University Network Intrusion Detection Systems Assignment

Verified

Added on 2020/05/16

AI Summary

This report provides an analysis of network intrusion detection systems (NIDS), botnets, and malware. It begins by discussing the concept of botnets and their impact on network security, with a focus on the Zeus malware and its variants. The report explores various NIDS, including BroCisco, SNORT, and Suricata, and their capabilities in detecting malicious activities. It also examines the differences between signature-based and anomaly-based detection methods, and how modern NIDS integrate data mining and neural networks for improved performance. The report further explores the types of attacks, such as DDoS and Man-in-the-browser, and how they can be detected and mitigated using tools like TCPDump and HBD software. The report also discusses the use of Cronus for detecting Zeus malware and techniques for identifying Zeus malware in Android platforms, including drive-by-download and update attacks. The report also covers the peer-to-peer variant of Zeus Botnet and the use of runtime execution artifacts for malware identification. The report highlights the importance of NIDS in protecting networks from various threats and the need for continuous improvement in detection techniques.

Running head: NETWORK INTRUSION DETECTION SYSTEM
Network Intrusion Detection System
Name of the Student
Name of the University
Authors’ note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
NETWORK INTRUSION DETECTION SYSTEM
Botnet can be considered to be a network of computers that are infected with malware or
have been accessed by unauthorized users. Tor can help other users to access the services
anonymously provided by the clients by utilizing the mechanism of Tor network. The evaluation
of the Citadel Botnet can start by comparing Zeus malware with the subject, evaluating the open
source components followed by the use of reverse engineering. The most problematic threat
related to network security is the DDoS Botnet attack. Social bot Network or SbN is a prototype
that determines the vulnerability of OSNs or online social networks. SbN combines three
components: socialbots, botmaster and C&C channel.
NIDS include BroCisco NIDS, SNORT and Suricata. These NIDS cannot be detected by
malevolent entities. The modern NIDS are anomaly-based or signature-based and have enhanced
reliability and stability compatibility. Network-based and host-based are two main types of
intrusion detection systems. Modern NIDS are integrating data mining techniques as well as
neural networks for understanding attack trends and patterns. Self-Organizing Maps can classify
real-time datasets in a reliable, accurate and quicker manner. The issue of evasion attacks and
encrypted packets can be resolved by host-based IDS present in NIDS. PAYL is considered to be
the most reliable payload anomaly detector. TCPDump can detect unusual network activity.
Zeus botnet, a dangerous botnet used for hacking banking information can be detected by
HBD software. Man-in-the-browser attack is a type of Zeus attack that targets customers who
use Internet banking. Cronus can be considered to be IDS that detects Zeus malware and it is
extremely safe for the backing sector. Three techniques for characterizing Zeus malware in the
android platforms are drive-by-download, update attacks and repacking. The peer-to-peer variant
of Zeus Botnet has two purposes. Runtime execution artefacts can be used for easily identifying
Zeus malware.