Intrusion Detection System

Download as pdf or txt
Download as pdf or txt
You are on page 1of 22

lO M oARcPSD| 25002933

Program name and code: CO6I Academic Year: 2023-2024

Course name and code: NIS (22620) Semester: 6th

A PROJECT REPORT ON

INTRUSION DETECTION SYSTEM

Sr NO. Name of Students Seat No. Roll No. Enrollment No.

1) Rajnandeeni Rajendra Patil 481027 3112 2114320053

2) Sanika Shriram Patil 481034 3114 2114320061

3) Anurag Vijay Pawar 481036 3116 2114320039

4) Firdos Faridkhan Pathan 481030 3148 2114320057

5) Farina Faridkhan Pathan 481031 3149 2114320058

Submitted on / /2024 by the group of 5 students


Under the guided by
Prof. S. N. Patil sir
Third year Diploma in Computer Engineering & Technology of
Maharashtra State Board of Technical Education, Mumbai (Autonomous)
ISO 9001:2008 (ISO/IEC-27001:2013)
At 1432 GOVERNMENT POLYTECHNIC NANDURBAR.

MAHARASHTRA STATE BOARD O TECNICAL EDUCATION BOARD


lO M oARcPSD| 25002933

Certificate
This is to certify that, Rajnandeeni Patil, Sanika Patil, Anurag Pawar, Farina
Pathan, Firdos Pathan of Sixth Semester of Computer Engineering Diploma Program
at (1432) GOVERNMENT POLYTECHNIC NANDURBAR, has completed the
satisfactorily in Subject ETI(22620 ) in the academic year 2023 - 2024 as prescribed in the
MSBTE curriculum of I Scheme.

Place: NANDURBAR

Date:

Enrolment No:
1) 2114320053
2) 2114320061
3) 2114320039
4) 2114320058
5) 2114320059

Project Guide :- Head of Department:-


Principal:-

S. N. Patil Sir S.B.Thakre Sir


S.B.Wesley Sir
lO M oARcPSD| 25002933

Project Guide :- Head of Department:- Principal:-

S. N. Patil Sir S.B.Thakre Sir S.B.Wesley Sir

2
lO M oARcPSD| 25002933

INDEX

Sr.No Content Page No

1 Abstract 4

2 Introduction 5

3 Method 7

4 Proposed System 11

5 Experimental Result 14

6 Conclusion 17

7 Weekly Progress Report 18

8 Annexure II 19

3
lO M oARcPSD| 25002933

ABSTRACT

Intrusion Detection System (IDS) defined as a Device or software application which monitors the

network or system activities and finds if there is any malicious activity occur. Outstanding growth and usage

of internet raises concerns about how to communicate and protect the digital information safely. In today's

world hackers use different types of attacks for getting the valuable information. Many of the intrusion

detection techniques, methods and algorithms help to detect those several attacks. The main objective of

this paper is to provide a complete study about the intrusion detection, types of intrusion detection methods,

types of attacks, different tools and techniques, research needs, challenges and finally develop the IDS

Tool for Research Purpose That tool are capable of detect and prevent the intrusion from the intruder
lO M oARcPSD| 25002933

Introduction To Network security

Network security refers to the set of measures designed to protect the integrity, confidentiality, and

availability of computer networks and the data transmitted over them. Here's a detailed explanation:

1. Access Control : Network security begins with controlling who can access the network and its

resources. This involves user authentication mechanisms like passwords, biometrics, and multi-factor

authentication.

2..Firewalls: Firewalls act as a barrier between an internal network and external networks (like the

internet), filtering incoming and outgoing traffic based on predetermined security rules. They can be

hardware-based or software-based.

3. *Intrusion Detection Systems (IDS)*: IDS monitor network traffic for suspicious activity or known

attack patterns. They can be either signature-based (looking for known attack patterns) or anomaly-based

(detecting deviations from normal behavior).

4. *Encryption*: Encryption ensures that data transmitted over the network is unreadable to

unauthorized users. It's used to protect sensitive information such as passwords, financial transactions,

and corporate data. Protocols like SSL/TLS are commonly used for securing web traffic.

