Intrusion Detection Systems
Conclusion
This project involved creating a protototype Network Intrusion System to analyse a sample network traffic output file.
The development of the IDS was successful, insofar as an operational lightweight IDS was developed. This could identify a range of suspicious activity from the record of network traffic and could be expanded on a modular basis to alert to a wide range of attacks.
Its main limitations are the limited number of attacks that it detects and the need to carry out initial doctoring of the text file input, as well as the standard limitations of a host-based IDS. That is, such an IDS cannot prevent an intrusion, It can only alert that an intrusion or intrusion attempt has taken place. However, the results can be used to influence network security policy.
The strengths of the program are in its simplicity and its idiot-proof nature. Once a text file is provided in the same folder, the process is automatic, the network admin need only run the executable file and a report is produced, indicating the numbers of potentially suspicious entries in the log. As with other host-based systems, the program does not impede the flow of network traffic, unlike a real-time IDS which may disrupt traffic on the basis of false-positive results.
