[attachment=15192]
Attack Scenarios Construction and Automated Report Generation in SACHET Intrusion Detection System
An Intrusion Detection Systems (IDS) is a passive system which relies on the system administrator to take action when an attack is detected. The latency between an attack detection and corrective action taken by the administrator is usually high and therefore, by the time the administrator notices an attack and takes an action, the damage is already done. This necessitates the need for an Intrusion Prevention System which can not only detect attacks but can also actively respond to them. Intrusion prevention is a pre-emptive approach to system security which is used to identify potential threats and respond to them swiftly.
Vulnerability Assessment would provide a clear picture of all hosts on the network, the services that they provide and also information on the known vulnerabilities. This information would help the administrator in configuring the IDS and can also be used to assign priority to an alert.
In this thesis, we describe the design and implementation of Intrusion Prevention and Vulnerabilty Assessment schemes for Sachet IDS. Sachet is a distributed, real time network-based Intrusion Detection System with centralized control developed at IIT Kanpur. Sachet uses an open source software, Snort, for signature-based detection. Recently, a new version of Snort, snort-inline, has been released for Linux which has intrusion prevention capability. The aim of Intrusion Prevention for Sachet is to provide this capability for Windows operating system. The aim of Vulnerability Assessment is to determine the vulnerabilities of machines monitored by Sachet at regular intervals and to use this information to assign priority to alerts generated by Snort.