This document proposes an intrusion detection system using customized rules for the Snort tool to improve security. The system uses Wireshark to scan network traffic for anomalies, Snort to detect attacks using customized rulesets for faster response times, and Wazuh and Splunk to analyze log files. Rules are created using the Snorpy tool and added to Snort to monitor for specific attacks like ICMP ping impersonation and authentication attempts. When attacks are attempted, the system successfully detects them and logs the alerts. The integration of these tools provides low-cost intrusion detection capabilities with automated threat identification and faster response compared to existing Snort configurations.
Network Forensics is scientifically proven technique to accumulate, perceive, identify, examine, associate, analyse and document digital evidence from multiple systems for the purpose of uncovering the fact of attacks and other problem incident as well as performing the action to recover from the attack. Many systems are proposed for designing the network forensic systems. In this paper we have prepared comparative analysis of various models based on different techniques.
Intrusion Detection System using AI and Machine Learning Algorithm
This document discusses using artificial intelligence and machine learning algorithms to develop an intrusion detection system (IDS). It begins with an abstract that outlines using AI to act as a virtual analyst to concurrently monitor network traffic and defend against threats. It then provides background on IDS and the need for more effective automated threat detection. The document discusses classifying attacks, different types of IDS (host-based and network-based), and detection methods like signature-based and anomaly-based. It aims to develop an IDS using machine learning algorithms that can learn patterns to provide automatic intrusion detection without extensive manual maintenance.
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
This document summarizes a research paper on current studies of intrusion detection systems using genetic algorithms and fuzzy logic. The paper presents an overview of intrusion detection systems, including different techniques like misuse detection and anomaly detection. It discusses using genetic algorithms to generate fuzzy rules to characterize normal and abnormal network behavior in order to reduce false alarms. The paper also outlines the dataset, genetic algorithm approach, and use of fuzzy logic that are proposed for the intrusion detection system.
Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations take place. Tremendous growth and practice of internet raises concerns about how to protect and communicate the digital data in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms assist to identify these attacks. This main objective of this paper is to provide a complete study about the description of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, tasks and applications
Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations take place. Tremendous growth and practice of internet raises concerns about how to protect and communicate the digital data in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms assist to identify these attacks. This main objective of this paper is to provide a complete study about the description of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, tasks and applications
A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detection
In today's interconnected world, one of pervasive issue is how to protect system from intrusion based security attacks. It is an important issue to detect the intrusion attacks for the security of network communication.Denial of Service (DoS) attacks is evolving continuously. These attacks make network resources unavailable for legitimate users which results in massive loss of data, resources and money.Significance of Intrusion detection system (IDS) in computer network security well proven. Intrusion Detection Systems (IDSs) have become an efficient defense tool against network attacks since they allow network administrator to detect policy violations. Mining approach can play very important role in developing intrusion detection system. Classification is identified as an important technique of data mining. This paper evaluates performance of well known classification algorithms for attack classification. The key ideas are to use data mining techniques efficiently for intrusion attack classification. To implement and measure the performance of our system we used the KDD99 benchmark dataset and obtained reasonable detection rate.
Survey on Host and Network Based Intrusion Detection System
With invent of new technologies and devices, Intrusion has become an area of concern because of security issues, in the ever growing area of cyber-attack. An intrusion detection system (IDS) is defined as a device or software application which monitors system or network activities for malicious activities or policy violations. It produces reports to a management station [1]. In this paper we are mainly focused on different IDS concepts based on Host and Network systems.
This document discusses securing healthcare networks against cyber attacks. It proposes using intrusion detection systems to continuously monitor networks, firewalls to ensure endpoint devices comply with security policies, and biometrics for identity-based network access control. This would help protect patient privacy by safeguarding electronic health records and enhancing the security of hospital networks. The growing adoption of electronic records and devices in healthcare has increased risks of attacks that could intercept patient data or take over entire hospital networks. Strong network security measures are needed to address these risks.
This document discusses network intrusion detection systems (NIDS) and their ability to handle high-speed traffic. It introduces NIDS and their role in monitoring network traffic. The document presents an experiment that tests the open-source NIDS Snort under high-volume traffic. The experiment shows that Snort drops more packets as traffic speed and volume increases, demonstrating a weakness of NIDS in high-speed environments. It suggests using a parallel NIDS technique to help NIDS better handle high-speed network traffic and reduce packet dropping.
Network Intrusion Detection And Countermeasure Selection In Virtual Network (...ClaraZara1
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in detecting abnormal content in the traffic data during information passing from one node to another and also detects known attack signature and unknown attack. This approach is tested by running the artificial network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
The document proposes a signature-based intrusion detection system using multithreading. It captures network packets and analyzes them for intrusions by comparing signatures to databases of known attacks. A multithreaded design is suggested to improve performance by processing packets in parallel threads. Agents would be deployed on the network with detection modules that use caching of frequent signatures to speed up analysis. An update module would transfer new frequent signatures to the caches.
Network Forensics is scientifically proven technique to accumulate, perceive, identify, examine, associate, analyse and document digital evidence from multiple systems for the purpose of uncovering the fact of attacks and other problem incident as well as performing the action to recover from the attack. Many systems are proposed for designing the network forensic systems. In this paper we have prepared comparative analysis of various models based on different techniques.
Intrusion Detection System using AI and Machine Learning AlgorithmIRJET Journal
This document discusses using artificial intelligence and machine learning algorithms to develop an intrusion detection system (IDS). It begins with an abstract that outlines using AI to act as a virtual analyst to concurrently monitor network traffic and defend against threats. It then provides background on IDS and the need for more effective automated threat detection. The document discusses classifying attacks, different types of IDS (host-based and network-based), and detection methods like signature-based and anomaly-based. It aims to develop an IDS using machine learning algorithms that can learn patterns to provide automatic intrusion detection without extensive manual maintenance.
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logicijdpsjournal
This document summarizes a research paper on current studies of intrusion detection systems using genetic algorithms and fuzzy logic. The paper presents an overview of intrusion detection systems, including different techniques like misuse detection and anomaly detection. It discusses using genetic algorithms to generate fuzzy rules to characterize normal and abnormal network behavior in order to reduce false alarms. The paper also outlines the dataset, genetic algorithm approach, and use of fuzzy logic that are proposed for the intrusion detection system.
Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations take place. Tremendous growth and practice of internet raises concerns about how to protect and communicate the digital data in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms assist to identify these attacks. This main objective of this paper is to provide a complete study about the description of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, tasks and applications
Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations take place. Tremendous growth and practice of internet raises concerns about how to protect and communicate the digital data in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms assist to identify these attacks. This main objective of this paper is to provide a complete study about the description of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, tasks and applications
A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detectionijsrd.com
In today's interconnected world, one of pervasive issue is how to protect system from intrusion based security attacks. It is an important issue to detect the intrusion attacks for the security of network communication.Denial of Service (DoS) attacks is evolving continuously. These attacks make network resources unavailable for legitimate users which results in massive loss of data, resources and money.Significance of Intrusion detection system (IDS) in computer network security well proven. Intrusion Detection Systems (IDSs) have become an efficient defense tool against network attacks since they allow network administrator to detect policy violations. Mining approach can play very important role in developing intrusion detection system. Classification is identified as an important technique of data mining. This paper evaluates performance of well known classification algorithms for attack classification. The key ideas are to use data mining techniques efficiently for intrusion attack classification. To implement and measure the performance of our system we used the KDD99 benchmark dataset and obtained reasonable detection rate.
Survey on Host and Network Based Intrusion Detection SystemEswar Publications
With invent of new technologies and devices, Intrusion has become an area of concern because of security issues, in the ever growing area of cyber-attack. An intrusion detection system (IDS) is defined as a device or software application which monitors system or network activities for malicious activities or policy violations. It produces reports to a management station [1]. In this paper we are mainly focused on different IDS concepts based on Host and Network systems.
This document discusses securing healthcare networks against cyber attacks. It proposes using intrusion detection systems to continuously monitor networks, firewalls to ensure endpoint devices comply with security policies, and biometrics for identity-based network access control. This would help protect patient privacy by safeguarding electronic health records and enhancing the security of hospital networks. The growing adoption of electronic records and devices in healthcare has increased risks of attacks that could intercept patient data or take over entire hospital networks. Strong network security measures are needed to address these risks.
This document discusses network intrusion detection systems (NIDS) and their ability to handle high-speed traffic. It introduces NIDS and their role in monitoring network traffic. The document presents an experiment that tests the open-source NIDS Snort under high-volume traffic. The experiment shows that Snort drops more packets as traffic speed and volume increases, demonstrating a weakness of NIDS in high-speed environments. It suggests using a parallel NIDS technique to help NIDS better handle high-speed network traffic and reduce packet dropping.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Intrusion Detection System using Data MiningIRJET Journal
This document presents a proposed intrusion detection system using data mining techniques. It begins with an abstract that describes how internal intrusions are difficult to detect as internal users know the organization's information. It then discusses how anomaly detection can be used to create behavior profiles for each user and detect anomalous activities. The introduction provides background on intrusion detection systems and the need for more efficient and effective detection methods. It describes the proposed system which will use data mining techniques like k-means clustering to separate normal and abnormal network activities in order to detect internal attacks. It discusses the hardware and software requirements and specifications. Finally, it concludes that the proposed system can better detect anomalies in the network compared to other machine learning approaches.
Intrusion detection systems aim to detect unauthorized access or activity in a computer system or network. There are two main types: network-based systems monitor network traffic to detect intrusions, while host-based systems monitor operating system logs and files on individual computers. Effective intrusion detection requires an incident response team to assess damage from intrusions and prevent future vulnerabilities, as well as securely storing logs as potential evidence.
This document summarizes a proposed network attack alerting system that aims to reduce the large number of alerts generated by intrusion detection systems (IDS). The system uses both network-based and host-based IDS to detect attacks launched using the Backtrack attacking tools on a virtual network lab environment. Well-known open source security tools on the Security Onion Linux distribution are used to generate alerts. The system defines rules to identify important alert types and stores alerts in a database. It aims to eliminate redundant alerts for the same attack by analyzing attributes like source/destination IP and port. Alert severity levels are defined using threshold counts and times to classify alerts and help administrators respond appropriately.
This document summarizes a proposed network attack alerting system that aims to reduce redundant alerts from intrusion detection systems (IDS). The system uses both network-based and host-based IDS to detect attacks launched using the Backtrack penetration testing tool on a virtual network environment. Well-known open source IDS tools from the Security Onion distribution are used to generate alerts. The system builds a database of alerts and defines rules to eliminate duplicate alerts for the same attack based on attributes like source/destination IP and port. It also establishes a severity classification scheme using threshold values of alerts and time to help administrators prioritize responses.
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal1
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
This document proposes a hybrid architecture for a distributed intrusion detection system using multiple agents. The key aspects of the architecture include:
- Using multiple independent tracker agents that monitor hosts and generate reports sent to monitors and storage.
- Monitors analyze activity and compare to signatures to detect known attacks, or send data to anomaly detectors.
- Anomaly and misuse detectors use classification and pattern matching to detect known and unknown attacks.
- An inference module coordinates entities across hosts to classify new attacks using a knowledge base and signature generator.
- A countermeasure module alerts administrators and can take actions like dropping packets in response to detected attacks.
Similar to INTRUSION DETECTION SYSTEM USING CUSTOMIZED RULES FOR SNORT (20)
MULTIMODAL COURSE DESIGN AND IMPLEMENTATION USING LEML AND LMS FOR INSTRUCTIO...IJMIT JOURNAL
Traditionally, teaching has been centered around classroom delivery. However, the onslaught of the
COVID-19 pandemic has cultivated usage of technology, teaching, and learning methodologies for course
delivery. We investigate and describe different modes of course delivery that maintain the integrity of
teaching and learning. This paper answers to the research questions: 1) What course delivery method our
academic institutions use and why? 2) How can instructors validate the guidelines of the institutions? 3)
How courses should be taught to provide student learning outcomes? Using the Learning Environment
Modeling Language (LEML), we investigate the design and implementation of courses for delivery in the
following environments: face-to-face, online synchronous, asynchronous, hybrid, and hyflex. A good
course design and implementation are key components of instructional alignment. Furthermore, we
demonstrate how to design, implement, and deliver courses in synchronous, asynchronous, and hybrid
modes and describe our proposed enhancements to LEML.
Novel R&D Capabilities as a Response to ESG Risks-Lessons From Amazon’s Fusio...IJMIT JOURNAL
Environmental, Social, and Governance (ESG) management is essential for transforming corporate
financial performance-oriented business strategies into Finance (F) + ESG optimization strategies to
achieve the Sustainable Development Goals (SDGs).
