A Formal proposal for a dissertation that will be submitted in partial

Fulfilment of a University of Greenwich Master Degree

Intrusion Detection and Prevention Systems

Name: Md. Matiur Rahman

Student ID: 000646848
Program of Study: MSc Computer Systems and Networking

Supervisor: Dr. Maryam Roshaneai

Topic Area: Intrusion Detection, Intrusion Prevention Systems

Keywords associated with this project: computer network,

network security, malicious, vulnerabilities, attack, threats, quality
of services, security policies.

MSc Course studied that contribute towards this

dissertation: Network Technologies, Network security, Network
Security management system.
Introduction:

An intrusion detection system (IDS) is a device or software application

that monitors network system activities for malicious activities or policy
violations and produces reports to a Management Station.

Intrusion prevention is the process of performing intrusion detection and

attempting to stop detected possible incidents.

Intrusion detection and prevention systems (IDPS) are primarily focused

on identifying possible incidents, logging information about them,
attempting to stop them, and reporting them to security administrators.

Intrusion prevention is the process of performing intrusion detection and

attempting to stop detected possible incidents. Intrusion detection and
prevention systems (IDPS) are primarily focused on identifying possible
incidents, logging information about them, attempting to stop them, and
reporting them to security administrators.

There are four type of intrusion detection and prevention system.

• Network based IDP

• Wireless IDP

• Network activities anomaly detection

• Host based IDP implementing misuse detection or anomaly

detection methodology.

Network based IDP

Network IDPS has several protocols. Such as application, transport, network and
hardware. These protocols examine the network traffic and detect any intrusion
in the hosts. I’ll follow up on any possible way to break the security and most
effective way to prevent them.

Wireless IDP

Wireless IDP monitor wireless network traffic and check its wireless networking
protocols ( e.g. unauthorized WLANs and WLANS devices, poorly secured WLAN
devices, unusual usage patterns, denial of service(DOS) attacks) to discover any
kind of intrusion. My target is to figure out the causes and prevent them with
comparatively better software.

Network activities anomaly detection

Network Activities Anomaly Detection (NBAD) examines network traffic to

discover threats that generate abnormal traffic flows. It includes distributed
denial of service (DDoS) attacks, scanning, and certain forms of malware like
worms and backdoors. These systems are often deployed to check flows on an
organization’s internal networks, and also sometimes deployed where they can
check flows between an organization’s networks and external networks (e.g., the
Internet, business partners’ networks).

Host based IDP implementing misuse detection or anomaly

detection methodology

Host-Based IDP examines the attribute of a distinct host and the proceedings
taking place within that host for doubtful activity. Examples of which type of
attribute a host-based IDP might monitor are network traffic (only for that host),
system logs, running processes, application activity, file access and modification,
and system and application configuration changes. It is most frequently
deployed on critical hosts like publicly accessible servers and servers containing
sensitive information.
Objectives:

It is very important for computer professionals to enlarge the knowledge

of network and internet security to provide reliable and substantiate
service to customers because of increasing rate of hackers and talented
computers professionals who want to exploits the security bugs and get
benefited by unauthorized access. Firewalls and antivirus are not
sufficient enough to stop those super human brains whose mind programs
enough faster than antivirus programs and they easily get access into the
system by undetectable Trojans and destructive software. To prevent
intruders these days we need to provide extra security as Intrusion
detection and prevention system.

The current trend is that it is becoming increasingly easier to attack

computer systems. More people with limited computer knowledge can
carry out attack on poorly maintained systems, because attack tools are
increasingly accessible and usable. A manifestation of this is the
movement of attack tools from command-line to graphical-based tools.

Security breaches can have damaging consequences particularly for e-

business, which is simply Internet-aided business. Enterprises, for
example, depend on information to run their businesses, which is
constantly increasing. Hence, there is need to ensure its security,
confidentiality, integrity, and availability, to maintain a competitive edge
over other businesses. Many assume that by securing entry into the
network, they can secure their systems. It is not sufficient to focus only on
security within networks. Other aspects of the whole system also have to
be taken into consideration; for instance, operating system and
application security, such as, software and database security.
This research objective is to analyze and evaluate knowledge based
techniques how to detect and prevent hackers or unauthorized intruders
to access information.

How the objectives will be achieved:

Different IDS adopt different detection techniques: These days’ different

users and organisations using different kind of software to prevent the
unwelcomed intrusion. End of the research I will determine which software
are more effective and reliable with detail examine. For research
assessment I will work on the following software:
Data mining and computational intelligence, Artificial Neural Networks,
Resilient Back Programs, Support Vector Machines, Multivariate adaptive
regression splines and Computational intelligent agents based
architecture. Quasi experiment method will be implemented to
accomplish this research. Intrusion detection software like EagleX,
KFSensor Professional 4.5.0. , AirSnare, Security Center Lite, Network Spy
2.0 and Intrusion Detection System- SAX2 installed on server machine will
be analyzed.
For even better result there could be some extra software
included later on in the research.

Resources:

Hardware:

Web server

Laptop

Software:
Snort

EagleX

KFSensor

Others:

Internet, books.

Schedule:

The schedule of the university will be followed

Initial Report: End of November 2010

Interim Report: End of December 2010

Final Report: Before 31st January 2011 will be submitted.

Project outline:

Chapter will be covered

• Literature Review
• Intrusion detection methodologies
• IDPS Technologies
• Types of IDPS
 Network based IDPS.
 Wireless IDPS.
 Network activities anomaly detection.
 Host based IDPS.
• Using and Integrating Multiple IDPS Technologies
• Discuss about IDPS Software
• Computer Attack Methodology
• Analysis