Network Denial of Service Defense System (nDos)
Denial of Service attack is widely spread within virtual world as a malicious act that could give a huge impact in terms of the system performance and financial aspect. Network Denial of Service Defense System is an extension of intrusion detection system which incorporated with detection and pre...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Year Project |
| Language: | English |
| Published: |
Universiti Teknologi PETRONAS
2007
|
| Subjects: | |
| Online Access: | http://utpedia.utp.edu.my/9842/1/2007%20Bachelor%20-%20Network%20Denial%20Of%20Service%20Defense%20System.pdf http://utpedia.utp.edu.my/9842/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Denial of Service attack is widely spread within virtual world as a malicious act that
could give a huge impact in terms of the system performance and financial aspect.
Network Denial of Service Defense System is an extension of intrusion detection system
which incorporated with detection and prevention ~.<apabilitie&; The ar~<hite~.<ture of nDos
is based on NIPS where it is place inline on the network statefully analyzing packet
content and block certain packets that match a signature and alert on others. A NIPS
protection is based on the content of packets. The system loads a large array of
signatures. These signatures take the form of a string of data characteristic of some
particular type of attack. When a data packet enters the network, the IDS!IPS examines
that data against its database of signatures. If the data match, then the IDS/IPS takes
appropriate action. In the case of an IDS, the intrusion attempt will be logged, whereas, in
the case of an IPS, the system can drop the data packet, or even sever the offending
machine's connection. Ndos provide web interface for data retrieval and manipulation.
The front;end of the system is based on PHP/MySQL hence it could provide statistical
analysis for managerial point of view. The back-end of nDos is using snort_inline as
detection engine and iptables firewall for traffic prevention mechanism. Once an attack
being launch nDos will logged the incident based on rules and configuration and iptables
or generic firewall need to determine the traffic state whether to accept or drop the
connection. Predefined thresholds value is important for DoS attack where a lot of
connections of traffic generated hence when exceed the value the detection engine could
identify Stich an attack. nDos is targeted for educational purpose and small-medium size
enterprise because of there is only commercial IPS solution available in the market.
Portability and compatibility is an issue where for future recommendation Live CD
features could be implemented to provide high compatibility without concern of the OS. |
|---|