Over the past decades, the rapid Internet development and the growth in the number of its users have raised various security issues. Therefore, it is of great importance to ensure the security of the network in order to enable the safe exchange of confidential data, as well as their integrity. One of the most important components of network attack detection is an Intrusion Detection System (IDS). Snort IDS is a widely used intrusion detection system, which logs alerts after detecting potentially dangerous network packets. A major challenge in network monitoring is the high volume of generated IDS alerts. A necessary step in successful network protection is the analysis of the great amount of logged alerts in search of deviations from normal traffic that may indicate an intrusion. The goal of this paper is to design and implement a visualization interface for IDS alert analysis, which graphically presents alerts generated by Snort IDS. Also, the proposed system classifies the alerts according to the most important attack parameters, and allows the users to understand evolving network situations and easily detect possible traffic irregularities. An environment in which the system has been tested in real-time is described, and the results of attack detection and classification are given. One of the detected attacks is analyzed in detail, as well as the method of its detection and its possible consequences.
Intrusion detection system (IDS) is one of the most important components being used to monitor network for possible cyber-attacks. However, the amount of data that should be inspected imposes a great challenge to IDSs. With recent emerge of various big data technologies, there are ways for overcoming the problem of the increased amount of data. Nevertheless, some of this technologies inherit data distribution techniques that can be a problem when splitting a sensitive data such as network data frames across a cluster nodes. The goal of this paper is design and implementation of Hadoop based IDS. In this paper we propose different input split techniques suitable for network data distribution across cloud nodes and test the performances of their Apache Hadoop implementation. Four different data split techniques will be proposed and analysed. The techniques will be described in detail. The system will be evaluated on Apache Hadoop cluster with 17 slave nodes. We will show that processing speed can differ for more than 30% depending on chosen input split design strategy. Additionally, we?ll show that malicious level of network traffic can slow down the processing time, in our case, for nearly 20%. The scalability of the system will al so be discussed.
Due to the increasing amount of spam email traffic, email users are in increasing danger, while email server resources are becoming overloaded. Therefore, it is necessary to protect email users, but also to prevent SMTP system overload during spam attacks. The aim of this paper is to design and implement an autoscalable distributed anti-spam SMTP system based on a Proof of work concept. The proposed solution extends SMTP protocol in order to enable the evaluation of the client?s credibility using the Proof of work algorithm. In order to prevent resource overload during spam attacks, the anti-spam SMTP system is implemented in a distributed environment, as a group of multiple anti-spam SMTP server instances. Kubernetes architecture is used for system distribution, configured with the possibility of autoscaling the number of antispam SMTP server instances depending on the system load. The implemented system is evaluated during a distributed spam attempt, simulated by a custom-made traffic generator tool. Various performance tests are given: (1) The proposed system?s impact on client?s behaviour and the overall amount of spam messages, (2) The performance of the undistributed anti-spam SMTP server during spam attack, in terms of resource load analysis (3) Autoscaling demonstration and evaluation of proposed distributed system?s performance during a spam attack. It is shown that the proposed solution has the possibility of reducing the amount of spam traffic, while processing tens of thousands of simultaneous SMTP client requests in a distributed environment.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.