An analysis of various snort based techniques to detect and prevent intrusions in networks proposal with code refactoring snort tool in Kali Linux environment

摘要

Security and reliability are the major concern of our daily life usage of any network. But with the swift advancements in network technology, attacks are becoming more sophisticated than defenses. Although firewalls and router-based packet filtering are essential elements of an overall network security topology, they are not enough on their own. So, to brace the network from unauthorized access the idea of Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) is attracting security experts. This paper briefs various trends in Intrusion Detection & Prevention. To understand various techniques in IDS, this paper analyses various approaches proposed by security researchers specifically using popular open source software Snort as their IDS tool. Being an open source IDS, Snort can be easily configured and deployed in any environment. To assess the efficiency, these research papers are analyzed in various performance aspects like Detection Accuracy, Scalability and Capability of detecting unknown attacks. To overcome various challenges like low detection rate, incapable of handling huge traffic, unsupported automated tuning, etc. that are identified during literature review, this paper proposes a level based architecture. All the levels are designed as incremental i.e. capable of providing the desired functionality and also its lower levels. To prove the efficiency of the proposed architecture, it can be integrated into Snort Tool using Code Refactoring. Also proposed an environment setup to evaluate the modified Snort Tool performance in future.