Intrusion Detection System (IDS) for Rice Campus
Hwanho Kim Graduate, Information Technology and Management
Bill Lidinsky, Alva C. Todd Professor and Assistant Director of Information Technology and Management
"Apply existing technology to solve a real-life problem" for the System and Network Security class. This project entailed selecting, configuring and integrating an Intrusion Detection System that could monitor the events in Rice Campus network and analyze them for signs of security problems.
Hwanho Kim innovated an Intrusion Detection System that uses both anomaly and misuse detection. The Anomaly detects statistical irregularity and offers the advantage of detecting previously unknown attacks and misuse. It also detects the well-known pattern of attacks and focuses on signature recognition systems that audit data, while offering the advantage of producing few false positives. The system used in this project is based on the new Snort 2.0, combined with Analysis Console for Intrusion Databases (ACID), Apache, MySQL, and supporting languages and tools.
The IDS system uses Snort, a well known IDS system capable of performing real-time lightweight network analysis and packet logging on IP networks. It performs protocol analysis and content searching/matching. It can also be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. The system is currently in use at the Rice Campus and has detected several intrusions.