Printable Version in Adobe Acrobat (.pdf) format
| Printable Version in Adobe Acrobat (.pdf) format |
Students:
Hwanho Kim Graduate, Information Technology and Management
Faculty:
Bill Lidinsky, Alva C. Todd Professor and Assistant Director of Information
Technology and Management
Project:
"Apply existing technology to solve a real-life problem" for the System and Network
Security class. This project entailed selecting, configuring and integrating
an Intrusion Detection System that could monitor the events in Rice Campus network
and analyze them for signs of security problems.
Outcome:
Hwanho Kim innovated an Intrusion Detection System that uses both anomaly and
misuse detection. The Anomaly detects statistical irregularity and offers
the advantage of detecting previously unknown attacks and misuse. It also
detects the well-known pattern of attacks and focuses on signature recognition
systems that audit data, while offering the advantage of producing few false
positives. The system used in this project is based on the new Snort 2.0,
combined with Analysis Console for Intrusion Databases (ACID), Apache, MySQL,
and supporting languages and tools.
The IDS system uses Snort, a well known IDS system capable of performing real-time lightweight network analysis and packet logging on IP networks. It performs protocol analysis and content searching/matching. It can also be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. The system is currently in use at the Rice Campus and has detected several intrusions.