS environment. The analysis of the findings highlights the
significance of IDS system implemented in the LAN network.
Discussion
The experimental design of the LAN is set up for the deployment of two server, firewall, and
switches. The IDS database was created to monitors attacks on the network. The Installation
of the IDS is the major concern for handling the packets over network. The Open source host
based intrusion detection system (OSSEC) installation is preferred for the 1st IDS which is
best suitable for the Window 7 server. The 2nd IDS was installed with the help of prelude
environment. Protected archive distribution system (PADS) installation is preferred for the 3rd
IDS. These systems of installation are used by the author on the basis of his pattern of
evaluation. The alerts are generated by the IDS configuration for the deployment of the
forensic result of the attacks.
The author had done the successful implementation of IDS environment which was required
to perform the activity of attacks. The attacks were performed to analyse the success of the
IDS environment in protecting the premises from the damage which can be caused from the
attack. The Reconnaissance attack was performed on the Linux operating system. The denial
of service attack was performed on the other network. The status of both the attacks have
been checked and compared for before and after systems. The result of the denial of service
attack can be measured by the difference in graph:
The demonstration of the experimentation designed by the author helps in achieving the
security. The effective result can be drawn from further experimental setup. The Denial of
service attack was the dictionary attack which is launched by creating the different profiles of
usernames and password. The flow of packet should be monitored on the wireshark software.
The capability of handling traffic on the wireshark operating system helps in judging the
The proposed paper assists in focusing on the effectiveness of the Intrusion detection system
(IDS) implemented in the LAN network system. The security level of the physical and
conceptual asset can be improved with the implementation of IDS environment. The
evaluation of the IDS in preventing the four different attacks helps in analysing the efficiency
and effectiveness of the IDS environment. The analysis of the findings highlights the
significance of IDS system implemented in the LAN network.
Discussion
The experimental design of the LAN is set up for the deployment of two server, firewall, and
switches. The IDS database was created to monitors attacks on the network. The Installation
of the IDS is the major concern for handling the packets over network. The Open source host
based intrusion detection system (OSSEC) installation is preferred for the 1st IDS which is
best suitable for the Window 7 server. The 2nd IDS was installed with the help of prelude
environment. Protected archive distribution system (PADS) installation is preferred for the 3rd
IDS. These systems of installation are used by the author on the basis of his pattern of
evaluation. The alerts are generated by the IDS configuration for the deployment of the
forensic result of the attacks.
The author had done the successful implementation of IDS environment which was required
to perform the activity of attacks. The attacks were performed to analyse the success of the
IDS environment in protecting the premises from the damage which can be caused from the
attack. The Reconnaissance attack was performed on the Linux operating system. The denial
of service attack was performed on the other network. The status of both the attacks have
been checked and compared for before and after systems. The result of the denial of service
attack can be measured by the difference in graph:
The demonstration of the experimentation designed by the author helps in achieving the
security. The effective result can be drawn from further experimental setup. The Denial of
service attack was the dictionary attack which is launched by creating the different profiles of
usernames and password. The flow of packet should be monitored on the wireshark software.
The capability of handling traffic on the wireshark operating system helps in judging the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
successful implementation of packet sniffing attack. The data gathered from the three
sections of attacks to check the efficiency of the alert generation by the intrusion detection
system installed in the different operating system taken under consideration. It helps in
analysing the setup of the connection between operating machine and the attacker. The
generation of the alert from the three different IDS environment helps in judging the
capability of the IDS used for securing the environment. The database or the log file should
be developed for keeping the details of the experimental setup. The accuracy of the IDS
environment can be measured by calculating the cryptographic hash value of the system
before and after implementation of the IDS. The difference in the values helps in analysing
the faults which occurred in the IDS system. The zero difference between the two hash value
under consideration helps in the analysis of the efficiency and accuracy of the proposed IDS
environment. The examination of the attacks helps in finding the result of the proposed
project.
The PADS environment is not capable of exporting the alert information in the database for
investigation as there is no support of user interface. For collecting the details of the PADS
system, it is required to add extra software which is named as Sguil which is responsible for
collecting the information related to the alert generate by the PAD system (Alsaiari, 2016).
The User interface is ceated on the PADS system with the use of Sguil software. This
software has the capability of managing information between sender and receiver.
The efficiency of the different intrusion detection system with respect to different attacks can
be analysed from the evaluation table which is designed for analysing the generation of alert:
Attack Type PADS OSSEC PRELUDE
TCP SYN flood
attack
Not detected Not Detected Not Detected
Port Scan Attack Detected Detected Detected
Dictionary or DDoS
attack
Not Detected Detected Detected
Packet Sniffing Not Detected Partially detected Detected
The research analysis says that Prelude is the most promising intrusion detection system
comparative to PADS and OSSEC IDS environment. Only TCP SYN flood attack is not
detected by the Prelude. It is capable of generating alert on the inclusion of attacks named as
sections of attacks to check the efficiency of the alert generation by the intrusion detection
system installed in the different operating system taken under consideration. It helps in
analysing the setup of the connection between operating machine and the attacker. The
generation of the alert from the three different IDS environment helps in judging the
capability of the IDS used for securing the environment. The database or the log file should
be developed for keeping the details of the experimental setup. The accuracy of the IDS
environment can be measured by calculating the cryptographic hash value of the system
before and after implementation of the IDS. The difference in the values helps in analysing
the faults which occurred in the IDS system. The zero difference between the two hash value
under consideration helps in the analysis of the efficiency and accuracy of the proposed IDS
environment. The examination of the attacks helps in finding the result of the proposed
project.
The PADS environment is not capable of exporting the alert information in the database for
investigation as there is no support of user interface. For collecting the details of the PADS
system, it is required to add extra software which is named as Sguil which is responsible for
collecting the information related to the alert generate by the PAD system (Alsaiari, 2016).
The User interface is ceated on the PADS system with the use of Sguil software. This
software has the capability of managing information between sender and receiver.
The efficiency of the different intrusion detection system with respect to different attacks can
be analysed from the evaluation table which is designed for analysing the generation of alert:
Attack Type PADS OSSEC PRELUDE
TCP SYN flood
attack
Not detected Not Detected Not Detected
Port Scan Attack Detected Detected Detected
Dictionary or DDoS
attack
Not Detected Detected Detected
Packet Sniffing Not Detected Partially detected Detected
The research analysis says that Prelude is the most promising intrusion detection system
comparative to PADS and OSSEC IDS environment. Only TCP SYN flood attack is not
detected by the Prelude. It is capable of generating alert on the inclusion of attacks named as
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Port scan attack, Dictionary or DDoS attack, and packet sniffing attack (Jain, 2014). The
analysis report helps in measuring the efficiency of the IDS environment such as PADS IDS
environment is capable of recognising 100% flow of Port scanning attack but inefficient in
recognising the attack of DDoS, Packet sniffing and TCP SYN attack. The OSSEC IDS
environment is 100 % efficient in detecting DDoS and Port scan attack and 0% inefficient in
detecting the attack of TCP SYN flood attack and packet sniffing attack. The Prelude IDS
environment is 100% efficient100 % efficient in detecting DDoS, packet sniffing attack and
Port scan attack and 0% inefficient in detecting the attack of TCP SYN flood attack. The
repetition of the attacking process gives the same result as discussed above. The PADS
environment makes use of extra software named as Sguil for displaying the information in the
better and authentic manner (Garfinkel, Farrel, Roussev, & Dinolt). The Sguil software is
useful for the network investigator in providing useful information in the formatted manner.
The OSSEC platform is incorporated with Splunk software for managing the integrity of data
and providing relevant information to the user on demand. The documentation of the data is
done in the formatted manner. The prelude software is incorporated with Prewikka software
for providing information in the visual format. It can also combined with the Suricata
software for gathering relevant information and protect the premises from the DDoS attack in
more efficient manner. The critical element of the offence can be detected with the
deployment of planned operation in the sequential manner so as to get the required output of
the experiment undertaken.
