11 |
Intrusion Detection Systems : utvärdering av SnortRingström Saltin, Markus January 2009 (has links)
Det här examensarbetet undersöker effektiviteten hos ett Intrusion Detection System(IDS). Ett IDS är ett system som skall upptäcka om klienter på ett nätverk attackerasav en ”hacker” eller om någon obehörig försöker inkräkta, ungefär som en vakthund.Det IDS som testats är Snort, ett mycket populärt IDS skrivet med öppen källkod.Syftet med studien är att kunna påvisa huruvida ett IDS är ett bra komplement till ettsystems säkerhet eller inte, då det gjorts väldigt få metodiska undersökningar avSnort, och IDS i allmänhet.Den studie som gjorts utfördes med hjälp av ett antal experiment i enlaborationsmiljö, där effektiviteten hos Snort sattes på prov med hjälp av olika typerav attacker.Utifrån det resultat som uppkom så går det att konstatera att ett IDS absolut är ettkomplement värt att överväga för en organisation som är villig att ägna de resursersom systemet kräver, då ett högt antal av de utförda attackerna upptäcktes – attackersom anti-virus eller brandväggar inte är skapade för att reagera på.
|
12 |
Intrångsdetekteringssystem : En jämförelse mellan Snort och SuricataMagnusson, Jonas January 2010 (has links)
Arbetets syfte är att jämföra intrångsdetekteringssystemen Snort och Suricata för att ge en uppfattning om vilken av applikationerna som lämpar sig att implementeras hos en internetleverantör för att upptäcka attacker och öka säkerheten på nätverket. Jämförelsen utförs med hänseende till antal upptäckta attacker, prestanda, implementeringstid, antal konfigurationsfiler samt vilka operativsystem de finns tillgängliga på. Resultatet visar att Suricata med sitt stöd för att använda signaturer skapade för Snort upptäcker fler attacker än Snort. Snort däremot går både smidigare och snabbare att implementera. Prestandamässigt så visar Suricata bäst resultat, genom att använda sig av flera kärnor och mindre minne.
|
13 |
Intrustion Detection in Soho Networks using Elasticsearch SIEMNwosu, Ikechukwu C. 05 October 2021 (has links)
No description available.
|
14 |
Implementácia IDS/IPS do prostredia univerzitnej siete MENDELUHevier, Marek January 2018 (has links)
This diploma thesis deals with issue of IDS/IPS systems and possibilities of their utilization within the university network of Mendel University in Brno. The thesis includes a description how to install and configure Snort IDS, including addon modules based on predefined parameters and the ability to detect malious traffic within college computer network of Mendel University in Brno. The results include verification of correct detection of selected attack types and the discussion of False Positive and False Negative.
|
15 |
Analysis of detection systems in a Software-Defined NetworkFakolujo, Oluwapelumi, Qureshi, Amna 16 August 2024 (has links)
Yes / Software-Defined Networking (SDN), a novel and innovative networking technology, offers programmability and flexibility within networks and centralized control of those networks. The separation of data and control planes, as well as
the concentration of all control provisioning options within a SDN controller, are
two of the most significant ways in which SDN improves on traditional network
deployments. However, because different planes in an SDN network are separated,
the network contains several attack vectors that malicious users could exploit. Distributed Denial-of-Service (DDoS) attacks pose a unique threat to SDN because
they can disrupt connections between the controller and data plane devices. Therefore, developing and implementing intrusion detection systems (IDS) in SDN is
necessary. This paper investigates IDS in software-defined networks for effectively
detecting DDoS attacks using signature-based and machine learning (ML)-based
approaches. Mininet and OpenDayLight are used to simulate an SDN environment
in which normal and attack traffic is generated to assess intrusion detection techniques. The Snort IDS is employed as the signature-based IDS in this study, while
the ML algorithms, Random Forest (RF), J48, Naive Bayes (NB), and Support
Vector Machine (SVM) are used to implement the ML-based IDS. The IDS are
examined using SDN-generated traffic, with the InSDN-NB model surpassing all
other ML models and Snort IDS with 98.86% prediction accuracy and a train time
of 1.46s.
