Implementation of Intrusion Detection System using Snort

  • Hamed Hilal Al Ghafri
  • Zaheera Zainal Abidin Universiti Teknikal Malaysia Melaka
  • Kamil Kurbonov
  • Robiah Yusof

Abstract

Intrusion Detection System (IDS) is a vital network security tool for protecting the network systems that consists of software and hardware to monitor all the inbound and outbound network and system activities for malicious activities in the network traffic. The purpose of IDS is to assists the network administrator or the system by sending alerts and notifications when there are possible incidents, which violations of computer security policies exist. However, IDS causes a false alarm when attacker perform modifications at the rules settings. Therefore, this study performs experiment to detect anomaly incident and intruder in the network system. The implementation on snort development is provided and testing is executed in order to prove that snort capable to detect intruder. The findings showed that anomaly user can be detected based on port scanning, telnet to port to detect the unusual traffic and monitoring using NMAP to identify abnormal activities. As a result, the impact of Snort could bring an alternative solution on network monitoring in terms of continuous detection on unusual traffic movements, cost effective since Snort is an open source product and it can be customized to suit with the network environment.

Published
2019-05-27
How to Cite
Al Ghafri, H. H., Zainal Abidin, Z., Kurbonov, K., & Yusof, R. (2019). Implementation of Intrusion Detection System using Snort. Journal of Advanced Computing Technology and Application (JACTA), 1(1), 9-16. Retrieved from https://jacta.utem.edu.my/jacta/article/view/5266
Issue
Vol 1 No 1 (2019)
Section
Articles

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a copyright form (JACTA) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).