Global ETD Search

11	Intrusion Detection Systems : utvärdering av Snort Ringström Saltin, Markus January 2009 (has links) Det här examensarbetet undersöker effektiviteten hos ett Intrusion Detection System(IDS). Ett IDS är ett system som skall upptäcka om klienter på ett nätverk attackerasav en ”hacker” eller om någon obehörig försöker inkräkta, ungefär som en vakthund.Det IDS som testats är Snort, ett mycket populärt IDS skrivet med öppen källkod.Syftet med studien är att kunna påvisa huruvida ett IDS är ett bra komplement till ettsystems säkerhet eller inte, då det gjorts väldigt få metodiska undersökningar avSnort, och IDS i allmänhet.Den studie som gjorts utfördes med hjälp av ett antal experiment i enlaborationsmiljö, där effektiviteten hos Snort sattes på prov med hjälp av olika typerav attacker.Utifrån det resultat som uppkom så går det att konstatera att ett IDS absolut är ettkomplement värt att överväga för en organisation som är villig att ägna de resursersom systemet kräver, då ett högt antal av de utförda attackerna upptäcktes – attackersom anti-virus eller brandväggar inte är skapade för att reagera på. Intrångsdetekteringssystem IDS Snort säkerhet nätverk Computer Sciences Datavetenskap (datalogi)
12	Intrångsdetekteringssystem : En jämförelse mellan Snort och Suricata Magnusson, Jonas January 2010 (has links) Arbetets syfte är att jämföra intrångsdetekteringssystemen Snort och Suricata för att ge en uppfattning om vilken av applikationerna som lämpar sig att implementeras hos en internetleverantör för att upptäcka attacker och öka säkerheten på nätverket. Jämförelsen utförs med hänseende till antal upptäckta attacker, prestanda, implementeringstid, antal konfigurationsfiler samt vilka operativsystem de finns tillgängliga på. Resultatet visar att Suricata med sitt stöd för att använda signaturer skapade för Snort upptäcker fler attacker än Snort. Snort däremot går både smidigare och snabbare att implementera. Prestandamässigt så visar Suricata bäst resultat, genom att använda sig av flera kärnor och mindre minne. Intrångsdetekteringssystem IDS Snort Suricata säkerhet Computer Sciences Datavetenskap (datalogi)
13	Intrustion Detection in Soho Networks using Elasticsearch SIEM Nwosu, Ikechukwu C. 05 October 2021 (has links) No description available. Information Technology Intrusion Detection Soho Networks SIEM SNORT
14	Implementácia IDS/IPS do prostredia univerzitnej siete MENDELU Hevier, Marek January 2018 (has links) This diploma thesis deals with issue of IDS/IPS systems and possibilities of their utilization within the university network of Mendel University in Brno. The thesis includes a description how to install and configure Snort IDS, including addon modules based on predefined parameters and the ability to detect malious traffic within college computer network of Mendel University in Brno. The results include verification of correct detection of selected attack types and the discussion of False Positive and False Negative.
15	Nätverkssäkerhet med IPS : Förbättrad nätverkssäkerhet med Intrusion Prevention Systems Dubell, Michael, Johansson, David January 2013 (has links) Att skydda sin IT-miljö mot olika typer av intrång och attacker som till exempel trojaner,skadliga Java applets eller DoS attacker med hjälp av brandväggar och antivirusprogramär två viktiga lager i skalskyddet. I den här uppsatsen undersöks hur väl ett Intrusion Prevention System skulle kunna fungera som ett ytterligare lager i skalskyddet. Fokus ligger på hur väl IPS-systemet klarar av att avvärja attacker, hur mycket tid som går åt till konfigurering och drift för att få ett fungerande IPS samt hur prestandan i nätverket påverkas av implementationen. För att mäta hur väl IPS systemet klarar av att upptäcka och blockera attacker utförs två experiment där ett mindre nätverk attackeras på olika sätt. I det första experimentet skyddas infrastrukturen av en brandvägg och klienterna är utrustade med antivirusprogram. I det andra experimentet genomförs samma attacker igen fast med ett Snort IPS implementerat i nätverket. Resultatet av de genomförda experimenten visar att en IPS klarar att blockera ca 87% av attackerna, men nätverksprestandan påverkas negativt. Slutsatsen är att endast brandväggar och antivirusprogram inte ger ett fullgott skydd. network security network attacks virus trojans snort nätverkssäkerhet ips trojan nätverk Intrusion Prevention System snort attacker Computer Sciences Datavetenskap (datalogi)
16	A Performance Analysis of Intrusion Detection with Snort and Security Information Management / En Prestandaanalys av Intrångsdetektering med Snort och Hantering av Säkerhetsinformation Thorarensen, Christian January 2021 (has links) Network intrusion detection systems (NIDSs) are a major component in cybersecurity and can be implemented with open-source software. Active communities and researchers continue to improve projects and rulesets used for detecting threats to keep up with the rapid development of the internet. With the combination of security information management, automated threat detection updates and widely used software, the NIDS security can be maximized. However, it is not clear how different combinations of software and basic settings affect network performance. The main purpose in this thesis was to find out how multithreading, standard ruleset configurations and near real-time data shipping affect Snort IDS’ online and offline performance. Investigations and results were designed to guide researchers or companies to enable maximum security with minimum impact on connectivity. Software