|
16 |
Nätverkssäkerhet med IPS : Förbättrad nätverkssäkerhet med Intrusion Prevention SystemsDubell, Michael, Johansson, David January 2013 (has links)
Att skydda sin IT-miljö mot olika typer av intrång och attacker som till exempel trojaner,skadliga Java applets eller DoS attacker med hjälp av brandväggar och antivirusprogramär två viktiga lager i skalskyddet. I den här uppsatsen undersöks hur väl ett Intrusion Prevention System skulle kunna fungera som ett ytterligare lager i skalskyddet. Fokus ligger på hur väl IPS-systemet klarar av att avvärja attacker, hur mycket tid som går åt till konfigurering och drift för att få ett fungerande IPS samt hur prestandan i nätverket påverkas av implementationen. För att mäta hur väl IPS systemet klarar av att upptäcka och blockera attacker utförs två experiment där ett mindre nätverk attackeras på olika sätt. I det första experimentet skyddas infrastrukturen av en brandvägg och klienterna är utrustade med antivirusprogram. I det andra experimentet genomförs samma attacker igen fast med ett Snort IPS implementerat i nätverket. Resultatet av de genomförda experimenten visar att en IPS klarar att blockera ca 87% av attackerna, men nätverksprestandan påverkas negativt. Slutsatsen är att endast brandväggar och antivirusprogram inte ger ett fullgott skydd.
|
17 |
A Performance Analysis of Intrusion Detection with Snort and Security Information Management / En Prestandaanalys av Intrångsdetektering med Snort och Hantering av SäkerhetsinformationThorarensen, Christian January 2021 (has links)
Network intrusion detection systems (NIDSs) are a major component in cybersecurity and can be implemented with open-source software. Active communities and researchers continue to improve projects and rulesets used for detecting threats to keep up with the rapid development of the internet. With the combination of security information management, automated threat detection updates and widely used software, the NIDS security can be maximized. However, it is not clear how different combinations of software and basic settings affect network performance. The main purpose in this thesis was to find out how multithreading, standard ruleset configurations and near real-time data shipping affect Snort IDS’ online and offline performance. Investigations and results were designed to guide researchers or companies to enable maximum security with minimum impact on connectivity. Software used in performance testing was limited to Snort 2.9.17.1-WIN64 (IDS), Snort 3.1.0.0 (IDS), PulledPork (rule management) and Open Distro for Elasticsearch (information management). To increase the replicability of this study, the experimentation method was used, and network traffic generation was limited to 1.0 Gbit/s hardware. Offline performance was tested with traffic recorded from a webserver during February 2021 to increase the validity of test results, but detection of attacks was not the focus. Through experimentation it was found that multithreading enabled 68-74% less runtime for offline analysis on an octa-thread system. On the same system, Snort’s drop rate was reduced from 9.0% to 1.1% by configuring multiple packet threads for 1.0 Gbit/s traffic. Secondly, Snort Community and Proofpoint ET Open rulesets showed approximately 1% and 31% dropped packets, respectively. Finally, enabling data shipping services to integrate Snort with Open Distro for Elasticsearch (ODFE) did not have any negative impact on throughput, network delay or Snort’s drop rate. However, the usability of ODFE needs further investigation. In conclusion, Snort 3 multithreading enabled major performance benefits but not all open-source rules were available. In future work, the shared security information management solution could be expanded to include multiple Snort sensors, triggers, alerting (email) and suggested actions for detected threats.
|
18 |
Proteção de sistemas elétricos considerando aspectos de segurança da rede de comunicação / Electric power system protection considering safety aspects of the communication networkCosta, Nilson Santos 28 May 2007 (has links)
O mundo moderno está cada dia mais conectado por todos os meios tecnológicos que existem hoje. Isto permite que mais e mais pessoas possam se comunicar, tornando a estrada da comunicação virtual obrigatória para a sobrevivência das pequenas, médias e grandes empresas públicas e privadas. O grande avanço tecnológico do século 20 foi à utilização em grande escala do PC (personal computer) comumente chamados de microcomputadores. Este avanço também chegou aos sistemas elétricos de potência, tornando as subestações digitalizadas. Estas subestações sendo digitais correm riscos de invasão cibernética interna ou mesmo externa. Embora a possibilidade de invasão cibernética externa seja pequena, ela existe. Diante dessa situação este trabalho propõe a aplicação de um sistema de segurança, aplicado em um sistema elétrico de potência. O trabalho concentra-se especificamente no estudo dos sistemas de detecção de intruso (SDI), nos seus dois modos básicos: o SDI por abuso e SDI por anomalia utilizando redes neurais artificiais. Estes conceitos serão testados em um sistema elétrico de potência simulado, com uma rede de comunicação baseada em microcomputadores e/ou equipamentos microprocessados, com relés digitais reais. Os Softwares, denominados SNORT e Carcará, foram utilizados e extensivamente testados com resultados altamente encorajadores para a função descrita. / Modern world is more connected each day by all technological means available. This allows more people to communicate, turning the virtual communication road obligatory to the survival of small, medium and large companies, whether public or private. The great technological advance of the 20th century was the large use of the PCs (personal computer), usually called microcomputers. This advance also reached the power electric systems with the digitalization of the substations. These digitalized substations, run the risk of cybernetic invasion, internal or even external. Although the possibility of external cybernetic invasion is small, it exists. In that context, the present thesis proposes the application of a security system for an electric power system. The focus will be the study of intruder detection systems (IDS), on its two basic forms: the IDS by abuse and the IDS by anomaly, using artificial neural networks. These concepts will be tested in a simulated electric power system, with a communication network based on microcomputers, with actual digital relays with the digitalization of the substations.
