Network attacks persist to pose a major threat to the internet. Various techniques are suggested for its mitigation from time to time but newer procedures of performing network attacks are continuously being promulgated by the intruders. The mitigation process becomes really difficult when it comes to highly distributed attacks performed using botnets. These attacks pose a major challenge to both the legitimate users as well as the infrastructure and to protect them, early discovery of the attacks is important. In this paper, Intrusion Detection and prevention System (IDPS) Snort is presented as a solution to identify different Network Attacks. Snort has been evaluated in a high-speed real network for different DoS and Port Scan attacks to examine its behaviour and capacity in detecting them. A set of custom rules have been proposed which show promising results in detecting the attacks but it still has scope for improvement.

NIDS, Snort v2.X, D-ITG, Scapy, DoS attacks, flooding, Port Scan

[1] Q. Gu and P. Liu, “Denial of Service Attacks, Technical Report,” http://s2.ist.psu.edu/paper/DDoS-Chap-Gu-June-07.pdf.
[2] S. Acharya and N. Tiwari, “Survey Of DDoS Attacks Based On TCP/IP Protocol Vulnerabilities,” IOSR Journal of Computer Engineering, vol. 18, no. 3, pp. 68-76, 2016.
[3] T. PENG, C. LECKIE and K. RAMAMOHANARAO, “Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS problems,” ACM Computing Surveys, vol. 39, no. 1, April 2007.
[4] S. Sharma, Y. Verma and A. Nadda, “Information Security: Cyber Security Challenges,” International Journal of Scientific Research in Computer Science and Engineering, vol. 7, no. 1, pp. 10-15, 2019.
[5] M.Shivakumar, R.Subalakshmi, S. Shanthakumari and S. Joseph, “Architecture for Network-Intrusion Detection and Response in open Networks using Analyzer Mobile Agents,” International Journal of Scientific Reearch in Network Security and Communication, vol. 1, no. 4, pp. 1-7, 2013.
[6] P. Innella, “ An Introduction to IDS,” 5 dec 2011. [Online]. Available: https://www.symantec.com/connect/articles/introduction-ids.. [Accessed Accessed Dec 2017].
[7] S. Chakrabarti, M. Chakraborty and I. Mukhopadhyay, “Study of Snort-Based IDS,” in Proceedings of the International Conference and Workshop on Emerging Trends in Technology, ACM, 2010.
[8] S. Bansal and N. Bansal, “Scapy–A Python Tool For Security Testing,” Journal of Computer Science & Systems Biology, vol. 8, no. 3, pp. 140-159, 2015.
[9] A. P. G. V. D. Emma, Analysis and experimentation of an open distributed platform for synthetic traffic generation, Suzhou, 2004, pp. 277-283.
[10] S. Avallone, S. Guadagno, D. Emma, A. Pescap and G. Ventre, “D-ITG Distributed Internet Traffic GeneratorS. Avallone S. Guadagno D. Emma A. Pescap `eG. Ventre,” in 1st International Conference on Quantitative Evaluation of Systems , Enschede, The Netherlands, 27-30 September 2004.
[11] C.-L. Chen, “A new Detection Method for Distributed Denial-of-Service Attack Traffic based on Statistical Test”, J,” Journal of Universal Computer Science, vol. 15, no. 2, 2009.
[12] N. Khamphakdee, N. Benjamas and S. Saiyod, “Improving Intrusion Detection System Based on Snort Rules for Network Probe Attack Detection,” in 2nd International Conference on Information and Communication Technology (ICoICT), 2014.
[13] J. François, I. Aib and R. Boutaba, “FireCol: A Collaborative Protection Network for Detection of Flooding DDoS Attack,” IEEE/ACM Transactions on Networking, vol. 20, no. 6, pp. 1828 - 1841, 2012.
[14] S. T, Application of Machine Learning Algorithms for Real Time Intrusion Detection and Classification, chennai, Tamil Nadu: Shodhganga, 2011.
[15] L. Xiaoming, V. Sejdini and H. Chowdhury, Denial‐of‐Service (DoS) Attack with UDP Flood., Windsor, Ontario: School of Computer Science, University of Windsor:, 2007.
[16] Z. Trabelsi and L. Alketbi, “Using network packet generators and snort rules for teaching denial of service attacks,” in Annual Conference on Innovation and Technology in Computer Science Education, 2013.
[17] M. Saritha and M. Chinta, “Countering Varying DoS Attacks using Snort Rules,” International Journal of Advanced Research in Computer science and Software Engineering, vol. 3, no. 10, October 2013 .
[18] M. Gandhi and S.K.Srivatsa, “Detecting and preventing attacks using network intrusion detection System,” International Journal of Computer Science and Security, vol. 2, no. 1, pp. 49-60, 2008.
[19] D. Lin, “Network Intrusion Detection and Mitigation against Denial of Service Attack,” University of Pennsylvania, Philadelphia, 2013.
[20] F. Hsu, Y. Hwang, C. Tsai, W. Cai, C. Lee and K. Chang, “TRAP: A three-way handshake server for TCP connection establishment,” Appl. Sci., vol. 6, no. 11, 2016.
[21] K. Kendall, “Intrusion Detection Attacks Database,” 1999.
[22] S. M. Aaqib, “To analuse performane, scalability and security mechanisms of apache web server vis-a-vis with contemporary web servers,” University of Jammu, 2014.
[23] M. d. Vivo, L. Ke, G. Isern and G. O. d. Vivo, “A review of port scanning techniques,” ACM SIGCOMM Computer Communication Review , vol. 29, no. 2, pp. 41-48, 1999 Computer Communication Review. .
[24] T. S. Buddy, “What is FTP Bounce Attack ?,” 7 march 2017. [Online]. Available: https://www.thesecuritybuddy.com/vulnerabilities/what-is-ftp-bounce-attack/. [Accessed 1 feb 2018].
[25] “Study of Snort based IDS,” in Proceedings of the International Conference and Workshop on Emerging Trends in Technology, ACM, 2010.
[26] M. Roesch, “SNORT 3 User manual,” SourceFire.Inc, 2017. [Online]. Available: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/. [Accessed Nov 2017].
[27] T. W. Shinder, The Best Damn Firewall Book Period, Second ed., Syngress, 2007.