Each presentation should include at least the following from the paper:
Background and motivation
Basic problem
Classification of related work and background
Main ideas
Your IDPS design
Evaluation and results
Open issues
Project Report
You will need to form groups of 2 or 3 members and write a project report. The project report should include at least four sections:
A title.
List of group members. If the group members will have different responsibilities, please
list those.
Project description -- what you intend to do.
References.
The project description itself should be one to two pages. The report must be uploaded to BB. (Acceptable file formats are PDF and DOC), along with the PPT.
The project should take this format:
Empirical analysis/simulation: Study the performance of various security measures under different types of threats/attacks. If you are implementing an attack, you must take every measure to ensure it does not present a threat to the computing community of the world at large. You must ensure that you stand by all the policies that govern use of computing resources during the execution of this project.
Intrusion Detection - Snort
Snort is a rule-based intrusion detection system where each rule specifies a pattern or condition that may indicate an intrusion has occurred. Snort provides the user the opportunity to edit and add their own rules. Read the Snort User Manual to see how to write rules.
Dr. M. Drini
Project Description:
Create an intrusion detection system by: o Detecting an attack.
o Creating the rules for monitoring intrusions.
o Your approach would be to minimize false alarms, and to assure that your
performance overhead is “acceptable”
Identify some research issues related to the IDPS.
Some of the rules that you need to create are:
o Detect each visit to www.google.com that is made by the machine.
o Send an alert when an activity relating to network chat is detected.
o Send an alert when an attempt is made for DNS Zone transfer.
o Generate an alert when network traffic that indicates Viber, is being used.
o Alert for any packet of size > 100 bytes from the network 172.20.0.0 with SNM
255.240.0.0 designated to port 80.
o Alert for any packet that contains the following string “Hello”.
o Generate an Alert when there is an access to unauthorized sites. (You select the
web sites!)
After the following attacks are performed in the Lab VM: SYN flood and MiTM attack, you should be able to react to those attacks writing the subsequent rules:
o Generate an alert when SYN flood happens, record the logs. o Block the traffic.
o Generate an alert which detects the MiTM attack.
Get Free Quote!
392 Experts Online