A signature based intrusion detection system (IDS) : using snort / Nik Mariza Nik Abdul Malik

Nik Abdul Malik, Nik Mariza (2004) A signature based intrusion detection system (IDS) : using snort / Nik Mariza Nik Abdul Malik. Masters thesis, Universiti Teknologi MARA.

Download

[thumbnail of TM_NIK MARIZA NIK ABDUL MALIK CS 04_5.pdf] Text
TM_NIK MARIZA NIK ABDUL MALIK CS 04_5.pdf

Download (1MB)

Abstract

Intrusion detection has become the main issue to consider by any organization transporting sensitive and confidential information over the network. This is because those organizations are exposed to intruders. Intrusion Detection Systems (IDS) are software or hardware systems that automate the process of monitoring intrusion events that occur in a computer system or network, and analyze them for signs of intrusions. Today, the number of IDS has increased rapidly. Most IDS are signature based, which means that they make use of a certain pattern of a packet to identify intrusion in the network traffic. This pattern of a packet is also known as ' signature' . This signature needs to be up-to-date to ensure that the IDS is working properly and able to identify the pattern of interest. The task of updating signature can either be done by network administrator or using the default installation installed by the IDS vendor. Therefore, the objective of this research is to simulate the actual process involved in identifying a signature to write a rule. It uses a signature based IDS named Snort that is capable of detecting an intrusion using a signature, which is embedded in its rule sets. This research is done in a controlled laboratory environment, which consists of small Local Area Network (LAN). As a result of this research, seven steps have been identified in the process of identifying the signature of a packet to write a rule. This rule is used to detect the abnormal packet, which is a possible intrusion packet for the respective implemented network environment.

Metadata

Item Type: Thesis (Masters)
Creators:
Creators
Email
Nik Abdul Malik, Nik Mariza
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Instruments and machines > Electronic Computers. Computer Science
Q Science > QA Mathematics > Instruments and machines > Electronic Computers. Computer Science > Expert systems (Computer science). Fuzzy expert systems
Divisions: Universiti Teknologi MARA, Shah Alam > Faculty of Computer and Mathematical Sciences
Item ID: 27200
Uncontrolled Keywords: intrusion, transporting, network
URI: https://ir.uitm.edu.my/id/eprint/27200

Fulltext

Fulltext is available at:
  • UNSPECIFIED
  • ID Number

    27200

    Indexing


    View in Google Scholar

    Edit Item
    Edit Item