Volume 15, Number 3
Intrusion Detection System Using Customized Rules for Snort
Authors
Manju1, Shanmugasundaram Hariharan2, M. Mahasree1, Andraju Bhanu Prasad2 and H.Venkateswara Reddy2, 1SRM Institute of Science and Technology, India, 2Vardhaman College of Engineering Hyderabad, India
Abstract
These days the security provided by the computer systems is a big issue as it always has the threats of cyber-attacks like IP address spoofing, Denial of Service (DOS), token impersonation, etc. The security provided by the blue team operations tends to be costly if done in large firms as a large number of systems need to be protected against these attacks. This leads these firms to turn to less costly security configurations like IDS Suricata and IDS Snort. The main theme of the project is to improve the services provided by Snort which is a tool used in creating a vague defense against cyber-attacks like DDOS attacks which are done on both physical and network layers. These attacks in turn result in loss of extremely important data. The rules defined in this project will result in monitoring traffic, analyzing it, and taking appropriate action to not only stop the attack but also locate its source IP address. This whole process uses different tools other than Snort like Wireshark, Wazuh and Splunk. The product of this will result in not only the detection of the attack but also the source IP address of the machine on which the attack is initiated and completed. The end product of this research will result in sets of default rules for the Snort tool which will not only be able to provide better security than its previous versions but also be able to provide the user with the IP address of the attacker or the person conducting the attack. The system involves the integration of Wazuh with Snort tool in order to make it more efficient than IDS Suricata which is another intrusion detection system capable of detecting all these types of attacks as mentioned. Splunk is another tool used in this project which increases the firewall efficiency to pass the no. of bits to be scanned and the no. of bits scanned successfully. Wazuh is used in this system as it is the best choice for traffic monitoring and incident response than any other of its alternatives in the market. Since this system is used in firms which are known to handle big amounts of data and for this purpose, we use Splunk tool as it is very efficient in handling big amounts of data. Wireshark is used in this system in order to give the IDS automation in its capability to capture and report the malicious packets found during the network scan. All of this gives the IDS a capability of a low budget automated threat detection system. This paper gives complete guidelines for authors submitting papers for the AIRCC Journals.
Keywords
Intrusion Detection System, Snort, Wireshark, Wazuh, Splunk, DDOS attack, Automation