Network Intrusion Detection System (NIDS)
Johnny Aquino, Graduate Candidate, Masters in Information Technology and Management
Ashok Bhojwani, Graduate Candidate, Masters in Information Technology and Management
Jeremy Hajek, Graduate Candidate, Masters in Information Technology and Management
Rajesh Patel, Graduate Candidate, Masters in Information Technology and Management
Bill Lidinsky, Alva C. Todd Professor and Assistant Director of Information Technology And Management
A Network Security System that monitors both wired and wireless networks within the boundaries of Rice IIT Campus. The system provides automated alerting and is coupled with another system, GRATIS, that graphically identifies the source and location of the malicious traffic.
NIDS extends the capabilities of existing network monitoring by joining multiple IDS (Intrusion Detection System) detectors that sense events causing anomalies in the campus network. These detectors report to a central server that manages all the resources. Each IDS system uses Snort software that performs pattern matching on data packets. It looks for signatures of well-known patterns of attack, performs real-time analysis and logs alerts to the central database for further examination. In addition to Snort, the central IDS server uses a MySQL database, an APACHE web server, a customized console called ACID (Analysis Console for Intrusion Database), an alerting tool called Swatch, plus other supporting programs.
The system is currently in use and has been able to detect anomalies and misuses such as illegal use of P2P file sharing, SMTP email relays, and many types of Trojan and worm attacks.
All software used for this project is either freeware or shareware.
The project was presented at the Computer and Network Security Workshop on April 7, 2005 and to the Institute of Electrical and Electronics Engineers (IEEE) on May 12, 2005 as part of an IEEE student colloquium.