SNIPER
Scalable Network Intrusion Detection and Prevention
System for Enterprise NetwoRks
Introduction
Explosive growth of the Internet and the e-commerce has been accompanied by the increasing no of cyber attacks. This scenario has been strengthened by the inherent insecure nature of the core Internet protocols, lack of computer security concerns amongst the programmers and the masses. This is evident by the ever-increasing number of the exploits and viruses listed on the Internet. Computer attacks trends have been really challenging for the Internet because the computer attacks are becoming easy to perpetrate.
In the world of e-commerce, security of online assets have become the matter
for life and death for the companies . The flaws in the computers and networks
can be roughly divided into two types ,based on their source
1. flaws in the protocols.
2. vulnerabilities in the software.
Even the combination of the above two sources can be combined to cause an attack making the situation much more aggravated. One manifestation of this fact is the recent incidents of Denial of Service (DoS) which have really throttled the Internet industry. . Although a lot of research has gone into the fields of encryption, PKI and digital signatures etc. but the networks and the computers remain vulnerable as before. To counter these vulnerabilities every layer of networks must be secured with the solutions which can analyze the network traffic and the system calls proactively and effectively. But this proactive and the effective analysis of the data requires special mechanisms of data acqusition and analysis.
Keeping these things in mind I and my syndicate decided to work on an Intrusion Detection and Prevention System for our Final Year Project. This system was later named SNIPER
Requirement Analysis
The field of intrusion
detection dates back to 1980s but the most of the current network intrusion
detection systems are not fully fit for enterprise wide scaling and deployment.
Most of the current intrusion detection system are unable to handle high speed
network traffic. Further the network bandwidths are increasing at a very
fast rate as compared to the processing power. Even the IDS which are able
to handle the present speed of the networks in an enterprise may not be able
to cope with the future upgrades in the network.
To supplement this problem the Intrusion Detection and the Data Mining analysis
requirements are increasing day by day. So as a result the enterprises have
to opt for different solutions for different scenarios. The multiple solutions
for different scenarios creates a lot of problems in the management of these
solutions. These problems include the increase in the human resource requirements
and the interaction between the effects of analysis of these solutions. Owing
to these problems enterprises need a centralized management solution, which
is able to incorporate the analysis results of the multiple data mining and
security solutions.
Further the intrusion detection system should be able to handle different traffic
and different scenarios with least amount of change required. Further it should
be upgradeable online to handle new traffic analysis requirements. Needless
to say, intrusion detection should be in real time and the detection capability
must be robust.
To sum up an ideal Intrusion Detection system should be able to perform different
sort of analysis, handle high speed network traffic, able to incorporate the
results of multiple security analyzers, facilitate centralized management and
many more .
Keeping in view, the requirements of the network security of an enterprise
we propose a distributed, scalable, multiple sensor, hybrid intrusion detection
solution named SNIPER-Scalable Network Intrusion detection and Prevention system
for enterPrise nEtwoRks.
SNIPER Design and Implementation
SNIPER is a distributed hierarchical intrusion detection
system with some counter methods and techniques. The main components of the
SNIPER are as follows:
1. Anomaly Detection System (ADS).
2. Misuse Detection System (MDS).
3. System Management Console
4. Remote Management System
5. Response System
6. Host based Security System (HBS).
The details of SNIPER are a restricted peoperty of my team. So i am not giving much technical details here, The architecture of SNIPER is here.
Achievements
SNIPER made it to the second last round of IEEE CSIDC Competition. The project was presented under the name "Omni Secure", A system that can secure every type of network. We beat many teams from all over the world to make it to the second last round but unfortunately could not qualify for the final round.
SNIPER won the ACM Bahria Bits Bytes and Colors Competition 2004
SNIPER made it to the final top 6 round of Sofec 2004.
