Network Security Analysis with SnortIDS Using ACID (Analysis Console for Intrusion Databases

The use of Wi-Fi and Ethernet is increasing in today's computer networks due to the advancement of technology. The development of networks today is characterized by the need for low-latency and high-bandwidth technology. The technology has also introduced 5G and Wi-Fi 6 which support high-speed internet surfing. The introduction of Network File System (NFS) in this era sparked the demand for Ethernet. NFS also increased the use of UNIX in education and professional computing in the 1980s. Then, in 1982, Token Ring Topology emerged as an alternative to the internet and was only standardized in 1985. Network security is an important factor in ensuring data is not stolen or damaged. With the increasing knowledge of hacking and cracking, and the availability of tools that can be easily used to launch attacks or intrusions, it is important to investigate when an attack occurs. One network forensic method for monitoring attacks on the network is using Snort IDS and Ntop to facilitate the logging process for monitoring the network system. Based on the results obtained from designing a network security with Snort Intrusion Detection System (IDS) using ACID (Analysis Console for Intrusion Databases) with the utilization of IPTables on Ubuntu Server can stop attackers. In this research, the researcher used IPTables on Ubuntu as a firewall to anticipate attacks. To prevent port scanning attacks conducted by the attacker, the author created a firewall using IPTables where the IPTables rules aim to block the IP address of the attacker

SUTMS - Unified Threat Management Framework for Home Networks

Home networks were initially designed for web browsing and non-business critical applications. As infrastructure improved, internet broadband costs decreased, and home internet usage transferred to e-commerce and business-critical applications. Today’s home computers host personnel identifiable information and financial data and act as a bridge to corporate networks via remote access technologies like VPN. The expansion of remote work and the transition to cloud computing have broadened the attack surface for potential threats. Home networks have become the extension of critical networks and services, hackers can get access to corporate data by compromising devices attacked to broad- band routers. All these challenges depict the importance of home-based Unified Threat Management (UTM) systems. There is a need of unified threat management framework that is developed specifically for home and small networks to address emerging security challenges. In this research, the proposed Smart Unified Threat Management (SUTMS) framework serves as a comprehensive solution for implementing home network security, incorporating firewall, anti-bot, intrusion detection, and anomaly detection engines into a unified system. SUTMS is able to provide 99.99% accuracy with 56.83% memory improvements. IPS stands out as the most resource-intensive UTM service, SUTMS successfully reduces the performance overhead of IDS by integrating it with the flow detection mod- ule. The artifact employs flow analysis to identify network anomalies and categorizes encrypted traffic according to its abnormalities. SUTMS can be scaled by introducing optional functions, i.e., routing and smart logging (utilizing Apriori algorithms). The research also tackles one of the limitations identified by SUTMS through the introduction of a second artifact called Secure Centralized Management System (SCMS). SCMS is a lightweight asset management platform with built-in security intelligence that can seamlessly integrate with a cloud for real-time updates

Botnet lab creation with open source tools and usefulness of such a tool for researchers

Botnets are large scale networks, which can span across the internet and comprise of computers, which have been infected by malicious software and are centrally controlled from a remote location. Botnets pose a great security risk and their size has been rising drastically over the past few years. The use of botnets by the underground community as a medium for online crime, bundled with their use for profit has shined the spotlight on them. Numerous researchers have proposed and designed infrastructures and frameworks that identify newly formed botnets and their traffic patterns. In this research, the design of a unified modular open source laboratory is proposed, with the use of virtual machines and open source tools, which can be used in analyzing and dissecting newly found bots in the wild. Furthermore, the usefulness and flexibility of the open source laboratory is evaluated by infecting my test machines with the Zeus Bot

Netodyssey: a framework for real-time windowed analysis of network traffic

Traffic monitoring and analysis is of critical importance for managing and designing modern computer networks, and constitutes nowadays a very active research field. In most of their studies, researchers use techniques and tools that follow a statistical approach to obtain a deeper knowledge about the traffic behaviour. Network administrators also find great value in statistical analysis tools. Many of those tools return similar metrics calculated for common properties of network packets. This dissertation presents NetOdyssey, a framework for the statistical analysis of network traffic. One of the crucial points of differentiation of NetOdyssey from other analysis frameworks is the windowed analysis philosophy behind NetOdyssey. This windowed analysis philosophy allows researchers who seek for a deeper knowledge about networks, to look at traffic as if looking through a window. This approach is crucial in order to avoid the biasing effects of statistically looking at the traffic as a whole. Small fluctuations and irregularities in the network can now be analyzed, because one is always looking through window which has a fixed size: either in number of observations or in the temporal duration of those observations. NetOdyssey is able to capture live traffic from a network card or from a pre-collected trace, thus allowing for real-time analysis or delayed and repetitive analysis. NetOdyssey has a modular architecture making it possible for researchers with reduced programming capabilities to create analysis modules which can be tweaked and easily shared among those who utilize this framework. These modules were thought so that their implementation is optimized according to the windowed analysis philosophy behind NetOdyssey. This optimization makes the analysis process independent from the size of the analysis window, because it only contemplates the observations coming in and going out of this window. Besides presenting this framework, its architecture and validation, the present Dissertation also presents four different analysis modules: Average and Standard deviation, Entropy, Auto-Correlation and Hurst Parameter estimators. Each of this modules is presented and validated throughout the present dissertation.Fundação para a Ciência e a Tecnologia (FCT

BANDWIDTH CONTROL BASED ON IP ADDRESS

This report provides an insight of problem identification, related secondary data (literature reviews), the possible approach in completing the project and the result/discussion arguments. The progress of the project are also been projected in this report. It can be referred to the diagrams, testing results and some comparisons that will be later discuss in depth. The proposed method is based on the current situation that every network is experiencing which is the congested problem as a result of some phenomenon that occurs such as the bottleneck problems and ip spoofing. Upon the completion of this project, it is expected to deliver a fair distribution of network bandwidth to the users. It is practically done by controlling the bandwidth usage from a dedicated server and a resource locator so that the abuser can be pin-pointed and the whereabouts can also be determined. A network policy is also being implemented here with the integration of the PHP language, the MySQL as the main data storage and also the GIS application such as the mapserver for the resource locator part. This paper will also focus on the security part and data visualization from the result