5. *Virtual Private Networks (VPN)*: VPNs create a secure, encrypted connection over a less secure

network, such as the internet. They're commonly used to provide remote access to corporate networks or

to encrypt traffic between branch offices.

6. *Antivirus/Anti-malware Software*: These programs detect and remove malicious software

(malware) such as viruses, worms, and Trojans from computers and networks.
lO M oARcPSD| 25002933

7. *Patch Management*: Keeping network devices and software up to date with the latest security

patches is essential for protecting against known vulnerabilities. Patch management systems automate the

process of deploying patches across the network.

8. *Security Auditing and Logging*: Regular security audits and logging of network activities help

identify security weaknesses, track potential security incidents, and ensure compliance with security

policies and regulations.

9. *Security Policies and Training*: Establishing clear security policies and providing regular training

to employees on security best practices are crucial for maintaining network security. This includes

guidelines for password management, data handling, and incident response procedures.

10. *Physical Security*: Physical security measures such as locked server rooms, access control

systems, and surveillance cameras help prevent unauthorized access to network infrastructure.

11. *Backup and Disaster Recovery*: Regular backups of critical data and the implementation of

disaster recovery plans ensure that data can be restored in the event of a security breach or other

catastrophic event.

12. *Network Segmentation*: Dividing the network into smaller, isolated segments using techniques

like VLANs (Virtual Local Area Networks) or subnetting helps contain security breaches and limit the spread

of malware or unauthorized access.

By implementing a combination of these measures, organizations can establish robust network

security defenses to protect their valuable assets from cyber threats.


lO M oARcPSD| 25002933

Need Of Network security

The need for network security arises from the increasing reliance on computer networks for

communication, collaboration, and data exchange. Here's a detailed explanation of why network security

is essential:

1. *Protection of Sensitive Data*: Organizations store vast amounts of sensitive data, including

financial records, customer information, intellectual property, and proprietary business data. Network

security measures such as encryption, access controls, and firewalls help safeguard this data from

unauthorized access, theft, or manipulation.

2. *Prevention of Data Breaches*: Data breaches can have severe financial and reputational

consequences for organizations. Network security controls help prevent unauthorized access to networks

and systems, reducing the risk of data breaches caused by hackers, malware, or insider threats.

3. *Compliance Requirements*: Many industries are subject to regulatory requirements and standards

related to data protection and privacy, such as GDPR, HIPAA, PCI DSS, and SOX. Implementing robust

network security measures helps organizations comply with these regulations and avoid costly penalties

and legal liabilities.

4. *Protection Against Cyber Attacks*: Cyber attacks continue to evolve in sophistication and

frequency, posing a significant threat to organizations of all sizes. Network security solutions such as

intrusion detection systems, antivirus software, and security patches help detect and mitigate cyber threats,

including malware, ransomware, phishing attacks, and DDoS attacks.

5. *Maintaining Business Continuity*: Network security plays a crucial role in ensuring the continuous

operation of business-critical systems and services. By protecting networks from cyber threats and

implementing disaster recovery plans, organizations can minimize downtime and maintain business

continuity in the event of a security incident or natural disaster.

6. *Preservation of Reputation and Trust*: A data breach or security incident can damage an
lO M oARcPSD| 25002933

organization's reputation and erode customer trust. By investing in robust network security measures,

organizations demonstrate their commitment to protecting customer data and maintaining trust with

stakeholders.

7. *Prevention of Intellectual Property Theft*: Intellectual property (IP) theft can have significant

economic consequences for businesses, leading to loss of competitive advantage and revenue. Network

security measures help prevent unauthorized access to proprietary information, trade secrets, and other

valuable IP assets.

8. *Protection of Critical Infrastructure*: Critical infrastructure sectors such as energy, transportation,

and healthcare rely heavily on interconnected networks to deliver essential services. Securing these

networks against cyber threats is essential for safeguarding public safety, national security, and economic

stability.

9. *Support for Remote Workforce*: The proliferation of remote work has expanded the attack surface

for cyber threats, as employees access corporate networks and data from various locations and devices.

Network security solutions like VPNs, multi-factor authentication, and endpoint security help secure remote

connections and protect sensitive information.

