Kashif Ishaq,Hafiz Ahsan Javed

2023-08-26

Abstract:The security trade confidentiality, integrity and availability are the main pillar of the information systems as every organization emphasize of the security. From last few decades, digital data is the main asset for every digital or non-digital organization. The proliferation of easily accessible attack software on the internet has lowered the barrier for individuals without hacking skills to engage in malicious activities. An Industrial organization operates a server that (Confluence) serves as a learning platform for newly hired employees or Management training officers, thereby making it vulnerable to potential attacks using readily available internet-based software. To mitigate this risk, it is essential to implement a security system capable of detecting and preventing attacks, as well as conducting investigations. This research project aims to develop a comprehensive security system that can detect attack attempts, initiate preventive measures, and carry out investigations by analyzing attack logs. The study adopted a survey methodology and spanned a period of four months, from March 1, 2023, to June 31, 2023. The outcome of this research is a robust security system that effectively identifies attack attempts, blocks the attacker's IP address, and employs network forensic techniques for investigation purposes. The findings indicate that deploying Snort in IPS mode on PfSense enables the detection of attacks targeting e-learning servers, triggering automatic preventive measures such as IP address blocking. The alerts generated by Snort facilitate investigative actions through network forensics, allowing for accurate reporting on the detrimental effects of the attacks.

Cryptography and Security

Rayco William,Ikhwan Ruslianto,Uray Ristian

DOI: https://doi.org/10.24114/cess.v8i1.40258

2023-01-21

Abstract:Server is a center for providing services and storing data in a computer network. A server is managed by server administrator who has a duty of monitoring security server. While on duty, there are deficiencies in detecting attacks, the slow information about the attacks, and how to handle attacks on the server. In this research, a server security system was created by implementing an Intrusion Prevention System (IPS) based on website and mobile applications. Attack detection focuses on ICMP and TCP port attacks with the latency time when the system responds to an attack is 99,89 ms (very good). The attack handling system was successfully carried out using Iptables against the attacker's IP that detected by the Suricata system through the website and mobile applications, to be given action which is divided into Drop, Reject and Accept. Administrators can quickly take the necessary precautions after receiving an automatic notification when the server is under attack via Telegram with an average speed is 3.41second. The ping attack, port scanning and ping of death (DoS) attacks resulted in an increase in the performance load on the local server with the initial conditions of CPU performance ranging from 10-19%, increasing when a ping attack occurred to 21,6%, memory 41,7%, and disk 19,6%. Port scanning increased by 85,9% CPU, memory 41,9%, and disk 20,3%. Ping of death increased CPU 90,4%, memory 42,9%, and disk 20,8%. Based on the tests that have been done, an excessive increase is found in the ping of death attack which results in server performance increasing to 90,4%, if the attack occurs for a long time then the server condition will be hang (damaged).

Yong-mei GAO,Ji-yi WU,Ling-di PING

DOI: https://doi.org/10.3969/j.issn.1673-629X.2009.08.039

2009-01-01

Abstract:Owing to many new characteristics such as central-less control and multi-hop communication,the security situation is more rigorous than that in the traditional Ad hoc network.Especially,when the number of nodes increase,the difficulty of building network,network availability and network security will be influenced badly.After the particular analysis of Sergio Marti's Watchdog and Pathrater arithmetic,intrusion detection system called SuperWatchdog,as the improved solution,was introduced to overcome the weakness of Watchdog.The main feature of the proposed system is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network.Simulation results show that our system decrease the overhead greatly,though it does not increase the throughput obviously.

