A Graphical User Interface Framework for Detecting Intrusions using Bro IDS

Abstract

Internet has transformed and greatly improved the way we do business, this vast network have opened the door to an increasing number of security threats from which corporations must protect them. Although network attacks are presumably more serious when they deal with businesses that store sensitive data, such as personal, medical or financial records, the consequences of attacks on any entity range from mildly inconvenient to completely debilitating-important data can be lost, privacy can be violated, and several hours, or even days, of network downtime can ensue. To protect the network, Network security is needed. Network security is the provision made in an underlying computer network or rules made by the administrator to protect the network and its resources from unauthorized access. To make network secure, an Intrusion detection system is one of the efficient system. An intrusion is used to monitor network traffic, check for suspicious activities and notifies the system or network administrator. Taking a closer look at open source Network Intrusion Detection System, there is a very powerful open source system that is termed as Bro. It passively monitors network traffic and looks for suspicious activity by comparing network traffic against scripts. If Bro detects something of interest, it can be instructed to either issue a log entry or initiate the execution of an operating system command. Some Policy Scripts are already built in Bro IDS. In this thesis, various types of live traffic is captured and analyzed. Some new policy scripts are built to filter out the needed packets from the captured traffic. Also, a Graphical User Interface is designed to ease the make and run of scripts that eliminates the need of writing the commands at terminal.