Intrusion Detection System
Intrusion Detection System
Intrusion Detection System
A PROJECT REPORT ON
Certificate
This is to certify that, Rajnandeeni Patil, Sanika Patil, Anurag Pawar, Farina
Pathan, Firdos Pathan of Sixth Semester of Computer Engineering Diploma Program
at (1432) GOVERNMENT POLYTECHNIC NANDURBAR, has completed the
satisfactorily in Subject ETI(22620 ) in the academic year 2023 - 2024 as prescribed in the
MSBTE curriculum of I Scheme.
Place: NANDURBAR
Date:
Enrolment No:
1) 2114320053
2) 2114320061
3) 2114320039
4) 2114320058
5) 2114320059
2
lO M oARcPSD| 25002933
INDEX
1 Abstract 4
2 Introduction 5
3 Method 7
4 Proposed System 11
5 Experimental Result 14
6 Conclusion 17
8 Annexure II 19
3
lO M oARcPSD| 25002933
ABSTRACT
Intrusion Detection System (IDS) defined as a Device or software application which monitors the
network or system activities and finds if there is any malicious activity occur. Outstanding growth and usage
of internet raises concerns about how to communicate and protect the digital information safely. In today's
world hackers use different types of attacks for getting the valuable information. Many of the intrusion
detection techniques, methods and algorithms help to detect those several attacks. The main objective of
this paper is to provide a complete study about the intrusion detection, types of intrusion detection methods,
types of attacks, different tools and techniques, research needs, challenges and finally develop the IDS
Tool for Research Purpose That tool are capable of detect and prevent the intrusion from the intruder
lO M oARcPSD| 25002933
Network security refers to the set of measures designed to protect the integrity, confidentiality, and
availability of computer networks and the data transmitted over them. Here's a detailed explanation:
1. Access Control : Network security begins with controlling who can access the network and its
resources. This involves user authentication mechanisms like passwords, biometrics, and multi-factor
authentication.
2..Firewalls: Firewalls act as a barrier between an internal network and external networks (like the
internet), filtering incoming and outgoing traffic based on predetermined security rules. They can be
hardware-based or software-based.
3. *Intrusion Detection Systems (IDS)*: IDS monitor network traffic for suspicious activity or known
attack patterns. They can be either signature-based (looking for known attack patterns) or anomaly-based
4. *Encryption*: Encryption ensures that data transmitted over the network is unreadable to
unauthorized users. It's used to protect sensitive information such as passwords, financial transactions,
and corporate data. Protocols like SSL/TLS are commonly used for securing web traffic.
5. *Virtual Private Networks (VPN)*: VPNs create a secure, encrypted connection over a less secure
network, such as the internet. They're commonly used to provide remote access to corporate networks or
(malware) such as viruses, worms, and Trojans from computers and networks.
lO M oARcPSD| 25002933
7. *Patch Management*: Keeping network devices and software up to date with the latest security
patches is essential for protecting against known vulnerabilities. Patch management systems automate the
8. *Security Auditing and Logging*: Regular security audits and logging of network activities help
identify security weaknesses, track potential security incidents, and ensure compliance with security
9. *Security Policies and Training*: Establishing clear security policies and providing regular training
to employees on security best practices are crucial for maintaining network security. This includes
guidelines for password management, data handling, and incident response procedures.
10. *Physical Security*: Physical security measures such as locked server rooms, access control
systems, and surveillance cameras help prevent unauthorized access to network infrastructure.
11. *Backup and Disaster Recovery*: Regular backups of critical data and the implementation of
disaster recovery plans ensure that data can be restored in the event of a security breach or other
catastrophic event.