10. *Prevention of Financial Loss*: Cyber attacks can result in direct financial losses through theft of

funds, extortion payments, or fraudulent transactions. Additionally, organizations may incur indirect costs

related to remediation efforts, legal fees, and loss of productivity. Network security helps mitigate these

financial risks by preventing security incidents and minimizing their impact.

Overall, network security is critical for protecting organizations against a wide range of cyber threats,

preserving data confidentiality and integrity, ensuring regulatory compliance, maintaining business

continuity, and safeguarding reputation and trust.


lO M oARcPSD| 25002933

INTRODUCTION TO IDS

In today’s world internet security has become a challenge or organisations. To protect credential

data from the intruders. In process of safeguarding the data Web Firewalls, encryption, authentication

and Virtual Private Networks (VPN) have been deployed since a long time to secure the network

infrastructure and communication over the internet. Intrusion detection is a relatively new addition to

set of security technologies. IDS is an evolution which enhance the network security and

safeguarding the data of the organisation. The IDS helps the network administrator to detect any

malicious activity on the network and alerts the administrator to get the data secured by taking the

appropriate actions against those attacks. An intrusion refers to any unauthorized access or malicious

utilization of information resources. An intruder or an attacker is a real world entity that tries to

find a means to gain unauthorized access to information, causes harm or engage in other malicious

activities. The Intrusion detection system is about the firewall security.


lO M oARcPSD| 25002933

The firewall protects an organization from the malicious attacks from the Internet and the IDS

detects if someone tries to access in through the firewall or manages to break in the firewall security

and tries to have an access on any system in the organization and alerts the system administrator if

there is an undesired activity in the firewall. Therefore, an Intrusion detection system (IDS) is a security

system that monitors network traffic and computer systems and works to analyse that traffic for

possible hostile attacks originating from outside the organization and also for misuse of system or

attacks originating from inside the organization

Working To IDS
lO M oARcPSD| 25002933

An IDS only needs to detect potential threats. It is placed out of band on the network infrastructure.

Consequently, it is not in the real-time communication path between the sender and receiver of

information.

IDS solutions often take advantage of a TAP or SPAN port to analyze a copy of the inline traffic stream.

This ensures that the IDS does not impact inline network performance.

When IDS was developed, the depth of analysis required to detect intrusion could not be performed

quickly enough. The speed would not keep pace with components on the direct communications path

of the network infrastructure.

Network intrusion detection systems are used to detect suspicious activity to catch hackers before

damage is done to the network. There are network-based and host-based intrusion detection systems.

Host-based IDSes are installed on client computers; network-based IDSes are on the network itself.

An IDS works by looking for deviations from normal activity and known attack signatures. Anomalous

patterns are sent up the stack and examined at protocol and application layers. It can detect events like

DNS poisonings, malformed information packets and Christmas tree scans.

Types of IDS Detection

There are five types of IDS: network-based, host-based, protocol-based, application protocol-based

and hybrid.

The two most common types of IDS are:

1. Network-based intrusion detection system (NIDS)

A network IDS monitors a complete protected network. It is deployed across the infrastructure at

strategic points, such as the most vulnerable subnets. The NIDS monitors all traffic flowing to and from

devices on the network, making determinations based on packet contents and metadata.
lO M oARcPSD| 25002933

2. Host-based intrusion detection system (HIDS)

A host-based IDS monitors the computer infrastructure on which it is installed. In other words, it is

deployed on a specific endpoint to protect it against internal and external threats. The IDS accomplishes

this by analyzing traffic, logging malicious activity and notifying designated authorities.

The remaining three types can be described as such:

3. Protocol-based (PIDS)

A protocol-based intrusion detection system is usually installed on a web server. It monitors and analyses

the protocol between a user/device and the server. A PIDS normally sits at the front end of a server and

monitors the behavior and state of the protocol.

4. Application protocol-based (APIDS)

An APIDS is a system or agent that usually sits inside the server party. It tracks and interprets

correspondence on application-specific protocols. For example, this would monitor the SQL protocol to

the middleware while transacting with the web server.

