CFP last date
20 December 2024
Reseach Article

Design and Analysis of Real-time Network Intrusion Detection and Prevention System using Open Source Tools

by Ammad Uddin, Laiq Hasan
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 138 - Number 7
Year of Publication: 2016
Authors: Ammad Uddin, Laiq Hasan
10.5120/ijca2016908921

Ammad Uddin, Laiq Hasan . Design and Analysis of Real-time Network Intrusion Detection and Prevention System using Open Source Tools. International Journal of Computer Applications. 138, 7 ( March 2016), 6-11. DOI=10.5120/ijca2016908921

@article{ 10.5120/ijca2016908921,
author = { Ammad Uddin, Laiq Hasan },
title = { Design and Analysis of Real-time Network Intrusion Detection and Prevention System using Open Source Tools },
journal = { International Journal of Computer Applications },
issue_date = { March 2016 },
volume = { 138 },
number = { 7 },
month = { March },
year = { 2016 },
issn = { 0975-8887 },
pages = { 6-11 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume138/number7/24389-2016908921/ },
doi = { 10.5120/ijca2016908921 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:39:32.091019+05:30
%A Ammad Uddin
%A Laiq Hasan
%T Design and Analysis of Real-time Network Intrusion Detection and Prevention System using Open Source Tools
%J International Journal of Computer Applications
%@ 0975-8887
%V 138
%N 7
%P 6-11
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Intrusion detection and prevention is one of the most important and fundamental task in an organization’s computer network. Commercially available intrusion detection and prevention systems are costly and overkill for small and medium sized organizations. This paper describes the design and analysis of a network intrusion detection system (NIDS) and network intrusion prevention system (NIPS) using open source tools. The study also describes an open source Database to store the alerts and an open source front end management console application to view the alerts and logs from the proposed Database in any of the modern day web browser. In this particular research Snort was used as an NIDS to detect intrusions and attacks. Snort is a popular open source NIDS with signature based rules for detecting thousands of known attacks. The rules are regularly updated by Snort team to include new attacks and intrusions. SnortSam was used as an NIPS to act upon the alerts detected by Snort. SnortSam blocks the intrusions by sending intruders and attacker’s source IP addresses to firewall in real time. MySQL was used as the Database to store alerts and BASE (Basic Analysis and Security Engine) was chosen as the open source management console application. Juniper Networks switch EX-3200 and Firewall SSG-20 were used as the network devices for connectivity and working of the system. Any other vendor network devices can also effectively be used in design and configuration of the system. The design successfully detected and prevented network intrusions and same can be implemented in any small and medium sized organization for protection of their Computer Networks.

References
  1. J. Gomez, C. Gil and N. Padilla, “Design of a Snort based Hybrid Intrusion Detection System” International Work-Conference on Artificial Neural Networks, , Salamanca, Spain, June 10-12, 2009, pp. 515-522.
  2. Mike Smith, “A Design for Building an IPS Using Open Source Products,” in Sans Institute Information security reading room.
  3. Chang-Su Moon and Sun-Hyung Kim. (2014). Integrated Security System based Real-time Network Packet Deep Inspection. International Journal of Security and Its Applications, pp. 123–135.
  4. Muhammad Naveed, “Network Intrusion Prevention by Configuring ACLs on the Routers, based on Snort IDS alerts,” in International Conference on Emerging Technologies, Islamabad, 2010, pp. 234-239.
  5. Bhavini Ahir, Prache Tambakhe and Dr. Kalpesh Lad. (2012, December). Open Source Intelligent Network Intrusion Detection System Analyser. Indian Journal of Applied Research. [online]. 2(3). Available: http://www.worldwidejournals.com/ijar/articles.php?val=ODY3&b1=109&k=28
  6. Jonathan Sweeny and Rob VandenBrink. (2011, June). The SANS Institute: Creating your own SIEM and Incidence Response Toolkit using open source tools. [online] Available : https://www.sans.org/reading-room/whitepapers/incident/creating-siem-incident-response-toolkit-open-source-tools-33689+&cd=1&hl=en&ct=clnk≷=pk
  7. S. Vikrama Teja, S. Kranthi Kumar, T.V. Rao, G.Dayanandam. (2013, August). In-line Prevention System using Snort. International Journal of Application and Innovation in Engineering management. [online]. 2(3). Available: www.ijaiem.org/volume2issue8/IJAIEM-2013-08-31-083.pdf
  8. N. Akhyari and S. Fahmy. (2014, January). Design of a Network Security Tool Using Open-Source Applications. Australian Journal of Basic and Applied Sciences. [online] . 8(4). Available: http://connection.ebscohost.com/c/articles/95511258/design-network-security-tool-using-open-source-applications
  9. Sutapa Sarkar and Brindha.M. (2014, Julyl). High Performance Network Security using NIDS Approach. International Journal of Information technology and Computer Science. [online]. 6(7) . pp. 47-55. Available: www.mecs-press.org/ijitcs/ijitcs-v6-n7/IJITCS-V6-N7-7.pdf
  10. Joe Schreiber, “Open Source Intrusion Detection Tools: A Quick Overview” https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview
  11. Frank Knobbe, “SnortSam, A firewall blocking agent for Snort” SnortSam setup guides http://www.snortsam.net
  12. Noah Dietrich, “Snort 2.9.7.x on Ubuntu 12 and 14 with Barnyard2, PulledPork, and BASE”. https://www.snort.org/.../snort-2-9-7-x-on-ubuntu-12-lts-and-14-lts
  13. Joel Else (2011). “GUIs for Snort IDS, The Official Blog of the World Leading Open-Source IDS/IPS Snort” GUIs for Snort http://blog.snort.org/2011/01/guis-for-snort.html
  14. Rafeeq Ur Rehman, “Intrusion Detection Systems with Snort Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID”, Bruce Perens’s Open Source Series, 2003, Chapter 6.
  15. Juniper Networks EX Series Ethernet Switches http://www.juniper.net/techpubs/en_US/release- independent/junos/information-products/pathway-pages/ex-series/product/
  16. Juniper Networks SSG 20 http://www.juniper.net/us/en/products-services/security/ssg-series/ssg20/
Index Terms

Computer Science
Information Sciences

Keywords

BASE (Basic Analysis and Security Engine) MySQL NIDS NIPS Snort Snortsam.