Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
Hi all!
I've started a little late doing my final year university project, but I know what I want to do so it's probably better than a few of the other students out there!
I do enjoy reading and studying about the wide variety of topics that are encompassed by network and computer security. I want to develop an Intrusion Detection System, possibly making it platform independent into a network intrusion detection system (NIDS). I've been doing quite a bit of research and there are a wide selection of functions I could include and could not include. Anyhow, I've come here to ask assistance in actually planning the programming or how to go about it and suggestions on which functions I should or shouldn't include. By the way, the primary aim for this final year project is to develop a IDS of some sort and display it functioning, possibly it to have some configurable characteristics, maybe using some sort of penetration testing tool or developing one myself along with the IDS to test it working.
In doing all of this I also hope to gain a greater insight into network and computer security...
All suggestions and ideas are welcome anything to point me in the right direction is much appreciated!
Kind Thanks
Doing final year project based upon an intrusion detection system (IDS) - Need Help!
Started by naveed.pasha, Dec 23 2007 06:16 AM
11 replies to this topic
Back to top|
|
|
#2
Posted 23 December 2007 - 11:46 PM
lasthell
-
- Members
-
- 7 posts
Newbie
Hi Naveed,
Do u want to actually design and build an IDS system or use any existing IDS system and add some features and GUI stuff. snort is already available open source IDS system. It covers fragmentation and timings and based on signature matching with rich set of signatures.
If you want to design your own IDS you ll need proxy application to receive data from clients and forward it to server. And signature matching engine to match vulnerability signatures against TCP payload. Depending on the result of matching you can let the connection continue or can drop it by sending reset packets to client and server.
Thanks,
lasthell
Do u want to actually design and build an IDS system or use any existing IDS system and add some features and GUI stuff. snort is already available open source IDS system. It covers fragmentation and timings and based on signature matching with rich set of signatures.
If you want to design your own IDS you ll need proxy application to receive data from clients and forward it to server. And signature matching engine to match vulnerability signatures against TCP payload. Depending on the result of matching you can let the connection continue or can drop it by sending reset packets to client and server.
Thanks,
lasthell
#3
Posted 25 December 2007 - 04:39 AM
naveed.pasha
-
- Members
-
- 3 posts
Newbie
Hi Lasthell,
Firstly I'd like to thank you for the great info you've provided me with. I'm not sure what option to go for either design and build or modify an existing one such as snort? I've looked through the information on the snort website and it does seem rather complicated. I think after all the planning and writing and research and what not, I'll probably have a period of 3 weeks to program the actual IDS - so what would you recommend for this kind of time frame? Additionally, what proxy application and signature matching engine would you recommend?
Thanks again!
Firstly I'd like to thank you for the great info you've provided me with. I'm not sure what option to go for either design and build or modify an existing one such as snort? I've looked through the information on the snort website and it does seem rather complicated. I think after all the planning and writing and research and what not, I'll probably have a period of 3 weeks to program the actual IDS - so what would you recommend for this kind of time frame? Additionally, what proxy application and signature matching engine would you recommend?
Thanks again!
#4
Posted 25 December 2007 - 05:21 AM
lasthell
-
- Members
-
- 7 posts
Newbie
Naveed, if you want to go with very simplistic approach, this can be done.
1) Linux utility "netsed" can be used to match patterns on packet data. This utility works just like sed, just instead of files it works on packet data.
2) Make collection of some limited software vulnerability signatures in one file, and match these signatures against tcp payload of specific port using netsed.
3) You can get any application specific(telnet, ftp, etc..) vulnerability information on net and develop signatures for the same(u can download them too).
4) You have to differentiate signatures according to their protocols which in turn can be identified using port numbers.
5) So using netsed u ll be matching signatures only specific to that application with packets coming on that application's standard port.
6) You can log information using simple bash commands when pattern matches.
Run ur IDS script/application as daemon on server machine and you are through.
1) Linux utility "netsed" can be used to match patterns on packet data. This utility works just like sed, just instead of files it works on packet data.
2) Make collection of some limited software vulnerability signatures in one file, and match these signatures against tcp payload of specific port using netsed.
3) You can get any application specific(telnet, ftp, etc..) vulnerability information on net and develop signatures for the same(u can download them too).
4) You have to differentiate signatures according to their protocols which in turn can be identified using port numbers.
5) So using netsed u ll be matching signatures only specific to that application with packets coming on that application's standard port.
6) You can log information using simple bash commands when pattern matches.
Run ur IDS script/application as daemon on server machine and you are through.
#5
Posted 27 December 2007 - 02:46 PM
naveed.pasha
-
- Members
-
- 3 posts
Newbie
Hi Lasthell,
Thanks again - I find your advice invaluable!
I've been pondering on the thought of possibly pushing harder to get a better mark for this project and maybe turning this IDS into an Intrusion Prevention System (IPS). After reading a few articles on the net it seems to me that this is the current thing or more recent than IDS's. I would like to know your opinion on this and thoughts on how to adapt the information you've already given me on how to go about developing the product (a simplistic version of course), that's if you recommend going down this avenue?
Kind Regards.
P.s. I've also got hold of a copy of Intrusion Prevention Fundamentals By Earl Carter, Jonathan Hogue this seems like a very relevant book, is there anything else you would recommend?
Thanks again - I find your advice invaluable!
I've been pondering on the thought of possibly pushing harder to get a better mark for this project and maybe turning this IDS into an Intrusion Prevention System (IPS). After reading a few articles on the net it seems to me that this is the current thing or more recent than IDS's. I would like to know your opinion on this and thoughts on how to adapt the information you've already given me on how to go about developing the product (a simplistic version of course), that's if you recommend going down this avenue?
