1.1 Background of the Study
During 1984 and 1986, more research on intrusion detection system was done by several researchers. James P. Anderson’s presented a research on Intrusion Detection System (IDS). In the mid-1990s, IDS products were ?rst commercialized by two companies, Internet Security System Inc (ISS) and Wheelgroup. They designed a network-based IDS called RealSecure and Netranger, respectively.
ISS Inc. released the ?rst version of RealSecure 1.0 for Windows NT 4.0. RealSecure used a knowledge base by matching signatures, however, it was ineffective for new attacks which became a major setback. Wheelgroup’s Netranger was a known network-based IDS back in 1995; it functioned by scanning network traf?c. Wheelgroup was acquired in by Cisco in February 1998; today, it forms an intrinsic part of Cisco’s security. Many researchers identi?ed the setback in using the knowledge-based technique of matching signatures because it required continuous update of the database to recognize new attacks; more so, network and packet switching began to rise to a high speed from megabits to gigabits per sec. This was a major challenge as it became more dif?cult to scan through, analyze traf?c, and detect attacks in real-time; thus, researchers were burdened with designing an IDS ?t for high-speed networks. This led to the invention of host-based IDS, for example, TCP Wrappers, Tripwire, and Snort which provided analysis of system logs in real time. Snort is a free IDS tool, known for its multi-functionality as a network-based and host-based IDS. It was ?rst released by Marty Roesch on December 22,1998 for UNIX systems; later in 1999, a version of Snort (version 1.5) was released; it was effective in analyzing and logging packets in real-time; it was later modi?ed for Windows system by Michael Davis in the year 2000.
Today, as the functionality of IDS advances, attackers now explore means of detecting, bypassing, and disabling IDS before penetrating the infrastructure, resulting in denial of service (DoS). Security experts aim to curb these attacks by using Intrusion Detection and Prevention System (IDPS) architectures which are not visible to attackers by restricting communication permitted among various security components on a network. Due to the gradually increasing number of vulnerabilities, the identi?cation of attack is essential. To this end, a number of reviews have been done on IDPSs in the literature with the most recent one being which was conducted in 2016. A lot has happened since that period that is worthy of reporting. For instance, it was in 2016 that the biggest DDoS attacks powered by a Botnet were recorded. An example is Mirai, a Botnet primarily composed of infected routers and security cameras, low-powered and poorly secured devices which caused a lot of major DDoS attacks. Internet attacks thus must be de?ned to measure security. Also, in recent times, infrastructure has evolved from a network of systems, private cloud infrastructure to the Internet of Things (IoT) offering several cloud-based services and solutions. While this has provided limitless opportunities on the choice of where to store data, the risk that accompanies these opportunities is also considered enormous because these data can be compromised via several intrusion methods irrespective of the platform on which the data is stored.
In recent years, network security has been a hotly debated issue for it managers, who increase investments year after year, in order to protect the privacy, integrity and availability of information. Much of this is due to malicious actions of internal and external users, which seek to make services, networks and systems of companies unavailable, in all sizes and lines of action. To solve this situation, numerous defense strategies are implemented such as firewalls, massive use of encryption, private virtual networks, among others aiming to maintain the security of the infrastructures and the secrecy of communications made through the internet.
Among the commonly used methods, we highlight intrusion detection through IDPS (Intrusion Detection and Prevention System). With this, we can collect and use information from several types of known attacks to defend the whole infrastructure, as well as identify points or attempts to attack, allowing not only the report but also the continuous improvement of the security environment.
As the technology is growing, the concern for its security is growing as well. There is an enormous number of intrusions caused by both external and internal intruders in various ways. Security has become one of the major topics of concern.
Many organizations dealing in e-business should have their security tightly implemented as any downtime caused by intrusion can incur considerable loss of revenue. This situation can also lead to the possible loss of customers, as shoppers may see themselves prone to security attack, which could put a company out of business. Therefore, a reliable security system is vital. There are many companies, both large scale and small scale that do not see security as an important issue.