Reflection
The arrangement of the experimental review program helps me to analyse the procedure how
the attack can harm our computer hardware and software and what methodology should be
adopted to secure them from the harmful destruction caused by the attack. The use of alert
systems helps us to notify the effectiveness of the proposed software in handling the type of
attacks. I have analysed that the accuracy of the IDS environment can be measured by
calculating the cryptographic hash value of the system before and after implementation of the
IDS. The difference in the values helps in analysing the faults which occurred in the IDS
system. The zero difference between the two hash value under consideration helps in the
analysis of the efficiency and accuracy of the proposed IDS environment. During the course
of experiment the efficiency of the intrusion detection system to secure the premises from the
attacks, I am able to sharpen my knowledge related to the malicious attacks and how they
should be handled. I am also able to learn the functionality of different software in relation to
the handling of malicious attack and intrusion detection system. The research analysis helps
me to evaluate that Prelude is the most promising intrusion detection system in comparison to
PADS and OSSEC IDS environment. Only TCP SYN flood attack is not detected by the
analysis report helps in measuring the efficiency of the IDS environment such as PADS IDS
environment is capable of recognising 100% flow of Port scanning attack but inefficient in
recognising the attack of DDoS, Packet sniffing and TCP SYN attack. The OSSEC IDS
environment is 100 % efficient in detecting DDoS and Port scan attack and 0% inefficient in
detecting the attack of TCP SYN flood attack and packet sniffing attack. The Prelude IDS
environment is 100% efficient100 % efficient in detecting DDoS, packet sniffing attack and
Port scan attack and 0% inefficient in detecting the attack of TCP SYN flood attack. The
repetition of the attacking process gives the same result as discussed above. The PADS
environment makes use of extra software named as Sguil for displaying the information in the
better and authentic manner (Garfinkel, Farrel, Roussev, & Dinolt). The Sguil software is
useful for the network investigator in providing useful information in the formatted manner.
The OSSEC platform is incorporated with Splunk software for managing the integrity of data
and providing relevant information to the user on demand. The documentation of the data is
done in the formatted manner. The prelude software is incorporated with Prewikka software
for providing information in the visual format. It can also combined with the Suricata
software for gathering relevant information and protect the premises from the DDoS attack in
more efficient manner. The critical element of the offence can be detected with the
deployment of planned operation in the sequential manner so as to get the required output of
the experiment undertaken.
Reflection
The arrangement of the experimental review program helps me to analyse the procedure how
the attack can harm our computer hardware and software and what methodology should be
adopted to secure them from the harmful destruction caused by the attack. The use of alert
systems helps us to notify the effectiveness of the proposed software in handling the type of
attacks. I have analysed that the accuracy of the IDS environment can be measured by
calculating the cryptographic hash value of the system before and after implementation of the
IDS. The difference in the values helps in analysing the faults which occurred in the IDS
system. The zero difference between the two hash value under consideration helps in the
analysis of the efficiency and accuracy of the proposed IDS environment. During the course
of experiment the efficiency of the intrusion detection system to secure the premises from the
attacks, I am able to sharpen my knowledge related to the malicious attacks and how they
should be handled. I am also able to learn the functionality of different software in relation to
the handling of malicious attack and intrusion detection system. The research analysis helps
me to evaluate that Prelude is the most promising intrusion detection system in comparison to
PADS and OSSEC IDS environment. Only TCP SYN flood attack is not detected by the
Prelude. It is capable of generating alert on the inclusion of attacks named as Port scan attack,
Dictionary or DDoS attack, and packet sniffing attack. The cryptographic approach is useful
for examining the efficiency of the IDS system because the calculation of the hash value
helps in measuring the effectiveness of the system. The generation of the alert system helps in
successful implementation of the LAN network. The calculation of the hash value helps in
bringing the accuracy and the integrity of the system. The deployment of the research helps in
analysing the Live working of managing flow of attack to make secure our LAN network.
The report of the databases helps in evaluating the generation of alerts by the different system
in the different environment of attack. From the analysis I am able to judge that Prelude IDS
environment is the best environment in comparison to other IDS because it is able to secure
premises from all the attack except the TCP SYN attack. It gives the clear demonstration of
the effectiveness of the system.