5. Hybrid intrusion detection system

A hybrid intrusion detection system combines two or more intrusion detection approaches. Using this system,

system or host agent data combined with network information for a comprehensive view of the system. The hybrid

intrusion detection system is more powerful compared to other systems. One example of Hybrid IDS is Prelude.
lO M oARcPSD| 25002933
lO M oARcPSD| 25002933

Uses of IDS

1. Monitoring the performance of key firewalls, files, routers, and servers to detect, prevent, and

recover from cyberattacks

2. Enabling system administrators to organize and understand their relevant operating system audit

trails and logs that are often difficult to manage and track

3. Providing an easy-to-use interface that allows staff who are not security experts to help with the

management of an organization’s systems

4. Providing an extensive database of attack signatures that can be used to match and detect known

threats

5. Providing a quick and effective reporting system when anomalous or malicious activity occurs,

which enables the threat to be passed up the stack

6. Generating alarms that notify the necessary individuals, such as system administrators and security

teams, when a breach occurs

7. In some cases, reacting to potentially malicious actors by blocking them and their access to the

server or network to prevent them from carrying out any further action
lO M oARcPSD| 25002933

Benefits of Intrusion Detection Systems


1. Understanding risk: An IDS tool helps businesses understand the number of attacks being targeted

at them and the type and level of sophistication of risks they face.

2. Shaping security strategy: Understanding risk is crucial to establishing and evolving a

comprehensive cybersecurity strategy that can stand up to the modern threat landscape. An IDS can

also be used to identify bugs and potential flaws in organizations’ devices and networks, then assess

and adapt their defenses to address the risks they may face in the future.

3. Regulatory compliance: Organizations now face an ever-evolving list of increasingly stringent

regulations that they must comply with. An IDS tool provides them with visibility on what is

happening across their networks, which eases the process of meeting these regulations. The

information it gathers and saves in its logs is also vital for businesses to document that they are

meeting their compliance requirements.

4. Faster response times: The immediate alerts that IDS solutions initiate allow organizations to

discover and prevent attackers more quickly than they would through manual monitoring of their

networks. The sensors that an IDS uses can also inspect data in network packets and operating

systems, which is also faster than manually collecting this information.


lO M oARcPSD| 25002933
lO M oARcPSD| 25002933

ANNEXURE-II
Evaluation Sheet for the Micro Project (Teachers copy)

Acade
mic Year:- Name of Guider: S. N. Patil mam
2023-2024

Sem :-six Program Name: Computer Engg.

Subject

Name: NIS Subject Code: 22620

1) Rajnandeeni Rajendra Patil


Name of
Students:- 2) Sanika Shriram Patil

3)Anurag Vijay Pawar 4)Firdos

Faridkhan Pathan

5)Farina Faridkhan Pathan

Title Intrusion Detection System


of
the
lO M oARcPSD| 25002933

Pro
jec
t:-
lO M oARcPSD| 25002933

Weekly Work / Progress Report


Details of 16 Engagement Hours of the Student
Regarding Completion of the Project
Week Date Timing Work Or Activity Sign
No. Performed Of
The
Guide

From To Duration In
Hours
1 9/1/24 2:00 5:00 3 Discussion and Finalization of
the Project Title

2 16/1/24 2:00 3:00 1 Preparation and submission of


Abstract

3 23/1/24 2:00 3:00 1 Literature review

4 30/1/24 2:00 5:00 3 Collection of Data

5 6/2/24 2:00 3:00 1 Sorting of Data

6 13/2/24 2:00 3:00 1 Discussion and Outline of


contents

7 20/2/24 2:00 5:00 3 Rough Writing of the Projects


Content

8 5/3/24 2:00 3:00 1 Editing and Proof Reading of


the contents

9 19/3/24 2:00 3:00 1 Final completion of the


project

10 3/3/24 2:00 3:00 1 Seminar Presentation, viva-


vice, Assessment and
Submission of Report
lO M oARcPSD| 25002933

Comment/Suggestions about team


Work/leadership/interview personal Communication
+ All the team members were co-operative and helped
Each other. The team members gave full support.
Rather, there were no any miss-understanding among
Any of any of the team members
Roll Student Marks out of Marks out of 4 Total Remark
No. 6 for for performance
StudentName in oral/
performance
presentation
in activities

3112
Rajnandeeni Patil

3150
Sanika Patil

3142
Anurag Pawar

3148 Firdos Pathnan

3148 Farina Pathan


lO M oARcPSD| 25002933

You might also like