In this trend, the rise of ESG risks has divided firms into two categories. Former incorporates a growthmindset that creates a passion for learning, and urges it to improve itself by endeavoring Research and
development (R&D) -driven challenges, while the other category, characterized by risk aversion, avoids
challenging highly uncertain R&D activities and seeks more manageable endeavors.
This duality underscores the complexity of corporate R&D strategies in addressing ESG risks and
necessitates the development of novel R&D capabilities for corporate R&D transformation strategies
towards F + ESG optimization.
International Journal of Managing Information Technology (IJMIT) ** WJCI IndexedIJMIT JOURNAL
The International Journal of Managing Information Technology (IJMIT) is a quarterly open access peer-reviewed journal that publishes articles that contribute new results in all areas of the strategic application of information technology (IT) in organizations. The journal focuses on innovative ideas and best practices in using IT to advance organizations – for-profit, non-profit, and governmental. The goal of this journal is to bring together researchers and practitioners from academia, government, and industry to focus on understanding both how to use IT to support the strategy and goals of the organization and to employ IT in new ways to foster greater collaboration, communication, and information sharing both within the organization and with its stakeholders. The International Journal of Managing Information Technology seeks to establish new collaborations, new best practices, and new theories in these areas.
International Journal of Managing Information Technology (IJMIT) ** WJCI IndexedIJMIT JOURNAL
The International Journal of Managing Information Technology (IJMIT) is a quarterly open access peer-reviewed journal that publishes articles that contribute new results in all areas of the strategic application of information technology (IT) in organizations. The journal focuses on innovative ideas and best practices in using IT to advance organizations – for-profit, non-profit, and governmental. The goal of this journal is to bring together researchers and practitioners from academia, government, and industry to focus on understanding both how to use IT to support the strategy and goals of the organization and to employ IT in new ways to foster greater collaboration, communication, and information sharing both within the organization and with its stakeholders. The International Journal of Managing Information Technology seeks to establish new collaborations, new best practices, and new theories in these areas.
NOVEL R & D CAPABILITIES AS A RESPONSE TO ESG RISKS- LESSONS FROM AMAZON’S FU...IJMIT JOURNAL
Environmental, Social, and Governance (ESG) management is essential for transforming corporate
financial performance-oriented business strategies into Finance (F) + ESG optimization strategies to
achieve the Sustainable Development Goals (SDGs).
In this trend, the rise of ESG risks has divided firms into two categories. Former incorporates a growthmindset that creates a passion for learning, and urges it to improve itself by endeavoring Research and
development (R&D) -driven challenges, while the other category, characterized by risk aversion, avoids
challenging highly uncertain R&D activities and seeks more manageable endeavors.
This duality underscores the complexity of corporate R&D strategies in addressing ESG risks and
necessitates the development of novel R&D capabilities for corporate R&D transformation strategies
towards F + ESG optimization.
Building on this premise, this paper conducts an empirical analysis, utilizing reliable firms data on ESG
risk and brand value, with a focus on 100 global R&D leader firms. It analyzes R&D and actions for ESG
risk mitigation, and assesses the development of new functions that fulfill F + ESG optimization through
R&D. The analysis also highlights the significance of network externality effects, with a specific focus on
Amazon, a leading R&D company, providing insights into the direction for transforming R&D strategies
towards F + ESG optimization.
The dynamics of stakeholder engagement in F + ESG optimization are indicated with the example of
amazon's activities. Through the analysis, it became evident that Amazon's capacity encompassing growth
and scalability, specifically its ability to grow and expand, is accelerating high-level research and
development by gaining the trust of stakeholders in the "synergy through R&D-driven ESG risk
mitigation."
Finally, as examples of these initiatives, the paper discussed the Climate Pledge led by Amazon and the
transformation of Japan's management system.
A REVIEW OF STOCK TREND PREDICTION WITH COMBINATION OF EFFECTIVE MULTI TECHNI...IJMIT JOURNAL
It is important for investors to understand stock trends and market conditions before trading stocks. Both
these capabilities are very important for an investor in order to obtain maximized profit and minimized
losses. Without this capability, investors will suffer losses due to their ignorance regarding stock trends
and market conditions. Technical analysis helps to understand stock prices behavior with regards to past
trends, the signals given by indicators and the major turning points of the market price. This paper reviews
the stock trend predictions with a combination of the effective multi technical indicator strategy to increase
investment performance by taking into account the global performance and the proposed combination of
effective multi technical indicator strategy model.
Artificial Intelligence (AI) has rapidly become a critical technology for businesses seeking to improve
efficiency and profitability. One area where AI is proving particularly impactful is in service operations
management, where it is used to create AI-powered service operations (AIServiceOps) that deliver highvalue services to customers. AIServiceOps involve the use of AI to automate and optimize various business
processes, such as customer service, sales, marketing, and supply chain management. The rapid
development of Artificial Intelligence has prompted many changes in the field of Information Technology
(IT) Service Operations. IT Service Operations are driven by AI, i.e., AIServiceOps. AI has empowered
new vitality and addressed many challenges in IT Service Operations. However, there is a literature gap on
the Business Value Impact of Artificial intelligence (AI) Powered IT Service Operations. It can help IT
build optimized business resilience by creating value in complex and ever-changing environments as
product organizations move faster than IT can handle. So, this research paper examines how AIServiceOps
creates business value and sustainability, basically how AIServiceOps makes the IT staff liberation from a
low-level, repetitive workout and traditional IT practices for a continuously optimized process. One of the
research objectives is to compare Traditional IT Service Operations with AIServiceOPs. This paper
provides the basis for how enterprises can evaluate AIServiceOps and consider it a digital transformation
tool. The paper presents a case study of a company that implemented AI-powered service operations
(AIServiceOps) and analyzes the resulting business outcomes. The study shows that AIServiceOps can
significantly improve service delivery, reduce response times, and increase customer satisfaction.
Furthermore, it demonstrates how AIServiceOps can deliver substantial cost savings, such as reducing
labor costs and minimizing downtime.
MEDIATING AND MODERATING FACTORS AFFECTING READINESS TO IOT APPLICATIONS: THE...IJMIT JOURNAL
Although IOT seems to be the upcoming trend, it is still in its infancy; especially in the banking industry.
There is a clear gap in literature, as only few studies identify factors affecting readiness to IOT
applications in banks in general, and almost negligible investigations on mediating and moderating
factors. Accordingly, this research aims to investigate the main factors that affect employees’ readiness to
IOT applications, while highlighting the mediating and moderating factors in the Egyptian banking sector.
