Network Denial of Service Defense System (nDos)

Denial of Service attack is widely spread within virtual world as a malicious act that could give a huge impact in terms of the system performance and financial aspect. Network Denial of Service Defense System is an extension of intrusion detection system which incorporated with detection and pre...

Full description

Saved in:
Bibliographic Details
Main Author: Zulkifli, Muhd.
Format: Final Year Project
Language:English
Published: Universiti Teknologi PETRONAS 2007
Subjects:
Online Access:http://utpedia.utp.edu.my/9842/1/2007%20Bachelor%20-%20Network%20Denial%20Of%20Service%20Defense%20System.pdf
http://utpedia.utp.edu.my/9842/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Denial of Service attack is widely spread within virtual world as a malicious act that could give a huge impact in terms of the system performance and financial aspect. Network Denial of Service Defense System is an extension of intrusion detection system which incorporated with detection and prevention ~.<apabilitie&; The ar~<hite~.<ture of nDos is based on NIPS where it is place inline on the network statefully analyzing packet content and block certain packets that match a signature and alert on others. A NIPS protection is based on the content of packets. The system loads a large array of signatures. These signatures take the form of a string of data characteristic of some particular type of attack. When a data packet enters the network, the IDS!IPS examines that data against its database of signatures. If the data match, then the IDS/IPS takes appropriate action. In the case of an IDS, the intrusion attempt will be logged, whereas, in the case of an IPS, the system can drop the data packet, or even sever the offending machine's connection. Ndos provide web interface for data retrieval and manipulation. The front;end of the system is based on PHP/MySQL hence it could provide statistical analysis for managerial point of view. The back-end of nDos is using snort_inline as detection engine and iptables firewall for traffic prevention mechanism. Once an attack being launch nDos will logged the incident based on rules and configuration and iptables or generic firewall need to determine the traffic state whether to accept or drop the connection. Predefined thresholds value is important for DoS attack where a lot of connections of traffic generated hence when exceed the value the detection engine could identify Stich an attack. nDos is targeted for educational purpose and small-medium size enterprise because of there is only commercial IPS solution available in the market. Portability and compatibility is an issue where for future recommendation Live CD features could be implemented to provide high compatibility without concern of the OS.