12. *Network Segmentation*: Dividing the network into smaller, isolated segments using techniques
like VLANs (Virtual Local Area Networks) or subnetting helps contain security breaches and limit the spread
The need for network security arises from the increasing reliance on computer networks for
communication, collaboration, and data exchange. Here's a detailed explanation of why network security
is essential:
1. *Protection of Sensitive Data*: Organizations store vast amounts of sensitive data, including
financial records, customer information, intellectual property, and proprietary business data. Network
security measures such as encryption, access controls, and firewalls help safeguard this data from
2. *Prevention of Data Breaches*: Data breaches can have severe financial and reputational
consequences for organizations. Network security controls help prevent unauthorized access to networks
and systems, reducing the risk of data breaches caused by hackers, malware, or insider threats.
3. *Compliance Requirements*: Many industries are subject to regulatory requirements and standards
related to data protection and privacy, such as GDPR, HIPAA, PCI DSS, and SOX. Implementing robust
network security measures helps organizations comply with these regulations and avoid costly penalties
4. *Protection Against Cyber Attacks*: Cyber attacks continue to evolve in sophistication and
frequency, posing a significant threat to organizations of all sizes. Network security solutions such as
intrusion detection systems, antivirus software, and security patches help detect and mitigate cyber threats,
5. *Maintaining Business Continuity*: Network security plays a crucial role in ensuring the continuous
operation of business-critical systems and services. By protecting networks from cyber threats and
implementing disaster recovery plans, organizations can minimize downtime and maintain business
6. *Preservation of Reputation and Trust*: A data breach or security incident can damage an
lO M oARcPSD| 25002933
organization's reputation and erode customer trust. By investing in robust network security measures,
organizations demonstrate their commitment to protecting customer data and maintaining trust with
stakeholders.
7. *Prevention of Intellectual Property Theft*: Intellectual property (IP) theft can have significant
economic consequences for businesses, leading to loss of competitive advantage and revenue. Network
security measures help prevent unauthorized access to proprietary information, trade secrets, and other
valuable IP assets.
and healthcare rely heavily on interconnected networks to deliver essential services. Securing these
networks against cyber threats is essential for safeguarding public safety, national security, and economic
stability.
9. *Support for Remote Workforce*: The proliferation of remote work has expanded the attack surface
for cyber threats, as employees access corporate networks and data from various locations and devices.
Network security solutions like VPNs, multi-factor authentication, and endpoint security help secure remote
10. *Prevention of Financial Loss*: Cyber attacks can result in direct financial losses through theft of
funds, extortion payments, or fraudulent transactions. Additionally, organizations may incur indirect costs
related to remediation efforts, legal fees, and loss of productivity. Network security helps mitigate these
Overall, network security is critical for protecting organizations against a wide range of cyber threats,
preserving data confidentiality and integrity, ensuring regulatory compliance, maintaining business
INTRODUCTION TO IDS
In today’s world internet security has become a challenge or organisations. To protect credential
data from the intruders. In process of safeguarding the data Web Firewalls, encryption, authentication
and Virtual Private Networks (VPN) have been deployed since a long time to secure the network
infrastructure and communication over the internet. Intrusion detection is a relatively new addition to
set of security technologies. IDS is an evolution which enhance the network security and
safeguarding the data of the organisation. The IDS helps the network administrator to detect any
malicious activity on the network and alerts the administrator to get the data secured by taking the
appropriate actions against those attacks. An intrusion refers to any unauthorized access or malicious
utilization of information resources. An intruder or an attacker is a real world entity that tries to
find a means to gain unauthorized access to information, causes harm or engage in other malicious
The firewall protects an organization from the malicious attacks from the Internet and the IDS
detects if someone tries to access in through the firewall or manages to break in the firewall security
and tries to have an access on any system in the organization and alerts the system administrator if
there is an undesired activity in the firewall. Therefore, an Intrusion detection system (IDS) is a security
system that monitors network traffic and computer systems and works to analyse that traffic for
possible hostile attacks originating from outside the organization and also for misuse of system or
Working To IDS
lO M oARcPSD| 25002933
An IDS only needs to detect potential threats. It is placed out of band on the network infrastructure.