Amilia Anggraeni,Jafaruddin Gusti Amri Ginting,Syariful Ikhwan

DOI: https://doi.org/10.20895/infotel.v14i4.813

2022-11-01

JURNAL INFOTEL

Abstract:Computer networks are built to achieve the main goal of communicating with each other . During the transmission process, it is expected that information can be conveyed quickly, efficiently and safely. Network security serves to avoid damage or even data loss caused by attacker activities during the communication process. Security aspects that need to be maintained in data information are Confidentiality, Integrity and Availability. Intrusion Prevention System is a solution that can maintain network security from various attacks. The Intrusion Prevention System will act as a protector on the network by detecting and preventing suspicious traffic on nodes in a network. The Intrusion Prevention System in its implementation has several tools which are used in this study, namely Snort and IPTables. Testing is done by performing attacks on the Web Server. The attacks carried out are Port Scanning, DDoS attacks and Brute Force. The results of this study are based on the CIA Triad with the three attacks having different characteristics in terms of cause and effect. On the defense side, Port Scanning and Brute Force can be easily prevented by IPS, but in DDoS attacks there are differences in results between drop and reject rule. In a DDoS attack with an action drop rule, it can recover the web server in 160 seconds while the action reject rule can be restored at 145 seconds which normally can be recovered in a DDoS attack in 165 seconds. The IPS server can also reduce resources when there is a DDoS attack by 9.2% .

Emre Erturk,Mayank Kumar

DOI: https://doi.org/10.48550/arXiv.1802.02359

2018-02-07

Abstract:First, this case study explores an Intrusion Detection System package called Snort (provided by Cisco Systems) in a cloud environment. Snort is an open source and highly scalable signature-based intrusion detection system. Here, Snort is deployed on Ubuntu Server 16.0.4 running on a virtual machine within a Microsoft Azure cloud system. This paper provides details on installing Snort on the virtual machine and configuring it for intrusion detection. The architecture here is based on a VM integrated IDS on Azure and demonstrates how a VM instance in the cloud can be secured through an IDS. Firewalls may be considered the first line of defense but they fail to secure systems from inside attacks. Next, two other areas (where Snort is less widely used) are briefly explored, namely library systems and mobile devices. Finally, this paper makes further recommendations on how a cloud network can be secured by distributed placement of the IDS and on each VM instances.

Cryptography and Security

YANG Tong,QIAO Xiang-dong,ZHENG Lian-qing

DOI: https://doi.org/10.3969/j.issn.1009-3516.2008.02.021

2008-01-01

Abstract:Snort,one of the best Open Source Network Intrusion Detection Systems,is analysed in detail,in this paper,for the sake of searching network intrusion detection system.Then a solution is proposed to eliminate the redundancy of snort's rule chain.Experiments are done,which show that the solution proposed is correct and effective.Finally,on the basis of ARP technology approach,NIDS is developed with the improved snort as kernel module.Its excellent performance proves the solution to be valid once again.

YU-XIN DING,MIN XIAO,AI-WU LIU,Yu-Xin Ding,Min Xiao,Ai-Wu Liu

DOI: https://doi.org/10.1109/icmlc.2009.5212282

2009-07-01

Abstract:Since most of current intrusion detection systems (IDS) only use one of the two detection methods, misused detection or anomaly detection, both of them have their own limitations. In this paper, the technique that combines misuse detection system with anomaly detection system (ADS) is used. The hybrid intrusion detection system (HIDS) contains three sub-modules, misused detection module, anomaly detection module and signature generation module. The basis of misused detection module is snort. Anomaly detection module is constructed by using frequent episode rule. And signature generation module is based on a variant of Apriori algorithm. Misused detection module uses the signature of attacks to detection the known attacks. Anomaly detection module can detect the unknown attacks and signature generation module extracts the signature of attacks that are detected by ADS module, and maps the signatures into snort rules.

Navya Iyengar

DOI: https://doi.org/10.48550/arXiv.2007.11654

2020-07-22

Networking and Internet Architecture

Abstract:Cloud-based and network-based technology has witnessed an exponential rise in development. Adaptation of these latest technologies has opened flood gates for data breaches, an increase in sophistication of cyber threats, and, a multitude of new attack vectors. Numerous tools and solutions are currently available for detection of these threats. Network-based Intrusion Detection Systems is one of the most effective tools implemented to maintain confidentiality, integrity, and, availability of networks. While there are several open source tools in the offing, this paper evaluates two open-source NIDS Snort and Suricata, along with strategic placement of multi sensor IDS in a WAN environment, in combination with NIDS, for in time threat detection and protection of systems.

