Abstract:
Security became an important issue in networks world. Intrusion
Detection Systems (IDSs) are one of the most tested and reliable
technologies to monitor and detect attacks. Network Intrusion Detection
Systems (NIDSs) collects network traffic information from some point on
the network or computer system and then use this information to secure the
network. There are two methods basis on the source of data to be analyzed
in NIDSs; Packet-Based and Flow-Based.
This research implements both methods to detect scanning and
flooding attacks. Packet-Based NIDS is done using the misuse-based IDS
Snort. Snort is an open-source project. Configured to run in NIDS mode.
Attacks are launched from remote host that uses Kali tool. For Flow-Based
NIDS, an algorithm is implemented with C language to detect and identify
network attack based on Time-based Aggregation Traffic (TAT) feature
that extracted from previous exported NetFlow record to detect several scan
and Denial of Service (DoS) attacks. After implementing and testing both
methods, results showed that Packet-Based can detect scanning attacks and
flooding attacks very well and able to made an alert for that but Snort
cannot alert every incoming packet because of the inability of Snort to
analyze multiples packet in small time. For Flow-Based NIDS detect all
scanning and flooding attacks correctly with False Positive almost zeroactually
is 0.002 and with True Positive equal 1. Hybrid system for both
inspections method is recommended to get the best feature of the both
Network Intrusion Detection Systems.