In network security, Intrusion Detection System (IDS) is one of the popular and effective mechanism to secure the network. The aim of IDS is to offer a layer of protection against unauthorized (or malicious) uses of systems by sensing the vulnerability in the system or misuse of a security policy, and alerts system administrator to an ongoing (or recent) attack. IDSs function is limited to detect the intrusion and respond to administrator about the intrusion by monitoring the system continuously. IDS is not able to preserve evidence about the intrusion, which makes it difficult to see the damage in the system and gather information about the attack and hence make it impossible to catch the intruder. Although evidence can be collected from IDS’s and system log files, but integrity, reliability, and completeness of such evidence are doubtful as log files can also be altered by intruder. In order to preserve evidence in its original form we have proposed “Application of Intrusion Detection System in automatic Evidence Collection using Digital Forensics”. In our model whenever an intrusion is detected, IDS notify the administrator by sending an alert as well as activate the digital forensic tool to capture the current state of the system. This captured system image contains all the information of the system of the time when attack was taking place. Hence such image can be used as evidence in legal proceeding. We used both signature based IDS and anomaly based IDS in the work and observe that signature based IDS is not able to detect novel threats while anomaly based IDS is able to detect such threats.
展开▼