From the findings of the research analysis, I am able to gather knowledge about the intrusion
detection system which are taken under experimentation. From the result of the experimental
process, It can be clearly predicted the efficiency of the different types of IDS. Prelude is the
best suitable IDS platform for generating the alert due to the attack of port scanning, DDoS,
packet sniffing, and others. The researchers have undertaken one more experiment to detect
that the efficiency of the system get increased if all the three IDS environment applied on the
system. The analysis of this experiments help me to learn that if all the three IDS
environment are applied to the single LAN network than the efficiency of the system get
decreased because they were unable to detect the occurrence of DDoS attack. The Prelude
environment is alone capable of detecting the occurrence of the attacks. It is better to apply
prelude rather than the combination of all three IDS environment. The deployment of the
experiments in different environment helps me to gain knowledge to know the strength and
weaknesses of the correspondent IDS environment. The deployment of the planned
operational plan is capable of reconstructing the digital resources. The critical element of the
offence can be detected with the deployment of planned operation in the sequential manner so
as to get the required output of the experiment undertaken. The security of the LAN network
can be specified through the estimation of availability content. The overextension of the
resources can be easily accessible to the LAN network. The password of the system can be
hacked through the DDoS attack. The implementation of the IDS environment helps in
securing the password to be hacked by the third party.
From the experimentation, I am able to recognise the efficiency of the PADS IDS
environment. The PADS IDS environment is not capable of generating alert signal in any of
the attack. The signature based detection can be recognised through the PADS IDS
Dictionary or DDoS attack, and packet sniffing attack. The cryptographic approach is useful
for examining the efficiency of the IDS system because the calculation of the hash value
helps in measuring the effectiveness of the system. The generation of the alert system helps in
successful implementation of the LAN network. The calculation of the hash value helps in
bringing the accuracy and the integrity of the system. The deployment of the research helps in
analysing the Live working of managing flow of attack to make secure our LAN network.
The report of the databases helps in evaluating the generation of alerts by the different system
in the different environment of attack. From the analysis I am able to judge that Prelude IDS
environment is the best environment in comparison to other IDS because it is able to secure
premises from all the attack except the TCP SYN attack. It gives the clear demonstration of
the effectiveness of the system.
From the findings of the research analysis, I am able to gather knowledge about the intrusion
detection system which are taken under experimentation. From the result of the experimental
process, It can be clearly predicted the efficiency of the different types of IDS. Prelude is the
best suitable IDS platform for generating the alert due to the attack of port scanning, DDoS,
packet sniffing, and others. The researchers have undertaken one more experiment to detect
that the efficiency of the system get increased if all the three IDS environment applied on the
system. The analysis of this experiments help me to learn that if all the three IDS
environment are applied to the single LAN network than the efficiency of the system get
decreased because they were unable to detect the occurrence of DDoS attack. The Prelude
environment is alone capable of detecting the occurrence of the attacks. It is better to apply
prelude rather than the combination of all three IDS environment. The deployment of the
experiments in different environment helps me to gain knowledge to know the strength and
weaknesses of the correspondent IDS environment. The deployment of the planned
operational plan is capable of reconstructing the digital resources. The critical element of the
offence can be detected with the deployment of planned operation in the sequential manner so
as to get the required output of the experiment undertaken. The security of the LAN network
can be specified through the estimation of availability content. The overextension of the
resources can be easily accessible to the LAN network. The password of the system can be
hacked through the DDoS attack. The implementation of the IDS environment helps in
securing the password to be hacked by the third party.
From the experimentation, I am able to recognise the efficiency of the PADS IDS
environment. The PADS IDS environment is not capable of generating alert signal in any of
the attack. The signature based detection can be recognised through the PADS IDS
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
environment. The capabilities of the IDS environment can be improved by combining the
features of Sguil software to present the information in the formatted manner. The
Reconnaissance attack can be recognised by the combined effect of Sguil and PADS IDS
environment.
The information stored in the Database can be recognized from the attack of malicious
software with the use of OSSEC IDS environment. The launch of the attack is the most
crucial and critical part of the experimentation because it helps in deciding which IDS
environment should be promoted for diagnosing the occurrence of the malicious attack. The
failure of the IDS environment helps in measuring the efficiency and inefficiency of the
proposed IDS environment which are taken under investigation. The analysis tools helps in
recognizing the victim devices which are affected by the different types of attack. The
evaluation of the system helps in measuring the occurrence of alert in the different IDS
environment. The deployment of the IDS environment helps in recognizing the amount of
time taken by the different IDS environment to be installed in the system.
