Enhanced Sensor-based Intrusion Detection System
The aim of this project is to create a sensor-based Intrusion Detection
System (IDS), which can detect various types of activities going against the security policy,
and to generate useful alerts, which could be used to create preventative security
measures to mitigate future intrusions. The main system to be protected is a Web server
segment, which also runs a Telnet and FTP servers. Overall the main activities to detect
and report on include:
• Reconnaissance of systems on the segment, including host scans and port scans.
• Detection of typical attacks against the Web server, including a possible Denial-ofService
(DoS) attack.
• Detection of remote user administration access to the servers, over the network.
The aim is for you to create a prototype of a system which outlines how the system could
work, and to produce an academic report which will cover the research into the problem
area, technical analysis, design, testing and details of the prototype solution.
For this you should implement an agent-based IDS Sensor, either building:
• Your own Sensor (for example using Winpcap and .NET) or
• A Sensor using a stand-alone version of Snort
Overall the IDS Sensor should be tuned to produce useful alerts, which can optionally be
stored securely and monitored remotely.