|
19 |
Proteção de sistemas elétricos considerando aspectos de segurança da rede de comunicação / Electric power system protection considering safety aspects of the communication networkNilson Santos Costa 28 May 2007 (has links)
O mundo moderno está cada dia mais conectado por todos os meios tecnológicos que existem hoje. Isto permite que mais e mais pessoas possam se comunicar, tornando a estrada da comunicação virtual obrigatória para a sobrevivência das pequenas, médias e grandes empresas públicas e privadas. O grande avanço tecnológico do século 20 foi à utilização em grande escala do PC (personal computer) comumente chamados de microcomputadores. Este avanço também chegou aos sistemas elétricos de potência, tornando as subestações digitalizadas. Estas subestações sendo digitais correm riscos de invasão cibernética interna ou mesmo externa. Embora a possibilidade de invasão cibernética externa seja pequena, ela existe. Diante dessa situação este trabalho propõe a aplicação de um sistema de segurança, aplicado em um sistema elétrico de potência. O trabalho concentra-se especificamente no estudo dos sistemas de detecção de intruso (SDI), nos seus dois modos básicos: o SDI por abuso e SDI por anomalia utilizando redes neurais artificiais. Estes conceitos serão testados em um sistema elétrico de potência simulado, com uma rede de comunicação baseada em microcomputadores e/ou equipamentos microprocessados, com relés digitais reais. Os Softwares, denominados SNORT e Carcará, foram utilizados e extensivamente testados com resultados altamente encorajadores para a função descrita. / Modern world is more connected each day by all technological means available. This allows more people to communicate, turning the virtual communication road obligatory to the survival of small, medium and large companies, whether public or private. The great technological advance of the 20th century was the large use of the PCs (personal computer), usually called microcomputers. This advance also reached the power electric systems with the digitalization of the substations. These digitalized substations, run the risk of cybernetic invasion, internal or even external. Although the possibility of external cybernetic invasion is small, it exists. In that context, the present thesis proposes the application of a security system for an electric power system. The focus will be the study of intruder detection systems (IDS), on its two basic forms: the IDS by abuse and the IDS by anomaly, using artificial neural networks. These concepts will be tested in a simulated electric power system, with a communication network based on microcomputers, with actual digital relays with the digitalization of the substations.
|
20 |
Detektering av långsam portskanning i realtidssystemPettersson, Mattias January 2017 (has links)
I denna rapport beskriver jag min undersökning av en metod för detektering av långsam portskanning i ett system som utför realtidsanalys. Portskanning används som en rekognoceringsmetod bland illasinnade aktörer i IT-världen. Det används för att bilda en uppfattning om eventuella svagheter som kan finnas i ett nätverk. Långsam portskanning används för att lura ev. Detekteringssystem och därmed kunna skanna utan att upptäckas. Detektering av långsam portskanning kan vara resurskrävande för arbetsminnet då en stor buffer traditionellt upprättas för att analysera nätverkstrafik över en längre tidsperiod. Det finns även lösningar som analyserar nätverksflöden, vilket istället innebär en förlust av information och att port skanning ej kan upptäckas i realtid. Jag har skapat ett detekteringsystem där jag undersöker möjligheten att använda en databas för detektering av långsam portskanning. Det görs i ett system som ana-lyserar paket i realtid. Resultatet blev ett program som klarar av just det. Det upptäcker vanliga portskan-ningsattacker i realtid och långsamma attacker via presentation i en databas. / In this report I describe my investigation of a method for slow port scanning detec-tion in a real-time analysis system. Port scanning is used as a reconnaissance technique used by perpetrators in the IT world. It is used to form an idea of any vulnerabilities that may exist in a network. Slow port scanning is used to try to bypass detection systems and thus able to per-form a scan without being detected. Slow port scanning detection may be resource-intensive for the computer memory since a large buffer is traditionally established to analyze network traffic over a longer period of time. There are also solutions that analyze netflow data, which provides less information and is unable to detect port scanning in real time. I have created a detection system where I investigate the possibility of using data-base in order to detect slow port scanning. The method is part of a system that ana-lyzes real-time packages. The result is a program is capable of doing just that. It detects regular port scan attacks in real time and slow attacks through presentation of the database.
|
Page generated in 0.0485 seconds