The Implementation of Rule-Based Early Warning System in Snort Through Email

Goel, Aaruni; Vasistha, A. K.

doi:10.1007/978-981-10-8204-7_39

Cited by 2 publications

(2 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Whenever a new malicious packet is detected, the system has to upgrade the signature to perform better. If the rules are not optimized, the system will fail to generate benchmark signatures, and ultimately the system will be unable to detect the malicious activity [15]. In the Statistical-Based Intrusion Detection System (SBIDS), following the natural phenomena that is easy to flag things as "negative"; the rest are positive.…”

Section: Related Workmentioning

confidence: 99%

Detection of Malicious Flows in the Software-Defined Networks by Using Statistical Flow Analysis-Based Intrusion Detection System

Naqash,

Asfand-e-Yar,

Tanveer

2024

Preprint

View full text Add to dashboard Cite

Specifically, in the past few years, internet traffic has grown rapidly, evolving modern network technologies with hybrid telecommunication systems and conventional computer networks. Unfortunately, the wireless nature of these technologies provides easy access to the network, resulting in an increased risk of network intrusion, ultimately creating a demand to develop an intrusion detection system (IDS). In this paper, an IDS is proposed to detect the malicious flows in the Software-Defined Network (SDN). The core concept behind this idea is implementing a robust statistical analysis-based intrusion detection system (SF-ABIDS) inside the RYU controller that takes statistics of network traffic from the southbound interface after a specific time interval (without changing the standard architecture of SDN). It is evident that due to the centralized nature of SDNs, the SDN controller that sits on top will face lightning-speed incoming network traffic flows. Our IDS will live in SDN controller as an application, and it will perform systemized analysis on incoming network traffic flows. After research, the IDS will have the results, and it will completely block the generator of IP that is classified as malicious by our IDS. This will be a generalized workflow of our IDS in an SDN controller monitoring the incoming traffic. This workflow will allow our IDS to perform accurately and achieve outstanding results by classifying malicious packets and placing them to where they belong i.e., The Blacklist. The SF-ABIDS is inspired by a meta-classification (an ensemble classification) technique that consists of four modules. We use a standard ISCX-UNB dataset to gauge the overall performance of our proposed Intrusion Detection System. Flow match statics features are extracted using the open flow (OF) protocol, which enables the new scheme to detect malicious flows in less time with higher accuracy. These features are then exploited using various ML (Machine Learning) based classifiers, including Decision Table, JRip, J48, PART, Random Forest, RepTree, LMT. The performance of these classifiers is tested by using evaluation parameters like accuracy in terms of true positive (TP), false positive (FP), AUROC, and the harmonic mean of Precision and recall at 0.95. Supervised classifiers with more than 99% AUROC, harmonic value, accuracy, and detecting the flow class in the least time (up to precision level 3) is considered ideal for the new system. As we mentioned above, the architecture of Software defines network enforces that it should be dependable to manage the network traffic, so our proposed Intrusion Detection System will introduce dependability as security in SDN by actively monitoring incoming traffic. So, intruders cannot exploit the centralized nature of Software Defined Networks. The core idea of the transition from conventional networks to SDNs is to introduce simplicity so the network can be easily scalable to support the need of today due to IoT (Internet of things) revolution. Our IDS supports the manifesto and introduces simplicity and security in the network without any additional pre-processing overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

Detection of Malicious Flows in the Software-Defined Networks by Using Statistical Flow Analysis-Based Intrusion Detection System

Naqash,

Asfand-e-Yar,

Tanveer

2024

Preprint

View full text Add to dashboard Cite

show abstract

“…[6] c. Email Alerting The author uses email to send notifications when an attack occurs, starting from snort capturing anomalies that occur on the network which are forwarded to the snort database via barnyard2, when the event in the database increases, the python script automatically runs and sends a message to the email that has been prepared. [7]…”

Section: System Designmentioning

confidence: 99%

Implementation of IDS Using Snort with Barnyard2 Visualization for Network Monitoring in The Informatics Engineering Computer Lab at Muhammadiyah University Surakarta

Muhammad,

Utomo

2023

IJCIS

View full text Add to dashboard Cite

The recent surge in cyberattacks should not be taken lightly, especially by large enterprises with sensitive data. Intrusion Detection Systems (IDS) are becoming a critical component for detecting network anomalies. One such network anomaly detection tool is SNORT, with a BASE (Basic Analysis and Security Engine) frontend for efficient data processing. Acting as a bridge between SNORT and BASE, the author uses barnyard2 as a backend to store logs obtained from SNORT into the database. The implementation methodology used in this research is an experimental approach, where the authors conduct experiments through trial and error to achieve the desired results. This IDS system was tested using two types of attacks, namely DDoS and SQL-Injection. The DDoS attack trial uses tools found in Kali Linux, namely Hping3 with 6 scenarios namely FIN, ACK, RST, UDP, SYN, and ICMP with the results detected in the snort database. SQL-Injection attack test using the DVWA vulnerable website with the result detected in the snort database when the attack is carried out. This proves that the accuracy level of the system reaches close to 100% with the rules given and the penetration testing given.

show abstract

The Implementation of Rule-Based Early Warning System in Snort Through Email

Cited by 2 publications

References 1 publication

Detection of Malicious Flows in the Software-Defined Networks by Using Statistical Flow Analysis-Based Intrusion Detection System

Detection of Malicious Flows in the Software-Defined Networks by Using Statistical Flow Analysis-Based Intrusion Detection System

Implementation of IDS Using Snort with Barnyard2 Visualization for Network Monitoring in The Informatics Engineering Computer Lab at Muhammadiyah University Surakarta

Contact Info

Product

Resources

About