The importance of Egypt stems from its high population and steady steps taken towards technology
adoption. 479 valid questionnaires were distributed over HR employees in banks. Data collected was
statistically analysed using Regression and SEM. Results showed a significant impact of ‘Security’,
‘Networking’, ‘Software Development’ and ‘Regulations’ on ‘readiness to IOT applications. Thus, the
readiness acceptance level is high‘Security’ and ‘User Intention’ were proven to mediate the relationship
between research variables and readiness to IOT applications, and only a partial moderation role was
proven for ‘Efficiency’. The study contributes to increasing literature on IOT applications in general, and
fills a gap on the Egyptian banking context in particular. Finally, it provides decision makers at banks with
useful guidelines on how to optimally promote IOT applications among employees.
EFFECTIVELY CONNECT ACQUIRED TECHNOLOGY TO INNOVATION OVER A LONG PERIODIJMIT JOURNAL
IT (Information and Communication Technology) companies are facing the dilemma of decreasing
productivity despite increasing research and development efforts. M&A (Merger and Acquisition) is being
considered as a breakthrough solution. From existing research, it has been pointed out that M&A leads to
the emergence of new innovations. Purpose of this study was to discuss the efficient ways of acquisition and
to resolve the dilemma of productivity decline by clarifying how the technology obtained through M&A
leads to the creation of new innovations. Hypothesis 1 was that the technology acquired through M&A is
utilized for innovation creation, Hypothesis 2 was that the acquired technology is utilized over a long
period of time, and Hypothesis 3 was that a long-term utilization has a positive impact on corporate
performance. The results, using sports prosthetics as a case study and using patents as a proxy variable,
confirmed all the hypotheses set. We have revealed that long-term utilization of technology obtained
through M&A is effective for creating new innovations.
International Journal of Managing Information Technology (IJMIT) ** WJCI IndexedIJMIT JOURNAL
The International Journal of Managing Information Technology (IJMIT) is a quarterly peer-reviewed journal that publishes articles on the strategic application of information technology in organizations from both academic and industry perspectives. The journal focuses on innovative uses of IT to support organizational goals and foster collaboration both within and outside organizations. It covers topics such as education technology, e-government, healthcare IT, mobile systems, and more. Authors are invited to submit original research papers for consideration through the journal's online submission system.
4th International Conference on Cloud, Big Data and IoT (CBIoT 2023)IJMIT JOURNAL
4th International Conference on Cloud, Big Data and IoT (CBIoT 2023) will act as a major forum for the presentation of innovative ideas, approaches, developments, and research projects in the areas of Cloud, Big Data and IoT. It will also serve to facilitate the exchange of information between researchers and industry professionals to discuss the latest issues and advancement in the area of Cloud, Big Data and IoT.
Authors are solicited to contribute to the conference by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in Cloud, Big Data and IoT.
TRANSFORMING SERVICE OPERATIONS WITH AI: A CASE FOR BUSINESS VALUEIJMIT JOURNAL
This document discusses how AI-powered service operations (AIServiceOps) can create business value through digital transformation. It begins with background on digital transformation and how AI is driving changes in IT service operations. It then examines how AIServiceOps can streamline processes, provide insights, and improve customer experience. A case study is presented showing how one company implemented AIServiceOps to significantly reduce response times, increase customer satisfaction, and lower costs. The document argues that AIServiceOps can deliver both quantifiable and flexible benefits while enhancing organizational resilience and sustainability over the long term.
DESIGNING A FRAMEWORK FOR ENHANCING THE ONLINE KNOWLEDGE-SHARING BEHAVIOR OF ...IJMIT JOURNAL
The main objective of this paper is to identify the factors that influence academic staff's digital knowledgesharing behaviors in Ethiopian higher education. A structural equation model was used to validate the
research framework using survey data from 210 respondents. The collected data has been analyzed using
Smart PLS software. The results of the study show that trust, self-motivation, and altruism are positively
related to attitude. Contrary to our expectations, knowledge technology negatively affects attitude.
However, reward systems and empowerment by leaders are significantly associated with knowledgesharing intentions.Knowledge-sharing intention, in turn, was significantly related to digital knowledgesharing behavior. The contributions of this study are twofold. The framework may serve as a roadmap for
future researchers and managers considering their strategy to enhance digital knowledge sharing in HEI.
The findings will benefit academic staff and university administrations.The study will also help academic
staff enhance their knowledge-sharing practices.
BUILDING RELIABLE CLOUD SYSTEMS THROUGH CHAOS ENGINEERINGIJMIT JOURNAL
Cloud computing systems need to be reliable so that they can be accessed and used for computing at any
given point in time. The complex nature of cloud systems is the motivation to conduct research in novel
ways of ensuring that cloud systems are built with reliability in mind. In building cloud systems, it is
expected that the cloud system will be able to deal with high demands and unexpected events that affect the
reliability and performance of the system.
In this paper, chaos engineering is considered a heuristic method that can be used to build reliable cloud
systems. Chaos engineering is aimed at exposing weaknesses in systems that are in production. Chaos
engineering will help identify system weaknesses and strengths when a system is exposed to unexpected
knocks and shocks while it is in production.
Chaos engineering allows system developers and administrators to get insights into how the cloud system
will behave when it is exposed to unexpected occurrences.
A REVIEW OF STOCK TREND PREDICTION WITH COMBINATION OF EFFECTIVE MULTI TECHNI...IJMIT JOURNAL
It is important for investors to understand stock trends and market conditions before trading stocks. Both
these capabilities are very important for an investor in order to obtain maximized profit and minimized
losses. Without this capability, investors will suffer losses due to their ignorance regarding stock trends
and market conditions. Technical analysis helps to understand stock prices behavior with regards to past
trends, the signals given by indicators and the major turning points of the market price. This paper reviews
the stock trend predictions with a combination of the effective multi technical indicator strategy to increase
investment performance by taking into account the global performance and the proposed combination of
effective multi technical indicator strategy model.
NETWORK MEDIA ATTENTION AND GREEN TECHNOLOGY INNOVATIONIJMIT JOURNAL
This paper will provide a novel empirical study for the relationship between network media attention and
green technology innovation and examine how network media attention can ease financing constraints. It
collected data from listed companies in China's heavy pollution industry and performed rigorous
regression analysis, in order to innovatively explore the environmental governance functions of the media.
It found that network media attention significantly promotes green technology innovation. By analyzing the
inner mechanism further, it found that network media attention can promote green innovation by easing
financing constraints. Besides, network media attention has a significant positive impact on green invention
patents while not affecting green utility model patents.
INCLUSIVE ENTREPRENEURSHIP IN HANDLING COMPETING INSTITUTIONAL LOGICS FOR DHI...IJMIT JOURNAL
Information System (IS) research advocates employing collaborative and loose coupling strategies to address contradictory issues to address diversified actors’ interests than the prescriptive and unilateral Information Technology (IT) governance mechanisms’, yet it is rarely depicting how managers employ these strategies in Health Information System (HIS) implementation, particularly in a resource-constrained setting where IS implementation activities have highly relied on multiple international organizations resources. This study explored how managers in resource-constrained settings employ collaborative IT governance mechanisms in the case of District Health Information System 2 (DHIS2) adoption with an interpretative case study approach and the institutional logic concept. The institutional logic concept was used to identify the major actors’ logics underpinning the DHIS2 adoption. The study depicted the importance of high-level officials' distance from the dominant systemic logic to consider new alternative, and to employ inclusive IT governance mechanisms which separated resource from the system that facilitated stakeholders’ collaboration in DHIS2 adoption based on their capacity and interest.
DEEP LEARNING APPROACH FOR EVENT MONITORING SYSTEMIJMIT JOURNAL
With an increasing number of extreme events and complexity, more alarms are being used to monitor
control rooms. Operators in the control rooms need to monitor and analyze these alarms to take suitable
actions to ensure the system’s stability and security. Security is the biggest concern in the modern world. It
is important to have a rigid surveillance that should guarantee protection from any sought of hazard.
Considering security, Closed Circuit TV (CCTV) cameras are being utilized for reconnaissance, but these
CCTV cameras require a person for supervision. As a human being, there can be a possibility to be tired
off in supervision at any point of time. So, we need a system to detect automatically. Thus, we came up with
a solution using YOLO V5. We have taken a data set and used robo-flow framework to enhance the existing
images into numerous variations where it will create a copy of grey scale image, a copy of its rotation and
a copy of its blurred version which will be used to get an enlarged data set. This work mainly focuses on
providing a secure environment using CCTV live footage as a source to detect the weapons. Using YOLO
algorithm, it divides an image from the video into grid system and each grid detects an object within itself
MULTIMODAL COURSE DESIGN AND IMPLEMENTATION USING LEML AND LMS FOR INSTRUCTIO...IJMIT JOURNAL
The document discusses course delivery modalities including face-to-face, online asynchronous, online synchronous, hybrid, and HyFlex. It investigates the design and implementation of courses using the Learning Environment Modeling Language (LEML) for different delivery environments. The authors describe their experience delivering courses at Southern University and A&M College and Baton Rouge Community College. They aim to answer questions about the course delivery methods used by their institutions and how to validate guidelines and ensure student learning outcomes.
Multimodal Course Design and Implementation using LEML and LMS for Instructio...IJMIT JOURNAL
Traditionally, teaching has been centered around classroom delivery. However, the onslaught of the
COVID-19 pandemic has cultivated usage of technology, teaching, and learning methodologies for course
delivery. We investigate and describe different modes of course delivery that maintain the integrity of
teaching and learning. This paper answers to the research questions: 1) What course delivery method our
academic institutions use and why? 2) How can instructors validate the guidelines of the institutions? 3)
How courses should be taught to provide student learning outcomes? Using the Learning Environment
Modeling Language (LEML), we investigate the design and implementation of courses for delivery in the
following environments: face-to-face, online synchronous, asynchronous, hybrid, and hyflex. A good
course design and implementation are key components of instructional alignment. Furthermore, we
demonstrate how to design, implement, and deliver courses in synchronous, asynchronous, and hybrid
modes and describe our proposed enhancements to LEML.
Unblocking The Main Thread - Solving ANRs and Frozen FramesSinan KOZAK
In the realm of Android development, the main thread is our stage, but too often, it becomes a battleground where performance issues arise, leading to ANRS, frozen frames, and sluggish Uls. As we strive for excellence in user experience, understanding and optimizing the main thread becomes essential to prevent these common perforrmance bottlenecks. We have strategies and best practices for keeping the main thread uncluttered. We'll examine the root causes of performance issues and techniques for monitoring and improving main thread health as wel as app performance. In this talk, participants will walk away with practical knowledge on enhancing app performance by mastering the main thread. We'll share proven approaches to eliminate real-life ANRS and frozen frames to build apps that deliver butter smooth experience.
In May 2024, globally renowned natural diamond crafting company Shree Ramkrishna Exports Pvt. Ltd. (SRK) became the first company in the world to achieve GNFZ’s final net zero certification for existing buildings, for its two two flagship crafting facilities SRK House and SRK Empire. Initially targeting 2030 to reach net zero, SRK joined forces with the Global Network for Zero (GNFZ) to accelerate its target to 2024 — a trailblazing achievement toward emissions elimination.
Social media management system project report.pdfKamal Acharya
The project "Social Media Platform in Object-Oriented Modeling" aims to design
and model a robust and scalable social media platform using object-oriented
modeling principles. In the age of digital communication, social media platforms
have become indispensable for connecting people, sharing content, and fostering
online communities. However, their complex nature requires meticulous planning
and organization.This project addresses the challenge of creating a feature-rich and
user-friendly social media platform by applying key object-oriented modeling
concepts. It entails the identification and definition of essential objects such as
"User," "Post," "Comment," and "Notification," each encapsulating specific
attributes and behaviors. Relationships between these objects, such as friendships,
content interactions, and notifications, are meticulously established.The project
emphasizes encapsulation to maintain data integrity, inheritance for shared behaviors
among objects, and polymorphism for flexible content handling. Use case diagrams
depict user interactions, while sequence diagrams showcase the flow of interactions
during critical scenarios. Class diagrams provide an overarching view of the system's
architecture, including classes, attributes, and methods .By undertaking this project,
we aim to create a modular, maintainable, and user-centric social media platform that
adheres to best practices in object-oriented modeling. Such a platform will offer users
a seamless and secure online social experience while facilitating future enhancements
and adaptability to changing user needs.
Online music portal management system project report.pdfKamal Acharya
The iMMS is a unique application that is synchronizing both user
experience and copyrights while providing services like online music
management, legal downloads, artists’ management. There are several
other applications available in the market that either provides some
specific services or large scale integrated solutions. Our product differs
from the rest in a way that we give more power to the users remaining
within the copyrights circle.
A brief introduction to quadcopter (drone) working. It provides an overview of flight stability, dynamics, general control system block diagram, and the electronic hardware.
