Performance Optimization of Layered Signature Based Intrusion Detection System Using Snort

Firoz, Noor Farjana; Arefin, Md. Taslim; Uddin, Md. Raihan

doi:10.1007/978-3-030-52856-0_2

Noor Farjana Firoz¹⁸,
Md. Taslim Arefin¹⁸ &
Md. Raihan Uddin¹⁸

Part of the book series: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ((LNICST,volume 325))

Included in the following conference series:

International Conference on Cyber Security and Computer Science

1227 Accesses
2 Citations

Abstract

Intrusion Detection System (IDS) is used to protect a system or a computer network from different kinds of anomaly attacks. Different detection techniques have been discussed on network-based IDS. The study has been done on the operational procedures of network based open source IDS tool Snort based intrusion detection system, which can read every incoming or outgoing packet through a network and alert the admin accordingly. In this paper, Different types of IDS are compared and criticized which explores the vulnerability of the system. To check every packet, Snort uses a central database system of signature. A layered database system has been proposed to upgrade system performance. An analytical operation has been conveyed on the proposed solution and compared with the existing standard system. After applying the proposed solution the number of packets analyzed rate has been increasing remarkably from 86% to 98%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 119.00; Price excludes VAT (USA)

Softcover Book: USD 159.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Gigatux. Chapter-5-Section-3. http://books.gigatux.nl/mirror/snortids/0596006616/snortids-CHP-5-SECT-3.html. Accessed Apr 2019
Uddin, M., Rahman, A.A.: Dynamic multi-layer signature-based intrusion detection system using mobile agents. arXiv preprint arXiv:1010.5036 (2010)
Bronte, R. N.: A framework for hybrid intrusion detection systems (2016)
Google Scholar
Uddin, M., Rahman, A.A., Uddin, N., Memon, J., Alsaqour, R.A., Kazi, S.: Signature base multilayer IDS sytem using mobile agent. Int. J. Netw. Secur. 15(1), 79–87 (2013)
Google Scholar
Uddin, M., Rahman, A.A., Uddin, N., Memon, J., Alsaqour, R.A., Kazi, S.: Signature-based multi-layer distributed intrusion detection system using mobile agents. Int. J. Netw. Secur. 15(2), 97–105 (2013)
Google Scholar
Cepheli, Ö., Büyükçorak, S., Karabulut Kurt, G.: Hybrid intrusion detection system for DDoS attacks. J. Electr. Comput. Eng. 2016 (2016). 8 pages
Google Scholar
“Snort Resource Page" Cited on April, 2019. https://www.adrew.cmu.edu/user/rdanyliw/snort. Accessed 20 Oct 2019
Singh, A.P., Singh, M.D.: Analysis of host-based and network-based in-trusion detection system. Int. J. Comput. Netw. Inf. Secur. 8, 41–47 (2014)
Google Scholar
Koziol, J.: Intrusion Detection with Snort. Sams Publishing, Indianapolis (2003)
Google Scholar
Cox, K.J., Gerg, C.: Managing Security with Snort & IDS Tools: Intrusion Detection with Open Source Tools. O’Reilly Media Inc., Sebastapol (2004)
Google Scholar
Mazerik, R.: ICMP attacks in web servers: Infosec Institute web resource USA. https://resources.infosecinstitute.com/icmp-attacks/?cv=1. Accessed 23 Oct 2019
Greene, B. R., Smith, P.: Cisco ISP essentials. Cisco Press. https://resources.infosecinstitute.com/icmp-attacks/?cv=1. Accessed 23 Oct 2019
Ajeena, R.K.K., Yaqoob, S.J.: The integer sub-decomposition method to improve the elliptic ElGamal digital signature algorithm. In: 2017 International Conference on Current Research in Computer Science and Information Technology (ICCIT), pp. 14–20. IEEE (2017)
Google Scholar
Baldi, M., et al.: Design and implementation of a digital signature scheme based on low-density generator matrix codes. arXiv preprint arXiv:1807.06127 (2018)
Gaddam, R., Nandhini, M.: An analysis of various snort based techniques to detect and prevent intrusions in networks proposal with code refactoring snort tool in Kali Linux environment. In: 2017 International Conference on Inventive Communication and Computational Technologies (ICICCT), pp. 10–15. IEEE (2017)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of ETE, Daffodil International University, Dhaka, 1207, Bangladesh
Noor Farjana Firoz, Md. Taslim Arefin & Md. Raihan Uddin

Authors

Noor Farjana Firoz
View author publications
You can also search for this author in PubMed Google Scholar
Md. Taslim Arefin
View author publications
You can also search for this author in PubMed Google Scholar
Md. Raihan Uddin
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Md. Taslim Arefin .

Editor information

Editors and Affiliations

Daffodil International University, Dhaka, Bangladesh
Touhid Bhuiyan
Daffodil International University, Dhaka, Bangladesh
Md. Mostafijur Rahman
Daffodil International University, Dhaka, Bangladesh
Md. Asraf Ali

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Firoz, N.F., Arefin, M.T., Uddin, M.R. (2020). Performance Optimization of Layered Signature Based Intrusion Detection System Using Snort. In: Bhuiyan, T., Rahman, M.M., Ali, M.A. (eds) Cyber Security and Computer Science. ICONCS 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 325. Springer, Cham. https://doi.org/10.1007/978-3-030-52856-0_2

Download citation

DOI: https://doi.org/10.1007/978-3-030-52856-0_2
Published: 30 July 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-52855-3
Online ISBN: 978-3-030-52856-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics