Real Time Packet in Network Intrusion Detection System Filtering Module

International Journal of Computer Trends and Technology (IJCTT)          
© 2019 by IJCTT Journal
Volume-67 Issue-4
Year of Publication : 2019
Authors : Kamaljeet Singh, Umesh Sehgal
DOI :  10.14445/22312803/IJCTT-V67I4P115


MLA Style:Kamaljeet Singh, Umesh Sehgal"Real Time Packet in Network Intrusion Detection System Filtering Module" International Journal of Computer Trends and Technology 67.4 (2019): 67-73.

APA Style:Kamaljeet Singh, Umesh Sehgal (2019). Real Time Packet in Network Intrusion Detection System Filtering Module. International Journal of Computer Trends and Technology, 67(4), 67-73.

Computer networks bring us not only the benefits, such as more computing power and better performance for a given price, but also some challenges and risks, especially in the field of system security. During the past two decades, significant effort has been put into network security research and several techniques have been developed for building secure networks. Packet filtering plays an important role in many security-related techniques, such as intrusion detection, access control and firewall. A packet-filtering system constitutes the first line of defense in a computer network environment. The key issues in the packet-filtering technique are efficiency and flexibility. The efficiency refers to the ability of a filter to quickly capture network packets of interest, while the flexibility means the filter can be customized easily for different packet patterns. In this paper, we present a real-time packet-filtering module, which can be integrated into a large-scale network intrusion detection system. The core of this packet-filtering module is a rule-based specification language ASL (Auditing Specification Language), which is used in describing the packet patterns and reactions for a network intrusion detection system. The important features of ASL that are not provided by other packet-filtering systems are protocol independence and type safety. ASL provides a number of new features that distinguish it from other languages used for intrusion detection and packet filtering, such as packet structure description and protocol constraint checking. We develop the algorithms and heuristics for constructing fast packet filter from ASL specifications. Our algorithms improve upon existing techniques in that the performance of the generated filters is insensitive to the number of rules. We discuss implementation of these algorithms and present experimental results

[1] Larry J. Hughes, Jr. Actually Useful Internet Security Techniques, New Riders Publishing, Indianapolis, IN, 1995.
[2] R.Heady, G. Luger, A. Maccabe, and B. Mukherjee. A Method To Detect Intrusive Activity in a Networked Environment. In Proceedings of the 14th National Computer Security Conference, pages 362-371, October 1991.
[3] Abdelaziz Monnji. Languages and Tools for Rule-Based Distributed Intrusion Detection, PhD thesis, Facultes Universitaires, Notre-Dame de la Paix, Belgium, September 1997.
[4] W. R. Stevens. TCP/IP Illustrated Vol. 1 – The Protocols, Addison-Wesley Publishing Company, Inc. Reading, MA, 1994.
[5] S.M.Bellovin. Security Problems in the TCP/IP Protocol Suite, Computer Communications Review, Vol. 19, No. 2, pp. 32-48, April 1989.
[6] Morris R. A Weakness in the 4.2 BSD UNIX TCP/IP Software, Computer Science Technical Report No 117, AT&T Bell Laboratories, Murray Hill, NJ, 1985.
[7] CERT. TCP SYN Flooding and IP Spoofing Attacks, Carnegie Mellon University, Pittsburgh, PA, September 1996
[8] C.Cobb and S. Cobb. Denial of Service, Secure Computing, pp.58-60, July 1997.
[9] C.L.Schuba, I.V. Krsul, Makus G. Kuhn, E.H. Spafford, A. Sundaram, D. Zamboni. Analysis of a Denial of Service Attack on TCP, Purdue University, West Lafayette, IN, 1996.
[10] S.Dash. Integration of DNSSEC (key-server) with Ssh Application, MS thesis, Iowa State University, Ames, IA, 1997.
[11] W.R.Stevens. UNIX Network Programming Vol. 1 – Network APIs: Sockets and XTI, Second Edition, Prentice Hall PTR, Upper Saddle River, NJ, 1998.
[12] Vern Paxson. Bro: A System for Detecting Network Intruders in Real-Time, Lawrence Berkeley National Laboratory, Berkeley, CA, 1998.
[13] R.C.Sekar, R. Ramesh, I. V. Ramakrishnan. Adaptive Pattern Matching, Bellcore, Morristown, NJ, 1993.
[14] Steven McCanne, Van Jacobson. The BSD Packet Filter: A New Architecture for User-level Packet Capture, Lawrence Berkeley Laboratory, Berkeley, CA, 1992.
[15] Biswanath Mukherjee, L. Todd Heberlein, Karl N. Levitt. Network Intrusion Detection, IEEE Network, pp.26-41, May/June 1994.
[16] Frederick B. Cohen. A Node on Distributed Coordinated Attacks, Computer & Security, pp.103-121, v15, 1996.
[17] Steven Cheung, Karl N. Levitt. Protecting Routing Infrastructures from Denial of Service Using Cooperative Intrusion Detection, University of California, Davis, CA, 1997.
[18] Christoph L. Schuba. Addressing Weakness in the Domain Name System Protocol, COAST Laboratory, Purdue University, West Lafayette, IN, 1993
[19] Eugene H. Spafford. The Internet Worm Incident, Technical Report CSD-TR-993, Purdue University, West Lafayette, IN, September 19, 1991

Sensor Sniffing Tools,NF2 with METLAB filtering .