A brand new catalog for the 2024 edition of IWISS. We have enriched our product range and have more innovations in electrician tools, plumbing tools, wire rope tools and banding tools. Let's explore together!
OCS Training Institute is pleased to co-operate with
a Global provider of Rig Inspection/Audits,
Commission-ing, Compliance & Acceptance as well as
& Engineering for Offshore Drilling Rigs, to deliver
Drilling Rig Inspec-tion Workshops (RIW) which
teaches the inspection & maintenance procedures
required to ensure equipment integrity. Candidates
learn to implement the relevant standards &
understand industry requirements so that they can
verify the condition of a rig’s equipment & improve
safety, thus reducing the number of accidents and
protecting the asset.
A vernier caliper is a precision instrument used to measure dimensions with high accuracy. It can measure internal and external dimensions, as well as depths.
Here is a detailed description of its parts and how to use it.
Response & Safe AI at Summer School of AI at IIITHIIIT Hyderabad
Talk covering Guardrails , Jailbreak, What is an alignment problem? RLHF, EU AI Act, Machine & Graph unlearning, Bias, Inconsistency, Probing, Interpretability, Bias
Software Engineering and Project Management - Introduction to Project ManagementPrakhyath Rai
Introduction to Project Management: Introduction, Project and Importance of Project Management, Contract Management, Activities Covered by Software Project Management, Plans, Methods and Methodologies, some ways of categorizing Software Projects, Stakeholders, Setting Objectives, Business Case, Project Success and Failure, Management and Management Control, Project Management life cycle, Traditional versus Modern Project Management Practices.
Conservation of Taksar through Economic RegenerationPriyankaKarn3
This was our 9th Sem Design Studio Project, introduced as Conservation of Taksar Bazar, Bhojpur, an ancient city famous for Taksar- Making Coins. Taksar Bazaar has a civilization of Newars shifted from Patan, with huge socio-economic and cultural significance having a settlement of about 300 years. But in the present scenario, Taksar Bazar has lost its charm and importance, due to various reasons like, migration, unemployment, shift of economic activities to Bhojpur and many more. The scenario was so pityful that when we went to make inventories, take survey and study the site, the people and the context, we barely found any youth of our age! Many houses were vacant, the earthquake devasted and ruined heritages.
Conservation of those heritages, ancient marvels,a nd history was in dire need, so we proposed the Conservation of Taksar through economic regeneration because the lack of economy was the main reason for the people to leave the settlement and the reason for the overall declination.
MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme MSBTE K Scheme
INTRUSION DETECTION SYSTEM USING CUSTOMIZED RULES FOR SNORT
1. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
DOI: 10.5121/ijmit.2023.15301 1
INTRUSION DETECTION SYSTEM USING
CUSTOMIZED RULES FOR SNORT
Manju1
, Shanmugasundaram Hariharan2
, M. Mahasree1
, Andraju Bhanu Prasad2
and H.Venkateswara Reddy2
1
Department of CSE, SRM Institute of Science and Technology, India
2
Department of CSE, Vardhaman College of Engineering Hyderabad, India
ABSTRACT
These days the security provided by the computer systems is a big issue as it always has the threats of
cyber-attacks like IP address spoofing, Denial of Service (DOS), token impersonation, etc. The security
provided by the blue team operations tends to be costly if done in large firms as a large number of systems
need to be protected against these attacks. This leads these firms to turn to less costly security
configurations like IDS Suricata and IDS Snort. The main theme of the project is to improve the services
provided by Snort which is a tool used in creating a vague defense against cyber-attacks like DDOS
attacks which are done on both physical and network layers. These attacks in turn result in loss of
extremely important data. The rules defined in this project will result in monitoring traffic, analyzing it,
and taking appropriate action to not only stop the attack but also locate its source IP address. This whole
process uses different tools other than Snort like Wireshark, Wazuh and Splunk. The product of this will
result in not only the detection of the attack but also the source IP address of the machine on which the
attack is initiated and completed. The end product of this research will result in sets of default rules for the
Snort tool which will not only be able to provide better security than its previous versions but also be able
to provide the user with the IP address of the attacker or the person conducting the attack. The system
involves the integration of Wazuh with Snort tool in order to make it more efficient than IDS Suricata
which is another intrusion detection system capable of detecting all these types of attacks as mentioned.
Splunk is another tool used in this project which increases the firewall efficiency to pass the no. of bits to
be scanned and the no. of bits scanned successfully. Wazuh is used in this system as it is the best choice for
traffic monitoring and incident response than any other of its alternatives in the market. Since this system
is used in firms which are known to handle big amounts of data and for this purpose, we use Splunk tool as
it is very efficient in handling big amounts of data. Wireshark is used in this system in order to give the IDS
automation in its capability to capture and report the malicious packets found during the network scan. All
of this gives the IDS a capability of a low budget automated threat detection system. This paper gives
complete guidelines for authors submitting papers for the AIRCC Journals.
KEYWORDS
Intrusion Detection System, Snort, Wireshark, Wazuh, Splunk, DDOS attack, Automation.
1. INTRODUCTION
The attacks faced today by the industry are known to have a disastrous effect on the data privacy
and security of the companies, which is an important part of patent infringement prevention and
employee data security [27]. The security provided by the big firms these days are effective in
most cases but they tend to be more and more costly day by day. This leaves the small budget
firms and companies unprotected or end up in trusting not suitable software systems. A solution
to this can be provided by using the solution provided in this paper which uses an appropriate
2. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
2
approach for protecting the data by alerting the customer by performing a basic blue team
operation scan. An Intrusion Detection System (IDS) is a system that monitors network traffic for
suspicious activity and issues alerts when such activity is discovered. It is a software application
that scans a network or a system for the harmful activity or policy breaching. Any malicious
venture or violation is normally reported either to an administrator or collected centrally using a
security information and event management (SIEM) system.
SIEM system integrates outputs from multiple sources and uses alarm filtering techniques to
differentiate malicious activity from false alarms. Although intrusion detection systems monitor
networks for potentially malicious activity, they are also disposed to false alarms [28, 29]. Hence,
organizations need to fine-tune their IDS products when they first install them. It means properly
setting up the intrusion detection systems to recognize what normal traffic on the network looks
like as compared to malicious activity. Intrusion prevention systems also monitor network
packets inbound the system to check the malicious activities involved in it and at once send the
warning notifications. Intrusion detection system (IDS), an influential approach, is primarily
implemented to detect abnormal activities in a target applications or computers. An IDS has two
main methods [1], signature-based detection and anomaly-based detection. Signature-based
detection is used to detect identified attacks using rule-based methods. Conversely, anomaly-
based detection is utilized to detect both the known and unknown attacks by learning their
behaviour. Intrusion prevention systems also monitor network packets inbound the system to
check the malicious activities involved in it and at once send the warning notifications.
