Network traffic monitoring and attack detection using snort tool

Snort an open-source intrusion detection and prevention system (IDS/IPS), for monitoring network traffic and detecting Distributed Denial of Service (DDoS) attacks. The research addresses the growing concern of network vulnerabilities aggravated by the emergence of sophisticated DDoS attack techniques. A key objective is to design and customized Snort rules to identify and differentiate between normal and malicious network traffic, particularly focusing on TCP SYN flood and UDP flood attacks. The project using Hping3 tool to generate various traffic scenarios, facilitating comprehensive testing in both real-world and simulated environments. Performance evaluation metrics, including detection accuracy and confusion matrix analysis, are used to validate Snort effectiveness in identifying attack patterns. Results testing that the system achieves a detection accuracy of 100%, effectively mitigating threats by triggering alerts and proactively dropping malicious traffic. Although the project successfully proves real-time traffic monitoring and DDoS detection, limitations include the focus on specific protocols and reliance on predefined rules, which may not cover more sophisticated attack methods. Future enhancements suggest integrating visualization tools like Kibana and SIEM systems such as Sguil to improve analytics and response times. This research underscores the potential of Snort as a scalable and adaptable solution for modern network security challenges.