. C. Ioannou,V. Vassiliou,S. M. Kasongo,Y. Sun,Y. Xiao,C. Xing,T. Zhang,Aman deep Kaur,Prakash Rao Ragiri,H. Alipour,Y. B. Al-Nashif,P. Satam

2020-01-01

Abstract:The threat of cyber intrusion is progressively high and harmful. Intrusion Detection Systems (IDS) provides the ability to identify security breaches in a system. A security breach will be taking any action based on the owner of the system believes unauthorized. Attacks in Wireless Networks (WNs) aim in limiting or even eliminating the ability of the network to perform its expected function. WNs are networks with limited resources and often deployed in uncontrollable environments that an intruder can easily access. WN attacks target specific network layer’s vulnerabilities but normally affect other layers as well. Network layer should be monitored and evaluated in order to detect possible malicious intervention. In this research, a general methodology of an anomaly-based Intrusion Detection System is proposed and evaluated the proposed system using routing layer attacks in Ad-hoc Distance Vector Routing (AODV) protocol and IDS is able to detect malicious activity and our solution delivered the packets to the receiver in a new route without discarding.

Sondy Kumajas,Julius Sasukul,Alexander Siwi,Hellena Saruan

DOI: https://doi.org/10.62711/ijite.v1i2.41

2022-03-24

Abstract:This study discusses the security analysis of Wireless Local Area Network (Wireless LAN) in the Community against external attacks on the Wireless Protected Access (WPA), Web Proxy, and Virtual Private Network (VPN) protocols, used to attack LAN. Three types of software are used as attackers, namely, Network Stumbler, Aircrack and Wireshark attackers. The software is used on the laptop at a distance of 5m to 25m from the Wireless LAN access point. From the experimental results, it can be seen that the fastest response time by the WPA Protocol was given by the Network Stumbler attacker, followed by Aircrack and Wireshark.

Heru Pranata,Leon Andretti Abdillah,Usman Ependi

DOI: https://doi.org/10.48550/arXiv.1508.05457

2015-08-22

Abstract:Development of information technology, especially in the field of computer network allows the exchange of information faster and more complex and the data that is exchanged can vary. Security of data on communication in the network is a major thing. Secure socket layer (SSL) is the solution to the problem, but further research on the security of the SSL protocol transactions should be done to determine the extent of SSL can secure the data on the network. When the computer sends data across the network, the data is transmitted in packets. Sniffing is a technique of monitoring of every packet traversing the network. Security threat presented by sniffers is their ability to capture all incoming and outgoing packets through the network, which includes the passwords, usernames and other sensitive issues. Packet sniffer captures the data addressed to other devices, which will then be stored for later analysis later. Sniffing can also be used by system administrators to monitor the network and solve problems in the network.

Cryptography and Security

YU Shun-zhi,WANG Chun-lu,XUE Yi-bo,WANG Dong-sheng

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.21.033

2006-01-01

Abstract:Intrusion detection is an importantnetworksecurity approach.Itcan monitor network traffic online and make the rapid response to the invasion.An intrusion detection system based on web is designed and implemented.This system is running on web browser,so it can store alerts and logs to database and provide them to the user through graphic interface.By this method,the user can conveniently search,sort andmanage thelog data.Thus it hasthefollowingfeatures: simple operation,flexibleconfiguration,andfriendlyinterface,etc.