2. RELATED WORK
The main reason for the project to be created in the first place is that IDS Snort, the already
existing version of the snort system, could not locate the IP address of the system attempting to
attack. The already existing IDS is also effective against these attacks, but the time taken by the
system to prevent damage from these attacks is much longer than the proposed system. The
original design consisted of firewalls which protect the system from external threats. Those are
two types, i.e., packet filtering router and application gateway [5]. Another type is a circuit-level
gateway which typically relays TCP packets. Basic web security, like access level security and
transaction level security, was also one of the core features of the existing design [4,5].
Issues in the existing system included training time which was a significant issue as setting up
earlier IDS required a lot of training and setup time. During this time, the system was vulnerable
as it needed the original security to be dismantled before setting up a new one [6]. Attack
identification was also a big concern as it took hours to identify a simple brute force attack which
was one of the low-level attacks.
In a recent study, cyber defence mechanism has become a more sophisticated and challenging
approach for accurately detecting intrusion detection [25]. Data confidentiality, integrity, and
availability need more attention and have been widely addressed in wireless-compatible networks
[23, 24]. Numerous intrusion approaches are widely surveyed in literature to tackle computer
security threats, which can be broadly classified into Signature-based Intrusion Detection
Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). This approach
discusses several review comparisons, dataset illustrations, workflow, and evaluation
mechanisms. The techniques widely investigated by attackers in detecting network traffic
analysis and future research challenges to counter such methods for making a secure approach
make the study attractive [21, 26].
Intrusion detection provides security not only for an individual entity but also for an organization
as a whole. Several exciting studies for intrusion detection exist. One such approach is the use of
3. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
3
the ontology approach. The work addresses the problems that handle syntax and semantics,
affecting the IDS system performance. SNORT rules were designed in a more challenging
manner, and such design supports SNORT rule verification using OWL ontology. The function is
to detect harmful traffic from the ontology design construed. The primary issue in this task would
be the design of efficient detection and SNORT rule specification [7].
Similar other approaches, which were expressive in creating rules, were not only trivial tasks,
especially for the self-defined rule but also needed to be more challenging in measuring the
complexity of the network creation process for network monitoring. The work presented in the
approach discusses a signature-based approach called Network Intrusion Detection Systems
(NIDS). Most systems were designed for something other than modern high-speed network
capability, which includes a choice for such high-speed networks, network flow-monitoring and
Internet Protocol Flow Information Export (IPFIX) definition standard. There exist no current
solutions that are even to handle payload in these flows. Recently, the concept of application
layer HTTP flow has been extended to improve the version of the IPFIX-based Signature-based
Intrusion Detection System (FIXIDS). The study measures the evaluation that could be of high
deal with four times higher network data rates without drops than Snort while maintaining the
same event detection rate. Furthermore, a substantial part of the data traffic can be outsourced to
Fixids so that Snort can be relieved of a significant portion of rules and traffic. This increases the
detection and data rates the overall security appliance can handle [24].
3. PROPOSED ARCHITECTURE
The architecture followed by the system is presented here and outlined in detail.
Figure 1. Proposed system architecture
Figure 1 shows why our approach is better than any other machine learning approach applied in
the system in the usual case as we reach the same result of alarm logging in the end without
allowing the project to make a leap for a high processor needing approach of machine learning
[26].
The step of preprocessor is the step where Wireshark will decide to make the approach to snort
tool in order for it to check for packet anomaly. The step of log file analysis is where our project
will be applying the tools wazuh and Splunk.
4. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
4
4. INTRUSION DETECTION SYSTEM USING CUSTOMIZED RULES FOR SNORT
The tools involved in the project include Wireshark, Snort, Wazuh and Splunk. Each tool needs
to be setup like the normal IDS configuration tool but the time taken to setup these tools is
comparatively very low on an Ideal system which means that it means the minimum requirement
for running it efficiently. For most of these tools there is no specific OS required but for Snort
tool to run the experiments related to this paper and research community rules were imported
which could be found on snort.org.
*Wireshark-This tool is very essential part of the whole IDS as it does for the system the basic
reconnaissance which detects the first crucial minutes of the attacks. Basically, what it does is, it
scans the traffic of the machine on which the scan is performed and each packet is scanned for
the time at which it made a transition, the type of security the communication channel is using
and the encryption it uses for the packet, the type of protocol used, the layer in which the
communication is taking place. All of this is done in real time as each packet passes through the
scan.
Figure 2. Wireshark tool showing packet configuration
The black highlighted packet in the Figure 2 is a suspicious packet as the tool has found an
anomaly in the packet. Grey highlighted packet shown in the image is an analyzed packet in
which the anomaly is found and dealt with. This shows a silent feature of the tool which is very
helpful in our case and is one of the main reasons for using this tool which is that is automatically
moves onto the next packet analyzation after completing the action on one packet.
*Snort-This is the most important tool of our setup as it is responsible for incident response for
the attack and also helps with the blue team effort for the first line of defense against the attack. It
consists of rules which are divided into different categories such as community rules, user
defined rules and etc. Out of these, community rules include most of the rules required for
avoiding most of the attacks but most of the time due to large number of rules it takes a long time
to analyze a single packet and during this time the attack has already caused damage to the
system. For this reason, we are creating a particular rule set which decreases the time taken by the
5. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
5
IDS to analyze and take action regarding the packet. This is far more efficient for basic attacks
like brute force attack and phishing attack.
Figure 3. Rulesets
In the Figure 3 multiple rule sets for different servers are shown this is also another feature of
snort that the rules can be defined for a particular section at a time which increases the time
efficiency of the system. We can also add additional rule set by using “ipvar <name of the server
to be applied to> $HOME_NET” command. Then comes the permissions provided by the user to
the tool in order to protect the sections for privacy protection. As we know that there are read,
write and execute permissions for the tools to be used for the files. This file permission is the
tricky part for the configurations as it depends on user how much access he/she wants to give to
the tool.
