logo SBA

ETD

Archivio digitale delle tesi discusse presso l’Università di Pisa

Tesi etd-07062017-093415


Tipo di tesi
Tesi di laurea magistrale
Autore
TESEI, ANDREA
URN
etd-07062017-093415
Titolo
Bro NIDS and Unix Firewall: towards an Intrusion Prevention System.
Dipartimento
INFORMATICA
Corso di studi
INFORMATICA E NETWORKING
Relatori
relatore Prof. Degano, Pierpaolo
relatore Dott. Galletta, Letterio
Parole chiave
  • Bro NIDS
  • cybersecurity
  • intrusion detection system
  • intrusion prevention system
  • intrusion response system
  • unix firewall
Data inizio appello
21/07/2017
Consultabilità
Completa
Riassunto
The huge number of successfully attacks that nowadays we are experiencing, suggests that we have to find new methods to protect our systems from malicious actors. In recent years several new technologies and new distributed system architectures were introduced, and the attacks that those systems are exposed to are very complex and sometimes is not so easy to detect them. Both anomaly-based and signature-based Intrusion Detection Systems (IDS) can be used to mitigate this problem, but each network administrator has to be aware of common used attack techniques in order to enable the selected IDS discover them. The aim of this thesis work is to built a collaboration between Bro Network Intrusion Detection System (NIDS) and the ubiquitous Linux Kernel firewall in order to construct a system with a custom active response to block a set of known attacks and evasion techniques. Moreover in order to decrease the percentage of false positives, which is a known limitation of anomaly-based IDS, a separated inspection technique is implemented for further analysis of weird behaviors detected by Bro NIDS. The power of this approach is demonstrated by implementing a selected set of attacks and evasion techniques, conducted against a little protected network. It is composed by a machine in which an instance of Bro and one of custom 'packet inspector' are deployed, together with a running Linux server that is actually the victim of each attack. The outcomes of these test cases prove the strength of this system in the selected attack scenarios.
File