Consequently, it is not in the real-time communication path between the sender and receiver of
information.
IDS solutions often take advantage of a TAP or SPAN port to analyze a copy of the inline traffic stream.
This ensures that the IDS does not impact inline network performance.
When IDS was developed, the depth of analysis required to detect intrusion could not be performed
quickly enough. The speed would not keep pace with components on the direct communications path
Network intrusion detection systems are used to detect suspicious activity to catch hackers before
damage is done to the network. There are network-based and host-based intrusion detection systems.
Host-based IDSes are installed on client computers; network-based IDSes are on the network itself.
An IDS works by looking for deviations from normal activity and known attack signatures. Anomalous
patterns are sent up the stack and examined at protocol and application layers. It can detect events like
There are five types of IDS: network-based, host-based, protocol-based, application protocol-based
and hybrid.
A network IDS monitors a complete protected network. It is deployed across the infrastructure at
strategic points, such as the most vulnerable subnets. The NIDS monitors all traffic flowing to and from
devices on the network, making determinations based on packet contents and metadata.
lO M oARcPSD| 25002933
A host-based IDS monitors the computer infrastructure on which it is installed. In other words, it is
deployed on a specific endpoint to protect it against internal and external threats. The IDS accomplishes
this by analyzing traffic, logging malicious activity and notifying designated authorities.
3. Protocol-based (PIDS)
A protocol-based intrusion detection system is usually installed on a web server. It monitors and analyses
the protocol between a user/device and the server. A PIDS normally sits at the front end of a server and
An APIDS is a system or agent that usually sits inside the server party. It tracks and interprets
correspondence on application-specific protocols. For example, this would monitor the SQL protocol to
A hybrid intrusion detection system combines two or more intrusion detection approaches. Using this system,
system or host agent data combined with network information for a comprehensive view of the system. The hybrid
intrusion detection system is more powerful compared to other systems. One example of Hybrid IDS is Prelude.
lO M oARcPSD| 25002933
lO M oARcPSD| 25002933
Uses of IDS
1. Monitoring the performance of key firewalls, files, routers, and servers to detect, prevent, and
2. Enabling system administrators to organize and understand their relevant operating system audit
trails and logs that are often difficult to manage and track
3. Providing an easy-to-use interface that allows staff who are not security experts to help with the
4. Providing an extensive database of attack signatures that can be used to match and detect known
threats
5. Providing a quick and effective reporting system when anomalous or malicious activity occurs,
6. Generating alarms that notify the necessary individuals, such as system administrators and security
7. In some cases, reacting to potentially malicious actors by blocking them and their access to the
server or network to prevent them from carrying out any further action
lO M oARcPSD| 25002933
at them and the type and level of sophistication of risks they face.
comprehensive cybersecurity strategy that can stand up to the modern threat landscape. An IDS can
also be used to identify bugs and potential flaws in organizations’ devices and networks, then assess
and adapt their defenses to address the risks they may face in the future.
regulations that they must comply with. An IDS tool provides them with visibility on what is
happening across their networks, which eases the process of meeting these regulations. The
information it gathers and saves in its logs is also vital for businesses to document that they are
4. Faster response times: The immediate alerts that IDS solutions initiate allow organizations to
discover and prevent attackers more quickly than they would through manual monitoring of their
networks. The sensors that an IDS uses can also inspect data in network packets and operating
ANNEXURE-II
Evaluation Sheet for the Micro Project (Teachers copy)
Acade
mic Year:- Name of Guider: S. N. Patil mam
2023-2024
Subject
Faridkhan Pathan
Pro
jec
t:-
lO M oARcPSD| 25002933
From To Duration In
Hours
1 9/1/24 2:00 5:00 3 Discussion and Finalization of
the Project Title
3112
Rajnandeeni Patil
3150
Sanika Patil
3142
Anurag Pawar