Juan Tamalaki Ohyver,Dian W. Chandra

DOI: https://doi.org/10.35870/jtik.v7i3.845

2023-07-01

Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi)

Abstract:Jaringan virtual dalam lingkungan Server yang tervirtualisasi menggunakan Virtual Switch untuk menghubungkan lalu lintas jaringan pada Virtual Machine dengan jaringan fisik. Akan tetapi pada masa ini serangan yang dilancarkan oleh peretas seringkali terjadi pada lingkungan Server fisik maupun virtual. Peretasan pada keamanan jaringan komputer seringkali dilakukan oleh sekelompok orang yang ingin menembus suatu keamanan sebuah sistem. Aktivitas ini bertujuan untuk mencari, mendapatkan, mengubah, dan bahkan menghapus informasi. Maka dari itu penggunaan OpenvSwitch serta penerapan NIDS di dalamnya sangat berguna untuk keamanan jaringan virtual. Pada penelitian ini dilakukan simulasi untuk mencari tau seberapa besar persentase keberhasilan NIDS dalam mendeteksi serangan DOS yang diarahkan ke OpenvSwitch. Dari hasil penelitian ini, Persentase keberhasilan Snort dalam mendeteksi serangan di pengujian ini yaitu sekitar ± 75%.

Muhammad Sheeraz,Muhammad Hanif Durad,Shahzaib Tahir,Hasan Tahir,Saqib Saeed,Abdullah M. Almuhaideb

DOI: https://doi.org/10.1109/access.2024.3395123

IF: 3.9

2024-05-07

IEEE Access

Abstract:Intrusion Prevention Systems (IPS), capable of preventing the organizational network from a cyber-attack in addition to detecting it, are widely adopted by organizations to protect their networks from unauthorized access, attacks, and malicious activities. Similarly, Snort an open-source IPS is extensively used for effective network security monitoring and analysis. When functioning as an IPS, Snort can be deployed in inline mode within an organizational network, so that all the organizational network traffic travels through it, hence actively blocking or preventing malicious traffic in real-time. This requires Snort to process the network traffic fast enough to match the network traffic line rate. But the Snort IPS default data acquisition module i.e. advanced packet filtering (AF_PACKET) cannot process network traffic at the line rate that causes packet loss and network services disturbance. This research work discusses the technologies available to make Snort IPS process network traffic at line rate. Packet filtering framework (PF_RING) and data plane development kit (DPDK) are the most effective and widely used software technologies, whereas the Napatech smart network interface card (smartNIC) is a very efficient hardware technology for achieving line rate traffic processing. A throughput comparison shows that PF_RING and DPDK achieve a throughput close to 1G with 100% CPU utilization whereas Napatech smartNIC achieves full 1G throughput with CPU utilization of less than 5%. Furthermore, the integration of Snort IPS with the security information and event management (SIEM) system has been discussed for better attack detection in an organizational network.

computer science, information systems,telecommunications,engineering, electrical & electronic

Saloni Anand,Kshitij Patne

DOI: https://doi.org/10.22214/ijraset.2022.44761

2022-06-30

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: Intrusion Detection systems are now increasingly significant in network security. As the number of people using the internet grows, so does the chance of a cyberattack. People are adopting signature-based intrusion detection systems. Snort is a popular open-source signature-based intrusion detection system. It is widely utilised in the intrusion detection and prevention arena across the world. The aim of this research is to provide knowledge about intrusion detection systems, application vulnerabilities, and their prevention methods and to perform a comparison of the latest tools and mechanisms used to detect these threats and vulnerabilities.

Mohammad Saiful Islam Mamun,A. F. M. Sultanul Kabir,A.F.M. Sultanul Kabir

DOI: https://doi.org/10.48550/arXiv.1208.3772

2012-08-18

Cryptography and Security

Abstract:In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.

