The Effectiveness of open source Intrusion Detection compared to vendor versions of network Intrusion Detection systems

The Effectiveness of Open Source and Vendor Versions of Network Intrusion Detection Systems

TABLE OF CONTENTS

Abstract .4

Chapter 1 Introduction .5

Chapter 2 Research .9

2 .1 Open Source Software .9

2 .2 Open Source Security .11

2 .3 Intrusion Detection Systems (IDS .12

2 .4 Protected Systems .14

2 .4 .1 Network-Based IDS .15

2 .4 .2 Host-Based IDS .15

2 .4 .3 Strengths of HIDS over NIDS .16

2 .4 .4 Network Node IDS .18

p 2 .5 Intrusion Detection Approaches .19

2 .5 .1 Anomaly Detection .19

2 .5 .2 Misuse Detection .19

2 .6 Attack Responses .20

2 .6 .1 Passive System .20

2 .6 .2 Reactive System .20

2 .7 Traffic Analysis versus Content Analysis .20

2 .7 .1 Hybrid Analysis .21

2 .8 IDS Evasion Techniques .21

2 .8 .1 Flooding .21

2 .8 .2 Fragmentation 21

2 .8 .3 Encryption .22

2 .8 .4 Obfuscation .22

2 .9 Open Source and Proprietary IDS .22

2 .9 .1 Benefits of Open Source Security .23

Chapter 3 Analysis .25

3 .1 Correlation of Attacks Issued and Attacks Detected .25

3 .2 Duration of Detection .26

3 .3 Ease of Use .26

3 .4 Accessibility of the Software .27

3 .5 Number of Users .27

Chapter 4 Evaluation .28

4 .1 Results and Discussion on Attacks Issued and Attacks Detected .28

4 .2 Results and Discussion on Completion Time for Attack Monitoring .29

4 .3 Results and Discussion on Users ' Rating of Ease of Use .31

4 .4 Results and Discussion on Users ' Rating of Product Accessibility .33

4 .5 Results and Discussion on Number of Product Users .35

4 .6 Overall Interpretation of Results .36

Chapter 5 Developments .38

5 .1 Future of Intrusion Detection .38

5 .1 .1 How the Products Will Tackle Challenges In The Future .38

5 .1 .2 Hybrid IDS 39

Chapter 6 : Conclusions and Future Work .40

References .41

The Effectiveness of Open Source and Vendor Versions of Network Intrusion Detection Systems

Abstract

Computer security is a crucial part of our operations , not a luxury Someone constantly finds new ways of exploiting security vulnerabilities in operating systems and applications . Although intrusion detection systems (IDS ) are becoming ubiquitous defences in today 's networks , at present we have no comprehensive and scientifically precise methodology to see the effectiveness of today 's open source IDS as compared to the conventional proprietary /vendor version . Issues like how IDS has been used in the fighting against network security issues and how open-source security software can be more cost effective and efficient are therefore addressed in this

This also discusses the open-source technologies and tools which are used by leading security professionals and industries . Different approaches for the assessment of open-source versus vendor version of IDS were employed . Furthermore , we have presented recommendations that will help IDS users to evaluate the quality of intrusion detection signatures . We also look into the future developments of intrusion detection and present suggestions for research directed toward improving...