Network Intrusion Detection and Forensics Dissertation

lucre attack Detection and Forensics - Dissertation ExampleThe paper tells that computers have commence to accept in all aspects of our lives, and the lack of reliable networks in modern computing environments in plainly inconceivable. The supremacy of information technology in ravel many modern systems hinges on the continued reliability of computer networks. Without stable computer network systems, many simple computing activities we have come to assume as part of our daily routines sending emails, browsing the web, making business communications, and maintaining social contacts would be in severe jeopardy. Malicious use of computer networks would solely compromise our computing experience and the utilization of these indispensable network tools. Network Intrusion Detection Systems (NIDS) are partly the reason behind the continued credentials in computer systems around the world. The NIDS systems detect illicit use of computer networks, alert network administrators, create r eports in the system through their logging abilities, and probe to prevent harm to the network by malevolent network users. However, many users of computer networks lack access to decent NIDS systems available commercially. Part of the reason why many computer users stave off the commercially available NIDS systems is the prohibitively costs. Another reason for the unattractiveness of several commercial network- installd IDS is traceable to their complex deployment, configuration, and implementation procedures, which usually require technical assistance. Over the past decade, open source NIDS systems have come to define the NIDS landscape. Currently, the leading NIDS system in terms of user base been Snort, a lightweight open source NIDS. The purpose of this project is to make comprehensive comparison of two open source NIDS, Snort and Bro. Keywords Snort, Bro, NIDS, Table of contents Abstract 2 Table of Contents 3 1.INTRODUCTION 4 2.BACKGROUND TO THE PROBLEM 5 3.OVERVIEW OF NETW ORK encroachment DETECTION SYSTEMS 5 3.1 The Roles of NIDS 5 3.2 Difference of NIDS with Firewalls 7 3.3 Limitations of the Network Intrusion Detection Systems 7 3.4 Network Intrusion and Detection System Alert Terminologies 8 4.RECENT DEVELOPMENTS IN INTRUSION DETECTION SYSTEMS 9 5.DIFFERENT METHODS OF INTRUSION DETECTION 10 5.1 Statistical Anomaly-Based Intrusion System 10 5.2 Signature-Based Intrusion Detection 10 6.NETWORK INTRUSION DETECTION SYSTEMS 11 6.1 Snort 11 6.2 Bro 11 6.3 PHAD 11 6.4 NetSTAT 12 6.5 EMERALD 12 6.6 Suricata 13 7.TESTING AND EVALUATION METHODOLOGY 13 8.ANALYSIS OF SNORT AND BRO 14 8.3 Common Characteristics of Snort, Bro, Suricata, and NetSTAT 16 8.4 Differences between Snort, Bro, Suricata, and NetSTAT 17 8.5 major(ip) Strengths of Snort 19 8.6 major strengths of Bro 21 8.7 Major strengths of Suricata 21 8.8 Major strengths of NetSTAT 22 8.9 Major Weaknesses of Snort 22 8.10 Major Weaknesses of Bro 22 8.11 Major weaknesses of Suricata 23 8.12 Major weak nesses of NetSTAT 23 9. RESULTS FOR SNORT AND BRO 23 9.1 Capabilities of Snort and Bro to Identify Security Threats and Network Violations 23 9.1.1 Bro Architecture 23 9.1.2 Bro Network Intrusion Detection Mechanism 25 9.1.3 Snort Architecture 26 9.1.4 Snort Network Intrusion Detection Mechanism 26 9.1.5 Suricatas Network Intrusion Mechanism 27 9.1.6 NetSTAT Capabilities to detect security threats and network violations 28 9.2 Comparison of Snorts, Bros, Suricatas and NetSTATs Performance 28 10. RECOMMENDATIONS AND CONCLUSIONS 29 10.1 Recommendations 29 10.2 Conclusions 30 References 33 1. INTRODUCTION The essentiality of network protection is unquestionable, especially with the ever-growing relevance of computer networks in many facets of our society. Many things, ranging from trade, governance, education, communication, and research verify heavily on computer networks. The vulnerability of networks to breakdowns after attack can be expensive and disastrous.