1 / 21

Software Architecture

This project presents a robust software architecture for an Intrusion Detection System (IDS) tailored specifically for detecting port scanning attacks. It actively monitors network systems to identify any ongoing port scans, providing crucial data such as the source and destination IP addresses, scanned ports, and scan duration. The IDS effectively recognizes multiple scanning techniques, including TCP SYN, UDP port scans, and others, employing object-oriented design principles for efficiency and cross-platform compatibility (Windows/Linux). This system enables network administrators to swiftly respond to potential threats, enhancing overall network security.

major
Télécharger la présentation

Software Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Detection System Marc Nemati April 19, 2011 Software Architecture

  2. Intrusion Detection • Port Scan Detection • Many attacks begin with locating an open port to launch the attack (Port Scan) • Many algorithms and methods to determine if a port is open

  3. Project Overview • Check at any given time, if any system on a network is being port scanned • Once a port scan is detected, return the following crucial information to the network admin • IP address • MAC address • Ports Scanned • Duration of Scan

  4. Functionality • Display the Source MAC and IP addresses • Check the type of transport protocol used by looking at the protocol field of the IP packet. • If it a TCP or UDP packet extract and display the source and destination port numbers. • Specifically recognize all of the following attacks; • TCP SYN scan • UDP port scan • IP protocol scan • TCP Maimon scan • TCP FIN, and Null scan • When a scan is detected, display the number of ports scanned, originating IP address, destination IP, and list all the destination port addresses.

  5. Design 1 – Object Oriented

  6. Design 1 – Level 2 Main isTCP_SYN_attack() getDeviceList() PortScanDetector isTCP_FIN_attack() PacketHandler isTCP_Maimon_attack() run() isIPproto_attack() detect() receivePacket() isUDP_attack() Packet_list

  7. Design 1 – Class Diagram

  8. Design 1 - Mapping

  9. Design 2 – Client/Server

  10. Design 2 – Level 2 Main Network isTCP_SYN_attack() getDeviceList() PortScanDetector isTCP_FIN_attack() PacketHandler isTCP_Maimon_attack() run() isIPproto_attack() receivePacket() detect() isUDP_attack() sendPacket() Packet_list

  11. Design 2 – Class Diagram

  12. Design 2 - Mapping

  13. Pros and Cons Object - Oriented Client/Server

  14. Rational For Implementation • Object Oriented • Java • Cross Platform (Windows/Linux) • Threading • Used due to Large number of packets on the network • Efficiency • Memory Management • Reduces Network Overhead

  15. Compilation

  16. Screen Shots

  17. Screen Shot - SYN

  18. Screen Shot - FIN

  19. Screen Shot - Maimon

  20. Screen Shot - UDP

  21. Screen Shot - IP

More Related