Network Node Intrusion Detection System

number: 
1908
English
department: 
Degree: 
Author: 
Suleiman Sa'adon Fawzy
Supervisor: 
Dr. Abeer M. Yousif
year: 
2008

Computer network technologies have grown rapidly in the last few decades. With the increased use of networked computers for critical applications, computer intrusions have been increased and became a significant threat to these systems and, thus Intrusion Detection Systems (IDS) have become essential addition to security infrastructure of most organizations.This thesis presents the design and plementation of a Network Node Intrusion Detection System (NNIDS) that support IPv4 protocol. The name of the proposed system is chosen to be FMS (the acronym for File Monitoring System). It detects a variety of attacks which are directed to the resources of filing system. The implied detection rules are based on matching the predefined normal behaviour of the system with the characteristics of the detected users' events.The primary constituting system modules are: logging module which defines the users allowed to access shared resources; sniffing module that captures and decodes packets and generates a list of events; detection module that analyzes the list of events and determines the suspicious activity; and alarming module that generates alarm messages to the Administrator in case of attacks.The system has been evaluated according to three factors accuracy, time, and memory consumption. Several simulated attacks have been sent to the proposed system to test it. Test shows that most of the attacks of the filing system can be detected with acceptable ratios of false positive and false negative values.