used in performance testing was limited to Snort 2.9.17.1-WIN64 (IDS), Snort 3.1.0.0 (IDS), PulledPork (rule management) and Open Distro for Elasticsearch (information management). To increase the replicability of this study, the experimentation method was used, and network traffic generation was limited to 1.0 Gbit/s hardware. Offline performance was tested with traffic recorded from a webserver during February 2021 to increase the validity of test results, but detection of attacks was not the focus. Through experimentation it was found that multithreading enabled 68-74% less runtime for offline analysis on an octa-thread system. On the same system, Snort’s drop rate was reduced from 9.0% to 1.1% by configuring multiple packet threads for 1.0 Gbit/s traffic. Secondly, Snort Community and Proofpoint ET Open rulesets showed approximately 1% and 31% dropped packets, respectively. Finally, enabling data shipping services to integrate Snort with Open Distro for Elasticsearch (ODFE) did not have any negative impact on throughput, network delay or Snort’s drop rate. However, the usability of ODFE needs further investigation. In conclusion, Snort 3 multithreading enabled major performance benefits but not all open-source rules were available. In future work, the shared security information management solution could be expanded to include multiple Snort sensors, triggers, alerting (email) and suggested actions for detected threats. Snort Snort 3 PulledPork IDS Open Distro for Elasticsearch ODFE SIM SIEM ET Open D-ITG Computer and Information Sciences Data- och informationsvetenskap
17	Proteção de sistemas elétricos considerando aspectos de segurança da rede de comunicação / Electric power system protection considering safety aspects of the communication network Costa, Nilson Santos 28 May 2007 (has links) O mundo moderno está cada dia mais conectado por todos os meios tecnológicos que existem hoje. Isto permite que mais e mais pessoas possam se comunicar, tornando a estrada da comunicação virtual obrigatória para a sobrevivência das pequenas, médias e grandes empresas públicas e privadas. O grande avanço tecnológico do século 20 foi à utilização em grande escala do PC (personal computer) comumente chamados de microcomputadores. Este avanço também chegou aos sistemas elétricos de potência, tornando as subestações digitalizadas. Estas subestações sendo digitais correm riscos de invasão cibernética interna ou mesmo externa. Embora a possibilidade de invasão cibernética externa seja pequena, ela existe. Diante dessa situação este trabalho propõe a aplicação de um sistema de segurança, aplicado em um sistema elétrico de potência. O trabalho concentra-se especificamente no estudo dos sistemas de detecção de intruso (SDI), nos seus dois modos básicos: o SDI por abuso e SDI por anomalia utilizando redes neurais artificiais. Estes conceitos serão testados em um sistema elétrico de potência simulado, com uma rede de comunicação baseada em microcomputadores e/ou equipamentos microprocessados, com relés digitais reais. Os Softwares, denominados SNORT e Carcará, foram utilizados e extensivamente testados com resultados altamente encorajadores para a função descrita. / Modern world is more connected each day by all technological means available. This allows more people to communicate, turning the virtual communication road obligatory to the survival of small, medium and large companies, whether public or private. The great technological advance of the 20th century was the large use of the PCs (personal computer), usually called microcomputers. This advance also reached the power electric systems with the digitalization of the substations. These digitalized substations, run the risk of cybernetic invasion, internal or even external. Although the possibility of external cybernetic invasion is small, it exists. In that context, the present thesis proposes the application of a security system for an electric power system. The focus will be the study of intruder detection systems (IDS), on its two basic forms: the IDS by abuse and the IDS by anomaly, using artificial neural networks. These concepts will be tested in a simulated electric power system, with a communication network based on microcomputers, with actual digital relays with the digitalization of the substations. Autômatos Carcará Carcará Electric power system Intruder detection system Microcomputadores Microcomputers Neural networks Redes neurais Sistema de detecção de intruso Sistema elétrico de potência SNORT SNORT
18	Proteção de sistemas elétricos considerando aspectos de segurança da rede de comunicação / Electric power system protection considering safety aspects of the communication network Nilson Santos Costa 28 May 2007 (has links) O mundo moderno está cada dia mais conectado por todos os meios tecnológicos que existem hoje. Isto permite que mais e mais pessoas possam se comunicar, tornando a estrada da comunicação virtual obrigatória para a sobrevivência das pequenas, médias e grandes empresas públicas e privadas. O grande avanço tecnológico do século 20 foi à utilização em grande escala do PC (personal computer) comumente chamados de microcomputadores. Este avanço também chegou aos sistemas elétricos de potência, tornando as subestações digitalizadas. Estas subestações sendo digitais correm riscos de invasão cibernética interna ou mesmo externa. Embora a possibilidade de invasão cibernética externa seja pequena, ela existe. Diante dessa situação este trabalho propõe a aplicação de um sistema de segurança, aplicado em um sistema elétrico de potência. O trabalho concentra-se especificamente no estudo dos sistemas de detecção de intruso (SDI), nos seus dois modos básicos: o SDI por abuso e SDI por anomalia utilizando redes neurais artificiais. Estes conceitos serão testados em um sistema elétrico de potência simulado, com uma rede de comunicação baseada em microcomputadores e/ou equipamentos microprocessados, com relés digitais reais. Os Softwares, denominados SNORT e Carcará, foram utilizados e extensivamente testados com resultados altamente encorajadores para a função descrita. / Modern world is more connected each day by all technological means available. This allows more people to communicate, turning the virtual communication road obligatory to the survival of small, medium and large companies, whether public or private. The great technological advance of the 20th century was the large use of the PCs (personal computer), usually called microcomputers. This advance also reached the power electric systems with the digitalization of the substations. These digitalized substations, run the risk of cybernetic invasion, internal or even external. Although the possibility of external cybernetic invasion is small, it exists. In that context, the present thesis proposes the application of a security system for an electric power system. The focus will be the study of intruder detection systems (IDS), on its two basic forms: the IDS by abuse and the IDS by anomaly, using artificial neural networks. These concepts will be tested in a simulated electric power system, with a communication network based on microcomputers, with actual digital relays with the digitalization of the substations. Autômatos Carcará Microcomputadores Redes neurais Sistema de detecção de intruso Sistema elétrico de potência SNORT Carcará Electric power system Intruder detection system Microcomputers Neural networks SNORT
19	Detektering av långsam portskanning i realtidssystem Pettersson, Mattias January 2017 (has links) I denna rapport beskriver jag min undersökning av en metod för detektering av långsam portskanning i ett system som utför realtidsanalys. Portskanning används som en rekognoceringsmetod bland illasinnade aktörer i IT-världen. Det används för att bilda en uppfattning om eventuella svagheter som kan finnas i ett nätverk. Långsam portskanning används för att lura ev. Detekteringssystem och därmed kunna skanna utan att upptäckas. Detektering av långsam portskanning kan vara resurskrävande för arbetsminnet då en stor buffer traditionellt upprättas för att analysera nätverkstrafik över en längre tidsperiod. Det finns även lösningar som analyserar nätverksflöden, vilket istället innebär en förlust av information och att port skanning ej kan upptäckas i realtid. Jag har skapat ett detekteringsystem där jag undersöker möjligheten att använda en databas för detektering av långsam portskanning. Det görs i ett system som ana-lyserar paket i realtid. Resultatet blev ett program som klarar av just det. Det upptäcker vanliga portskan-ningsattacker i realtid och långsamma attacker via presentation i en databas. / In this report I describe my investigation of a method for slow port scanning detec-tion in a real-time analysis system. Port scanning is used as a reconnaissance technique used by perpetrators in the IT world. It is used to form an idea of any vulnerabilities that may exist in a network. Slow port scanning is used to try to bypass detection systems and thus able to per-form a scan without being detected. Slow port scanning detection may be resource-intensive for the computer memory since a large buffer is traditionally established to analyze network traffic over a longer period of time. There are also solutions that analyze netflow data, which provides less information and is unable to detect port scanning in real time. I have created a detection system where I investigate the possibility of using data-base in order to detect slow port scanning. The method is part of a system that ana-lyzes real-time packages. The result is a program is capable of doing just that. It detects regular port scan attacks in real time and slow attacks through presentation of the database. IDS port scan Snort C# Intrusion detection system SharpPcap IDS portskanning Snort C# Intrusion detection system SharpPcap Computer and Information Sciences Data- och informationsvetenskap
20	Enhancing Performance of Vulnerability-based Intrusion Detection Systems Farroukh, Amer 31 December 2010 (has links) The accuracy of current intrusion detection systems (IDSes) is hindered by the limited capability of regular expressions (REs) to express the exact vulnerability. Recent advances have proposed vulnerability-based IDSes that parse traffic and retrieve protocol semantics to describe the vulnerability. Such a description of attacks is analogous to subscriptions that specify events of interest in event processing systems. However, the matching engine of state-of-the-art IDSes lacks efficient matching algorithms that can process many signatures simultaneously. In this work, we place event processing in the core of the IDS and propose novel algorithms to efficiently parse and match vulnerability signatures. Also, we are among the first to detect complex attacks such as the Conficker worm which requires correlating multiple protocol data units (MPDUs) while maintaining a small memory footprint. Our approach incurs neglibile overhead when processing clean traffic, is resilient to attacks, and is faster than existing systems. Security Intrusion Detection Matching MPDU Vulnerability Conficker IDS Snort 0544 0984

Search results