Implementation of signature-based intrusion detection system using SNORT to prevent threats in network servers
Article Sidebar
Main Article Content
Abstract
Security is an important factor in today's digital era. In a network, implementing a security system is the focus of a network developer. One of the most basic network securities is in the form of access. To manage the security of a system must be known in advance who is involved in the system and what activities are carried out. Just like a security alarm, which monitors work conditions, this is the function of the Intrusion Detection System (IDS). IDS has several effective methods for detecting threats, one of which is the Signature-based method. IDS can be implemented through the open-source SNORT application, and the method works with rules which are commands to IDS to recognize various attacks. IDS rules will be included in the signature matching process, which means matching between rules and incoming attacks and views of both protocols, then the IDS will generate alerts that contain notifications. This study conducted a reading of the MIT-DARPA 1999 dataset on 1,252,412 packages and tested alerting with Network Scanning and DoS attacks. Analyze Package Data runs at a speed of 83,494 packets /second and gets a true positive percentage reaching 100% and an accuracy of 98.10%.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
References
A. Li, X. Li, Y. Pan, and W. Zhang, “Strategies for network security,” Sci. China Inf. Sci., vol. 58, no. 1, pp. 1–14, 2015.
I. Oladeji, P. Makolo, R. Zamora, and T. T. Lie, “Density-based clustering and probabilistic classification for integrated transmission-distribution network security state prediction,” Electr. Power Syst. Res., vol. 211, no. June, p. 108164, 2022.
A. Boulaiche and K. Adi, “An auto-learning approach for network intrusion detection,” Telecommun. Syst., vol. 68, no. 2, pp. 277–294, 2018.
F. Righetti, C. Vallati, M. Tiloca, and G. Anastasi, “Vulnerabilities of the 6P protocol for the Industrial Internet of Things: Impact analysis and mitigation,” Comput. Commun., vol. 194, no. July, pp. 411–432, 2022.
N. Khamphakdee, N. Benjamas, and S. Saiyod, “Improving intrusion detection system based on snort rules for network probe attacks detection with association rules technique of data mining,” J. ICT Res. Appl., vol. 8, no. 3, 2015.
A. Chahal and R. Nagpal, “Performance of snort on Darpa dataset and different false alert reduction techniques,” in Proc. 3rd Int. Conf. Elect., Electron., Eng. Trends, Commun., Optim. Sci.(EEECOS), 2016, pp. 1–8.
S. A. R. Shah and B. Issac, “Performance comparison of intrusion detection systems and application of machine learning to Snort system,” Futur. Gener. Comput. Syst., vol. 80, pp. 157–170, 2018.
J. S. Abbasi, F. Bashir, K. N. Qureshi, M. Najam ul Islam, and G. Jeon, “Deep learning-based feature extraction and optimizing pattern matching for intrusion detection using finite state machine,” Comput. Electr. Eng., vol. 92, no. July 2020, p. 107094, 2021.
R. Samrin and D. Vasumathi, “Review on anomaly based network intrusion detection system,” in 2017 int. conf. electr. electron. commun. comput. optim. tech. (ICEECCOT), 2017, pp. 141–147.
N. T. Van and T. N. Thinh, “An anomaly-based network intrusion detection system using deep learning,” in 2017 int. conf. syst. sci. eng. (ICSSE), 2017, pp. 210–214.
W. Li, S. Tug, W. Meng, and Y. Wang, “Designing collaborative blockchained signature-based intrusion detection in IoT environments,” Futur. Gener. Comput. Syst., vol. 96, pp. 481–489, 2019.
P. Ioulianou, V. Vasilakis, I. Moscholios, and M. Logothetis, “A signature-based intrusion detection system for the internet of things,” Inf. Commun. Technol. Form, 2018.
Y. N. Soe, Y. Feng, P. I. Santosa, R. Hartanto, and K. Sakurai, “Rule generation for signature based detection systems of cyber attacks in iot environments,” Bull. Networking, Comput. Syst. Softw., vol. 8, no. 2, pp. 93–97, 2019.
B. Prasetiyo, Alamsyah, M. A. Muslim, and N. Baroroh, “Evaluation performance recall and F2 score of credit card fraud detection unbalanced dataset using SMOTE oversampling technique,” J. Phys. Conf. Ser., vol. 1918, no. 4, p. 42002, 2021.
Alamsyah, B. Prasetiyo, and M. N. Ardian, “Enhancement security AES algorithm using a modification of transformation ShiftRows and dynamic S-box,” J. Phys. Conf. Ser., vol. 1567, no. 3, p. 32025, 2020.
M. A. Muslim and B. Prasetiyo, “Implementation twofish algorithm for data security in a communication network using library chilkat encryption activex,” J. Theor. Appl. Inf. Technol., vol. 84, no. 3, p. 370, 2016.
Z. Hassan, R. Odarchenko, S. Gnatyuk, A. Zaman, and M. Shah, “Detection of distributed denial of service attacks using snort rules in cloud computing & remote control systems,” in 2018 IEEE 5th Int. Conf. Methods Syst. Navig. Motion Control (MSNMC, 2018, pp. 283–288.
E. Jaw and X. Wang, “A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC),” PeerJ Comput. Sci., vol. 8, p. e900, 2022.
A. Erlansari, F. F. Coastera, and A. Husamudin, “Early Intrusion Detection System (IDS) using Snort and Telegram approach,” SISFORMA, vol. 7, no. 1, pp. 21–27, 2020.
Y. Wang, W. Meng, W. Li, J. Li, W.-X. Liu, and Y. Xiang, “A fog-based privacy-preserving approach for distributed signature-based intrusion detection,” J. Parallel Distrib. Comput., vol. 122, pp. 26–35, 2018.
P. S. K. Oberko, V. H. K. S. Obeng, H. Xiong, and S. Kumari, “A survey on attribute-based signatures,” J. Syst. Archit., vol. 124, no. July 2021, p. 102396, 2022.
K. Rai, M. S. Devi, and A. Guleria, “Decision tree based algorithm for intrusion detection,” Int. J. Adv. Netw. Appl., vol. 7, no. 4, p. 2828, 2016.
M. Merouane, “An approach for detecting and preventing DDoS attacks in campus,” Autom. Control Comput. Sci., vol. 51, no. 1, pp. 13–23, 2017.