A network-based intrusion detection and prevention system with multi-mode counteractions

Recently, as result of dramatic connectivity between devices from a computer to mobile systems, security of information and availability of the services become more and more challenging. Along with raising the number of novel attacks, many types of countermeasures have taken place to stop them. One of the most efficient methods to stop network attacks is using IDS/IPS Systems. The ultimate goal of an IDPS system is to stop security attacks before they have been carried successfully. This paper proposed an efficient network-based IDPS System which takes multiple counteractions against network attacks. The proposed system's first reaction after detecting malicious packets is to generate an alert and log them; if the number of packets goes beyond threshold limit in one second, the second counteraction takes place to block the attackers IP address through firewall. Finally, if the system fails to block these packets, the third counteraction takes place to remotely stop the corresponding service. In this case the system prevents an attack from being successfully carried.

[1]  Baoliang Wang,et al.  Design and implementation of Linux firewall based on the frame of Netfilter/IPtable , 2016, 2016 11th International Conference on Computer Science & Education (ICCSE).

[2]  Corbin Del Carlo Intrusion detection evasion: How Attackers get past the burglar alarm , 2003 .

[3]  Raouf Boutaba,et al.  Policy-Based Security Configuration Management, Application to Intrusion Detection and Prevention , 2009, 2009 IEEE International Conference on Communications.

[4]  Parikshit Godbole,et al.  Hardware implementation of key functionalities of NIPS for high speed network , 2015, 2015 International Conference on Computing and Network Communications (CoCoNet).

[5]  Umesh Hodeghatta Rao,et al.  The InfoSec Handbook , 2014, Apress.

[6]  D. Mudzingwa,et al.  A study of methodologies used in intrusion detection and prevention systems (IDPS) , 2012, 2012 Proceedings of IEEE Southeastcon.

[7]  Naruemon Wattanapongsakorn,et al.  A Network-Based Internet Worm Intrusion Detection and Prevention System , 2013, 2013 International Conference on IT Convergence and Security (ICITCS).

[8]  Umesh Hodeghatta Rao,et al.  The InfoSec Handbook: An Introduction to Information Security , 2014 .

[9]  Michael Rash Linux firewalls , 2007 .

[10]  Klaus Wehrle,et al.  The Linux networking architecture : design and implementation of network protocols in the Linux kernel , 2005 .

[11]  Albert Sagala Automatic SNORT IDS rule generation based on honeypot log , 2015, 2015 7th International Conference on Information Technology and Electrical Engineering (ICITEE).