Conclusion
From the analysis of the experimental set up organized on the three different IDS
environment named as OSSEC, PRELUDE, and PADS by the four types of attack named as
TCP SYN, Packet sniffing, DDoS, and Port scan attack is concluded that Prelude is the best
IDS environment because it is capable of protecting the premises from the three attacks
which are Packet sniffing, DDoS, and Port scan. This IDS environment is inefficient in
diagnosing the TCP SYN attack. The critical element of the offence can be detected with the
deployment of planned operation in the sequential manner so as to get the required output of
the experiment undertaken. The generation of the alert from the three different IDS
environment helps in judging the capability of the IDS used for securing the environment.
The database or the log file should be developed for keeping the details of the experimental
setup. The research analysis says that Prelude is the most promising intrusion detection
system comparative to PADS and OSSEC IDS environment. The accuracy of the IDS
environment can be measured by calculating the cryptographic hash value of the system
before and after implementation of the IDS.
features of Sguil software to present the information in the formatted manner. The
Reconnaissance attack can be recognised by the combined effect of Sguil and PADS IDS
environment.
The information stored in the Database can be recognized from the attack of malicious
software with the use of OSSEC IDS environment. The launch of the attack is the most
crucial and critical part of the experimentation because it helps in deciding which IDS
environment should be promoted for diagnosing the occurrence of the malicious attack. The
failure of the IDS environment helps in measuring the efficiency and inefficiency of the
proposed IDS environment which are taken under investigation. The analysis tools helps in
recognizing the victim devices which are affected by the different types of attack. The
evaluation of the system helps in measuring the occurrence of alert in the different IDS
environment. The deployment of the IDS environment helps in recognizing the amount of
time taken by the different IDS environment to be installed in the system.
Conclusion
From the analysis of the experimental set up organized on the three different IDS
environment named as OSSEC, PRELUDE, and PADS by the four types of attack named as
TCP SYN, Packet sniffing, DDoS, and Port scan attack is concluded that Prelude is the best
IDS environment because it is capable of protecting the premises from the three attacks
which are Packet sniffing, DDoS, and Port scan. This IDS environment is inefficient in
diagnosing the TCP SYN attack. The critical element of the offence can be detected with the
deployment of planned operation in the sequential manner so as to get the required output of
the experiment undertaken. The generation of the alert from the three different IDS
environment helps in judging the capability of the IDS used for securing the environment.
The database or the log file should be developed for keeping the details of the experimental
setup. The research analysis says that Prelude is the most promising intrusion detection
system comparative to PADS and OSSEC IDS environment. The accuracy of the IDS
environment can be measured by calculating the cryptographic hash value of the system
before and after implementation of the IDS.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
References
Alsaiari, E. (2016). Evaluating the availability of Forensic evidence from three IDS: Tool
ability. Retrieved from
http://aut.researchgateway.ac.nz/bitstream/handle/10292/10232/AlsaiariEA.pdf?
sequence=3
Garfinkel, S., Farrel, P., Roussev, V., & Dinolt, G. (2009). Bringing science to digital
forensic with standardized forensic corpora. Retrieved from
http://old.dfrws.org/2009/proceedings/p2-garfinkel.pdf
Jain, A. (2016). Application of intrusion detection system in automatic evidence collection
using digital forensics. Retrieved from http://ethesis.nitrkl.ac.in/5602/1/E-56.pdf
Alsaiari, E. (2016). Evaluating the availability of Forensic evidence from three IDS: Tool
ability. Retrieved from
http://aut.researchgateway.ac.nz/bitstream/handle/10292/10232/AlsaiariEA.pdf?
sequence=3
Garfinkel, S., Farrel, P., Roussev, V., & Dinolt, G. (2009). Bringing science to digital
forensic with standardized forensic corpora. Retrieved from
http://old.dfrws.org/2009/proceedings/p2-garfinkel.pdf
Jain, A. (2016). Application of intrusion detection system in automatic evidence collection
using digital forensics. Retrieved from http://ethesis.nitrkl.ac.in/5602/1/E-56.pdf
1 out of 8
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.