Improving NIDS Rules for Protocols with Detection of Abnormal Traffic in Real Time Traffic Using Snort

Authors

  • Ankita Choubey  Shri Ram Institute of Science & Technology, Jabalpur, Madhya Pradesh, India
  • Navi Singh Thakur  Shri Ram Institute of Science & Technology, Jabalpur, Madhya Pradesh, India

Keywords:

NIDS, Snort,Network Traffic, Profile, Snort Rules.

Abstract

Network intrusion detection system (NIDS) has attracted much attention in recent years due to ever-increasing amount of network traffic and ever-complicated attacks. Numerous studies have been focusing on accelerating pattern matching for a high-speed design because some early studies observed that pattern matching is a performance bottleneck. However, the effectiveness of such acceleration has been challenged recently. This work therefore re-examines the performance bottleneck by profiling popular NIDSs, Snort, with various types of network traffic in detail. In the profiling, we find pattern matching can be dominant in the Snort execution if the entire packet payloads in the connections are scanned, while executing the snort rules is an obvious bottleneck in the snort execution. This work suggests three promising directions towards a high-speed NIDS design for future research: a method to precisely specify the possible locations of the signatures in long connections, a compiler to transform the policy scripts to efficient binary codes for execution, and an efficient design of connection tracking and packet reassembly.

References

  1. Haitao Sun, Shengli Liu, JiayongChen and Changhe Zhang "HTTP tunnel Trojan detection based on network behavior", Elsevier, Proceedings to the Energy Procedia ESEP 2011: 9-10 December 2011, Singapore, pp. 1272 – 1281, 2011.
  2. Borders K and Prakash A. Web tap:detecting covert web traffic. Proc. ACM conference on Computer and Communications Security (CCS 04)2004;110-120.
  3. Kruegel C, Vigna G. Anomaly Detection of web-based attacks. Proc. ACM conference on Computer and Communications Security (CCS 03)2003;251-261.
  4. Wenke Lee. (1999). A Data Mining Framework for Constructing Feature and Model for Intrusion Detection System. PhD thesis University of Columbia.
  5. Cuppen, F. & Miege, A. (2002). Alert Correlation in a Cooperative Intrusion Detection Framewok. In Proceeding of the 2002 IEEE Symposium on Security and Privacy. IEEE, 2002.
  6. Cabrera, J.B.D., Ravichandran, B & Mehra R.K. (2000). Statistical Traffic Modelling for Network Intrusion Detection. In Proceeding of the IEEE Conference.
  7. Yeophantong, T, Pakdeepinit, P., Moemeng, P & Daengdej, J. (2005). Network Traffic Classification Using Dynamic State Classifier. In Proceeding of IEEE Conference.
  8. Farah J., Mantaceur Z. & Mohamed BA. (2007). A Framework for an Adaptive Intrusion Detection System using Bayesion Network. Proceeding of the Intelligence and Security Informatics, IEEE, 2007.
  9. Wang Y., Huang GX. & Peng DG. (2006). Model of Network Intrusion Detection System Based on BP Algorithm. Proceeding of IEEE Conference on Industrial Electronics and Applications, IEEE, 2006.
  10. Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiwari, A., Yang, H. & Zhou, S. (2002). Spesification-based Anomaly Detection: A New Approach for Detecting Network Intrusions. In Proceeding of CCS ACM Conference.
  11. Karl Levitt. (2002). Intrusion Detection: Current Capabilities and Future Direction. Proceeding of IEEE Conference of the 18th Annual Computer Security Application, IEEE, 2002.
  12. Garuba, M., Liu, C. & Fraites, D. (2008). Intrusion Techniques: Comparative Study of Network Intrusion Detection Systems. In Proceeding of Fifth International Conference on Information Technology: New Generation, IEEE, 2008.
  13. Robertson S., Siegel EV., Miller M. & Stolfo SJ. (2003). Surveillance
  14. Detection in High Bandwidth Environment. In Proceeding of IEEE Conference on the DARPA information Survivability and Exposition, IEEE, 2003.
  15. AXELSSON , S. On a difficulty of intrusion detection. In Recent Advances in Intru- sion Detection (1999).

International Journal of Scientific Research in Science, Engineering and Technology

Downloads

Published

2016-12-30

Issue

Volume 2, Issue 6, November-December-2016

Section

Research Articles

License

Copyright (c) IJSRSET

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Ankita Choubey, Navi Singh Thakur, " Improving NIDS Rules for Protocols with Detection of Abnormal Traffic in Real Time Traffic Using Snort, International Journal of Scientific Research in Science, Engineering and Technology(IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 2, Issue 6, pp.145-148, November-December-2016.