Kind Regards.
P.s. I've also got hold of a copy of Intrusion Prevention Fundamentals By Earl Carter, Jonathan Hogue this seems like a very relevant book, is there anything else you would recommend?
#6
Posted 17 May 2008 - 11:29 PM
isthikar
-
- Members
-
- 1 posts
Newbie
Hai Naveed
me to was searching a topic like presently... did u finalize ur project n how was ot.. i too going to then networking side.. so can u help me out by saying is ur topic work good so i can too propose for me....
bt i read it was outdated if soo i will have a problem in approval do u have any topics..
plz reply me soon
me to was searching a topic like presently... did u finalize ur project n how was ot.. i too going to then networking side.. so can u help me out by saying is ur topic work good so i can too propose for me....
bt i read it was outdated if soo i will have a problem in approval do u have any topics..
plz reply me soon
#7
Posted 07 July 2008 - 03:15 PM
olaolu143
-
- Members
-
- 1 posts
Newbie
Hello Naveed,
How is your project going?
I am also doing a project based onntrusion detection but I really want mine to be host based and focus on detecting Masquerade attacks.
I found this on the ACM website: "A web-based system for intrusion detection"
You will need to google it, because CodeCall we not let me post message with links as this is my first post.
It may be helpful.
How is your project going?
I am also doing a project based onntrusion detection but I really want mine to be host based and focus on detecting Masquerade attacks.
I found this on the ACM website: "A web-based system for intrusion detection"
You will need to google it, because CodeCall we not let me post message with links as this is my first post.
It may be helpful.
#8
Posted 08 February 2009 - 05:31 AM
mali
-
- Members
-
- 3 posts
Newbie
Hi guys,
Am presently doing my final year engineering and I have to develop an Network Intrusion Detection System based on rules i.e. a rule based NIDS.. I have very limited time about one and half weeks before I have to finish this..
I want to build an NIDS in java... Any ideas, suggestions and tips to get me started with programming the NIDS would be helpful... I have built a sensor(a packet filter) which captures the TCP and UDP data separately.. I want to introduce...
Since this forum already discusses about IDS I would be grateful if you guys could help me start with the coding.
Am presently doing my final year engineering and I have to develop an Network Intrusion Detection System based on rules i.e. a rule based NIDS.. I have very limited time about one and half weeks before I have to finish this..
I want to build an NIDS in java... Any ideas, suggestions and tips to get me started with programming the NIDS would be helpful... I have built a sensor(a packet filter) which captures the TCP and UDP data separately.. I want to introduce...
Since this forum already discusses about IDS I would be grateful if you guys could help me start with the coding.
#9
Posted 20 October 2009 - 07:39 AM
dev
-
- Members
-
- 2 posts
Newbie
hi did dev
i am doing project on nids, i need dataset to implement my algo
can u suggest vch vll be better other than kdd cup 1999
i am doing project on nids, i need dataset to implement my algo
can u suggest vch vll be better other than kdd cup 1999
#10
Posted 18 January 2010 - 10:17 PM
msrockzzz
-
- Members
-
- 10 posts
Newbie
Hi Frnds,
I'm also doing my final project in network security.. i'm building an IDS based on packet behavior... till now i ve ly build the packet capture n filter module... i don't know where to get the characteristics of each network attack to compare... :crying:can any of u pls mail me ur ids implementation or just tell me the parameters to compare lik header length, payload, etc. for a few nwtwork attack... pls... pls...
Thanks in advance...
I'm also doing my final project in network security.. i'm building an IDS based on packet behavior... till now i ve ly build the packet capture n filter module... i don't know where to get the characteristics of each network attack to compare... :crying:can any of u pls mail me ur ids implementation or just tell me the parameters to compare lik header length, payload, etc. for a few nwtwork attack... pls... pls...
Thanks in advance...
#11
Posted 18 January 2010 - 10:36 PM
msrockzzz
-
- Members
-
- 10 posts
Newbie
msrockzzz said:
Hi Frnds,
I'm also doing my final project in network security.. i'm building an IDS based on packet behavior... till now i ve ly build the packet capture n filter module... i don't know where to get the characteristics of each network attack to compare... :crying:can any of u pls mail me ur ids implementation or just tell me the parameters to compare lik header length, payload, etc. for a few nwtwork attack... pls... pls...
Thanks in advance...
I'm also doing my final project in network security.. i'm building an IDS based on packet behavior... till now i ve ly build the packet capture n filter module... i don't know where to get the characteristics of each network attack to compare... :crying:can any of u pls mail me ur ids implementation or just tell me the parameters to compare lik header length, payload, etc. for a few nwtwork attack... pls... pls...
Thanks in advance...
Sorry frnds, i forgot to mention my mail id.. pls send ur implementation code or other useful materials to msrockzzz@gmail <dot> com
Thank u!
#12
Posted 16 May 2010 - 08:36 AM
senyi
-
- Members
-
- 2 posts
Newbie
hello people..
good to hear u guys workin on same project as me NIDS
me too workin on java..n have some questions.
which library in java wud help me..
which is best anomaly detection algorithm..
about the packet capture and filter module
suggest me some useful websites,links,or pdfs,
mail me ur implementations..
any help from u guys wud b appreciated so much
siik_distroy@hotmail.com
good to hear u guys workin on same project as me NIDS
me too workin on java..n have some questions.
which library in java wud help me..
which is best anomaly detection algorithm..
about the packet capture and filter module
suggest me some useful websites,links,or pdfs,
mail me ur implementations..
any help from u guys wud b appreciated so much
siik_distroy@hotmail.com