Nurwan Reza Fachrurrozi,Andri Agustav Wirabudi,Seandy Arandiant Rozano

DOI: https://doi.org/10.22441/sinergi.2023.1.013

2023-01-18

Sinergi

Abstract:Institut Teknologi Telkom Jakarta (IT Telkom Jakarta) is an educational institution that supports student activities and provides internet capabilities to implement online learning systems. As the number of students increases with every year, so does the use of the internet and intranet networks and the experienced network problems. A network administrator is a person who is responsible for managing a computer network. Network administrators usually face network problems in monitoring network devices. This is because the process and operation are done manually. This means network administrators need direct access to the location to monitor all resources. Therefore, a network device monitoring system is needed to manage network devices centrally. This research focuses on the problem of monitoring network devices using open-source tools and software. Based on the implementation results, free network monitoring software such as LibreNMS can track and monitor all devices in all conditions and notify the active device condition in case of network failure such as up, down, reboot to the administrator via Line Notify, Telegram, and Email. With this network monitoring system, IT Telkom Jakarta is expected to be able to implement an integrated and well-monitored internet network system. Besides, the results of this study also produce real-time data on bandwidth usage, logging problems, and resource availability. This can significantly improve network availability and security.

Xinming Chen,Yiyao Wu,Lianghong Xu,Y. Xue

2009-01-01

Abstract:As security threats and network bandwidth increase in a very fast pace, there is a growing interest in designing highperformance network intrusion detection system (NIDS). This paper presents a parallelization strategy for the popular open-source Snort to build a high performance NIDS on multi-core IA platform. A modular design of parallel NIDS based on Snort is proposed in this paper. Named Para-Snort, it enables flexible and easy module design. This paper also analyzed the performance impact of load balancing and multi-pattern matching. Modified-JSQ and AC-WM algorithms are implemented in order to resolve the bottlenecks and improve the performance of the system. Experimental results show that Para-Snort achieves significant speedup of 4 to 6 times for various traces with a 7-thread parallelizing test setup.

Wenchao Li,Ping Yi,Yue Wu,Li Pan,Jianhua Li

DOI: https://doi.org/10.1155/2014/240217

2014-01-01

Journal of Electrical and Computer Engineering

Abstract:The Internet of Things has broad application in military field, commerce, environmental monitoring, and many other fields. However, the open nature of the information media and the poor deployment environment have brought great risks to the security of wireless sensor networks, seriously restricting the application of wireless sensor network. Internet of Things composed of wireless sensor network faces security threats mainly from Dos attack, replay attack, integrity attack, false routing information attack, and flooding attack. In this paper, we proposed a new intrusion detection system based on K -nearest neighbor ( K -nearest neighbor, referred to as KNN below) classification algorithm in wireless sensor network. This system can separate abnormal nodes from normal nodes by observing their abnormal behaviors, and we analyse parameter selection and error rate of the intrusion detection system. The paper elaborates on the design and implementation of the detection system. This system has achieved efficient, rapid intrusion detection by improving the wireless ad hoc on-demand distance vector routing protocol (Ad hoc On-Demand Distance the Vector Routing, AODV). Finally, the test results show that: the system has high detection accuracy and speed, in accordance with the requirement of wireless sensor network intrusion detection.

Norkhushaini Awang,Ganthan Narayana Samy,Noor Hafizah Hassan,Nurazean Maarop,Pritheega Magalingam,Norshaliza Kamaruddin

DOI: https://doi.org/10.1088/1742-6596/1551/1/012006

2020-05-01

Journal of Physics: Conference Series

Abstract:Abstract Comprehensive risk assessment implementation in an organization is crucial in order to safeguard valuable organization assets and to minimize information security threats. Thus, inadequate information security risk assessment may result in compromised confidentiality, integrity, and availability of the information system due to unauthorized access particularly in the education domain. Therefore, the objective of this paper is to identify several information security threat risks related to the University Information System. Hence, data from intrusion prevention system (IPS) has been collected from the selected university campus network. Moreover, under Python language, Anaconda is used as a machine learning environment to do the data analysis of the collected data. Basically, the analysis of the university campus network data identified various types of information security threats such as database-related attacks. The contribution of this research is to guide the network administrator to develop an appropriate incident response plan based on the identified threats from the risk assessment activity.