Increased use of internet has led to more cybercrimes like unauthorized use of computer in the network thereby it is necessary to use the intrusion detection system, to protect the information system from the unauthorized attacks and malicious attacks. Intrusion detection system (IDS) is a system that monitors all computers in a network and identifies all security breaches and raises alerts to the administrative system about an cracker is trying to create an unauthorized access to the network. In this paper discusses about the real time and network based IDS.
The main aim of this project is to identify logical relation among the low level alerts and provide a report security issues to the system administrator called as attack scenarios. This module of the project has been successfully tested on a benchmark 2000 DARPA data set. Automated report generations takes all related report generated as mentioned above together and generates an overall picture about the network attacks and present it to the system administrator.
There are mainly two types of intrusion detection system: Host based IDS and Network based IDSHost based IDS uses audit logs and system as its data source, while the other network-based IDS uses network traffic as there data source. An assignee on the host which captures intrusions by analyzing application logs, file-system modifications (binaries, password files, etc.)and other host activities is done in the host-based IDS.
The sensors are placed at a the network to identify all network traffic flows and analyze the content of every individual packet and check whether any sort of malicious activities in case of network-based IDS, such as denial of service attacks, buffer overflow attacks, etc. are been occurring in the network these results from IDS are been automatically reported to the system administrator as an overall picture about the network attack.
Download Attack Scenario Construction and Automated Report Generation in Sachet Project Report.