TCP Stream Re-assembly and Web-based GUI for Sachet IDS
#1

TCP Stream Re-assembly and Web-based GUI for Sachet IDS


Sachet is a Network based Intrusion Detection System developed at IIT Kanpur. It monitors the network traffic to detect any unwanted attempts to compromise the security of the network by malicious users. Recently an Intrusion Prevention functionality was also added to it. IPS monitors network traffic inline and prevent intrusions by dropping the malicious packets before they reach the actual host. In this thesis, we are adding two functionalities needed to enhance the utility of the system.

One of the major techniques to prevent an IDS/IPS from detecting an attack is through splitting the signature into two packets of a TCP Connection. As the IDS/IPS checks for signature in each packet individually it would not be able to detect this attack. However, on the host machine these packets would be re-assembled and a stream of data is available to the application. Hence, it would get compromised. We are adding a TCP Re-assembly module to our IPS so that it can detect those attacks which would have went though undetected.

We are also adding a Web based Graphical User Interface to the system so that a network administrator can monitor the IDS from a remote machine. Currently, the information about the alerts (and the status of network and nodes) can be monitored only from the server machine.
Reply
#2

[attachment=15213]
Introduction
With online business more important now than in yesteryears, importance of securing
data present on the systems accessible from the Internet is also increasing. If a
system is compromised for even a small time, it could lead to huge losses to the organization.
Everyday new tools and techiniques are devised to stop these malicious
attempts to access or corrupt data.
Traditionally firewall have been used to stop the intrusion attempts by an
attacker. But firewalls have static configurations that block attacks based on source
and destination ports and IP addresses. These are not sufficient to provide security
from all the attacks. Therefore, we need IDS and IPS type systems which could
analyse the payload of the packet to detect these attacks.
1.1 Intrusion Detection System
An Intrusion Detection System is a defense mechanism to monitor any unauthorized
access to a system or a network. If an attack is detected, it is reported to the network
administrator so that appropiate actions could be taken to provide security to the
system or network.
An IDS can be implemented in hardware as well as software. Software based
IDS generally provide higher configurability but are slow. On the other hand hardware
based IDS are difficult to configure but can handle higher network speeds.
Also it is difficult to update hardware based IDS for new signatures. IDS can be
categorized in a variety of ways depending on how they gather data, their methods
to detect intrusion, and their architecture.
On the basis of collection of data, IDS are categorised into Network Intrusion
Detection Systems (NIDS) or Host Intursion Detection System (HIDS). NIDS
gathers data from the network traffic. It detects intrusions by analyzing the headers
and the data present in the packets. It can reside anywhere on the network where it
can read all the incoming packets to the set of hosts which it is monitoring. HIDS
resides on the specific host which it is monitoring. It detects intrusions by analyzing
the state of the host machine, information stored in RAM or disk, e.g. system call
traces, event logs, etc.
On the basis of method to detect the attack, IDS can be categorized into
Signature-detection based IDS and Anomally-detection based IDS. A signature
based IDS uses a set of patterns (signatures) which are prepared manually from
the logs of the earlier sucessful attacks. They work by looking for these signatures
in the contents of the packets. Hence, they are very accurate and efficient. But these
signatures need to be updated regularly to detect new attacks. An anomaly based
IDS detects attacks on the basis of deviation from the normal activity. They use machine
learning techniques to learn the normal behavior of the system/network over
a long period of time. Any deviation from that behavior is considered an anomaly
or an attack. Although this allows us to detect even unknown attacks but it raises
a lot of false alarms. If the number of false alarms is too much, the actual alerts
may get ignored.
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: matlab gui elevator animation, design for manufacturing and assembly, matlab music gui, empty sachet detection, android tutorial for gui, lpc 2148 and gui display interfacing ppt, what is gui report layouts in srs,

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  WEB SERVICE SELECTION BASED ON RANKING OF QOS USING ASSOCIATIVE CLASSIFICATION 1 898 15-02-2017, 04:13 PM
Last Post: jaseela123d
  Service-Oriented Architecture for Weaponry and Battle Command and Control Systems in 1 1,045 15-02-2017, 03:40 PM
Last Post: jaseela123d
  Migrating Component-based Web Applications to Web Services: towards considering a ”We 1 822 15-02-2017, 10:56 AM
Last Post: jaseela123d
  Online Rental House Web Portal smart paper boy 6 5,393 06-02-2016, 01:00 PM
Last Post: seminar report asees
  Web Based Blood Bank Management System project report maker 4 12,585 18-04-2015, 07:12 PM
Last Post: Guest
  WEB PORTAL FOR STUDENT INFORMATION SYSTEM OF E.C.A smart paper boy 2 3,085 29-03-2014, 11:49 PM
Last Post: Guest
  Developing a web application to transfer image and patient information project report maker 2 3,643 21-03-2014, 01:44 AM
Last Post: MichaelPn
  web based supply chain management full report project report tiger 11 9,925 02-02-2013, 04:28 PM
Last Post: seminar details
  Web Based Claims Processing System (WCPS) seminar topics 13 12,361 05-01-2013, 09:23 AM
Last Post: Guest
  A Web Usage Mining Framework for Mining Evolving User Profiles in Dynamic Web Site project topics 1 2,325 13-12-2012, 12:22 PM
Last Post: Guest

Forum Jump: