IDS Academic Writing

Enhanced Sensor-based Intrusion Detection System The aim of this project is to create a sensor-based Intrusion Detection System (IDS), which can detect various types of activities going against the security policy, and to generate useful alerts, which could be used to create preventative security measures to mitigate future intrusions. The main system to be protected is a Web server segment, which also runs a Telnet and FTP servers. Overall the main activities to detect and report on include: • Reconnaissance of systems on the segment, including host scans and port scans. • Detection of typical attacks against the Web server, including a possible Denial-ofService (DoS) attack. • Detection of remote user administration access to the servers, over the network. The aim is for you to create a prototype of a system which outlines how the system could work, and to produce an academic report which will cover the research into the problem area, technical analysis, design, testing and details of the prototype solution. For this you should implement an agent-based IDS Sensor, either building: • Your own Sensor (for example using Winpcap and .NET) or • A Sensor using a stand-alone version of Snort Overall the IDS Sensor should be tuned to produce useful alerts, which can optionally be stored securely and monitored remotely.