This is due to the expense of implementing a security system, as well as a general lack of awareness. Subsequently, there is a need to understand different security systems available by summarizing the advantages, disadvantages, and necessary requirements to decide in selecting a security system. Currently, there are many Intrusion Prevention Systems and Intrusion Detection Systems being deployed in the network or host to help understand and mitigate any malicious activities.
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations, an intrusion can also be defined as any set of actions attempting to compromise the integrity, confidentiality, or availability of a resource (Heady R. et al, 1990). Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms. In some cases the IDS may also respond to anomalous or malicious traffic by taking action such blocking the user or source IP address from accessing the network.
IDS types range in scope from single computers to large networks. The most common classifications are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). The network based (NIDS) and host based (HIDS) intrusion detection systems are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network. HIDS host intrusion detection system on the network. HIDS monitors the inbound and outbound pockets from the device only and will alert the user.
A system that monitors important operating system files is an example of an HIDS, while a system that analyzes incoming network traffic is an example of an NIDS. It is also possible to classify IDS by detection approach. The most well-known variants are signature-based detection (recognizing bad patterns, such as malware) and anomaly-based detection (detecting deviations from a model of “good” traffic, which often relies on machine learning). Another common variant is reputation-based detection (recognizing the potential threat according to the reputation scores). Some IDS products have the ability to respond to detected intrusions. Systems with response capabilities are typically referred to as an intrusion prevention system. Intrusion detection systems can also serve specific purposes by augmenting them with custom tools, such as using a honeypot to attract and characterize malicious traffic. Intrusion detection, prevention and trace back system are primarily focused on identifying possible incidents, logging information about them, attempting to stop them and reporting them to security administers. Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network or system activities for malicious activity. Guide to intrusion detection and prevention systems (IDPS).
1.1 Statement of the Problem
A vast number of people are vulnerable to security breaches but do not know how they can avoid it. Currently, there are various IDS/IPS known, used, and actively being built. For any big company, common user, or vendor, a problem arises when they want to decide upon which IDS/IPS should be implemented on their network or host as per their requirements and the features of the IDS/IPS. Therefore, awareness and a contrast on an IDS and its features must be well known to understand and compare different security systems available. Both external and internal cyber-attacks have been growing at an alarming rate. According to a CPI/FBI survey, 59% of companies surveyed had one or more attacks reported. Almost 8% of those companies reported 60 or more internal incidents. The main issues that need to be addressed in preventing and detecting attacks are as follows: what the basic problems of insider attacks are, how IDSs can help solve this problem, and how an internal IDS should be deployed using various IDS technologies.
This section of the project work tries to look into those problems that prompted the researcher in carrying out this project work. It defines those problems that are existing in the old system. The old system is characterized to distinguish the activities of the network traffic that the intrusion and normal is very difficult and need much time.
The following problems were also identified in the existing system that necessitated the development of the intrusion detection and prevention system:
1.2 Aim and Objectives of Study
The aim of this project is to develop an Intrusion Detection and Prevention System with the following objectives:
1.3 Significance of the study
This study is significant in the following ways:
1.4 Scope of the Study
This study covers Intrusion Detection, and Prevention System using Gufax micro finance Bank Plc, Ikot Ekpene, Abia State, as a case study. It is limited to the use of cipher text encryption to prevent intruders from gaining access to vital information of customers,
Definition of Terms
Detection is the extraction of particular information from a larger stream of information without specific cooperation from or synchronization with the sender.
Intrusion: It is an illegal act of entering possession of another’s property.
Password: A special code used by user to gain access to the database or a research.
Security: safety, freedom danger.
Files: Is the collection of logically related record.
Prevention: Maintenance performed to stop fault occurring or developing into major detects.
Codes: To write a computer program by putting one system of number, words symbols into another system.
System: a group of interdependent items that interact regularly to perform task.
Intrusion Detection System (IDS) is a software or hardware component that automates the intrusion detection process. It is designed to monitor the events occurring in a computer system and network and responds to events with signs of possible incidents of violations of security policies.
Intrusion Prevention System (IPS), on the other hand, is the technology of both detecting of intrusion or threat activities and taking preventive actions to seize them. It combines the knowledge of IDS in an automated manner.