Figure 4. Configuration Settings
6. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
6
Figure 4 shows the different configurations done to the tool permissions in order to give the tool
access to operate freely on the desired files. There can be different set of permissions to different
sets of files depending on the user. Another benefit of using this tool is that it acts as a wall
between any communication to the server and an external connection as shown in figure 5
Figure 5. Snort framework
Then comes the part of exclusion of rules which can be done easily by giving the system the
serial no. of the rules to be excluded. For example: If we want to disable rules from 578 to 696
which is set of rules for checking the admin access for the downloads folder for the system then
we need to type “578,696s/^/#” and the rules for that part will be excluded as shown in Figure 6.
Figure 6. Exclusion of rules
Finally, the system will give a check of the rules applied to the system and give the details
regarding which ones have been violated, which rules have found an anomaly in the system, files
which are out of order and the packet which was received was a malicious one or not (presented
in Figure 7). This all information is given in a single report format.
7. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
7
Figure 7. Identification of malicious packet
After this we come to designing of rule sets of our own which is a process that might differ from
user not user as they not only design the rules but also check for violations with other rules. There
is a format in which the rules need to be designed which is shown in Figure 8.
Figure. 8 Proposed rule format
After the rule has been designed it is really hard to check for the violations that this rule has with
other existing rules which can be checked while applying those to the system. For the ease of
creating the rules and checking them at the same time we used Snorpy tool, as shown in figure 9,
which is easy to use as well as customization of the rules is also done a lot faster than the normal
speed.
Figure 9. Snorpy tool for checking rules
8. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
8
Snorpy tool has different protocols to customize from along with each field defined clearly for
rule generation and the final rule is shown in the base box for finally checking the rule before it is
applied. After the rules has been created, we need to insert it which can be done by addition
process of rules in snort tool which is given as screenshot in Figure 10.
Figure 10. Addition of rules.
In the final hierarchy snort is placed along with the IDS in the following place, as depicted in
figure 11., i.e., behind the firewall as it will be looking at traffic and anomaly after it has passed
through the firewall protection.
Figure 11. Position of Snort with IDS
The rules created as the result of this process are:
Figure 12. Result of Snort placement – detection of attacks
9. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
9
These rules operate in the TCP and ICMP layer of the OSI model, will look for ICMP ping
attack, SSH authentication attempt and FTP authentication attempt. The messages for detecting
each of these attacks will also be displayed as shown in Figure 12. As for the results for
attempting the attack and seeing if this works or not are also recorded in Figure 13.
Figure 13. Attempts on breaking the system
Figure 14 shown is the result after attempting to attack by ICMP ping impersonation method.
Figure 14. Result of attempting the attacks
This image shows a SSH authentication attempt on the system which is one of the basic steps of
brute force attacks.
*Wazuh-This tool is used for checking for other attacks as it looks out for the session time outs
and other attacks like ping impersonation which cannot be detected by using only snort tool. It is
shown in Figure 15.
Figure 15. Checking for impersonation using Wazuh tool
It has the role of granting permission to the snort tool and detecting the level of security breach
faced by the system which is described in Figure 16.
10. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
10
Figure 16. Granting permission to snort tool
It works in a report-based format as it gives report on the damage faced by the files, and level of
vulnerability that the system has at the time (as presented in Figure 17).
Figure 17. Vulnerability report generation
The image if from the time when the system detected the attack and labeled the critical threat
level. As far as ping detection goes it can be customized in the base code in the following method
as in Figure 18 and the system will show the detection if it finds an anomaly as shown in Figure
19.
Figure 18. Labeling the critical threat level with time
Figure 19. Anomaly detection
11. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
11
*Splunk-This tool is responsible for interpreting the result given by Snort tool and giving it in a
report format. It is essential as the result given by snort rules is not in human readable format as
highlighted in figure 20.
Figure 20. Report Generation using Splunk tool
This result given by Snort and Wazuh integrating is then easily interpreted by Splunk and given
in the format readable by us humans i.e. in Figure 21.
Figure 21. Result of Snort and Wazuh integration
Finally, the report of the attack is given by Splunk in the following report format as shown in
figure 22.
Figure 22. Report about attacks by Splunk
12. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
12
It gives us a side advantage of graph which helps us understand better the whole timeline of
events which makes incident response with our system better than any other on the market
already present.
5. CONCLUSION AND FUTURE WORK
The final conclusion drawn from the project is that the IDS system is a vast field and there is a
scope for a lot of approaches in the field. Our system eliminated the need for a machine learning
algorithm for basic attacks like brute force attack, token impersonation attack, ssh privilege
escalation attack. These attacks don’t require a lot of effort which is put by other high-level
algorithms that use machine learning as they could be handled in a matter of few hours than a
whole 7 to 8 hours. This project is not a method or approach of trying to remove focus from
developing those machine learning projects but is a quicker way of handling small scale attacks
than so that those large-scale algorithms could be put up to use in other large-scale attacks which
cannot be solved by our system.
The IDS used a whole of 4 tools which are Wireshark, Snort, Wazuh and Splunk. Out of these
Wireshark produced the result of initial reconnaissance by analyzing the traffic and reporting on
the malicious packet. Snort used the set of rules from the user and the community section to find
the anomaly in the packet given by Wireshark. Side by side snort is integrated with wazuh for
checking ping impersonation attempts which might slow snort operations and also allows snort
permissions to conduct changes in the packet. Then after analyzing the result wazuh adds its
results to snort report and gives a human unreadable result. This result is then sent to Splunk
which analyzes it and gives a human readable result along with the incident report which was
generated from the result.The whole process took a time of 5 hours which is a lot less than any
known algorithm in the market. The usual time taken by the process is 7 to 8 hours which gives
our method a total of approximately 3 hours of advantage which is helpful in incident response.
ACKNOWLEDGEMENTS
The authors would like to thank anonymous reviewers for their valuable comments.
REFERENCES
[1] D. Fadhilah and M. Ihsan Marzuki, et al. (2020), Performance Analysis of IDS Snort and IDS
Suricata with Many-Core Processor in Virtual Machines Against Dos/DDoS Attacks, 2020 2nd
International Conference on Broadband Communications, Wireless Sensors and Powering (BCWSP)
[2] R. Abubakar, A. Aldegheishem, et al. (2020), An Effective Mechanism to Mitigate Real-Time
DDoS Attack, IEEE Access (Volume: 8)
[3] SanatSarada, Roland Rieke (2022) Decision Tree-Based Rule Derivation for Intrusion Detection in
Safety-Critical Automotive Systems
[4] PavolZavarsky (2020) Deep Packet Inspection in Industrial Automation Control System to Mitigate
Attacks Exploiting Modbus/TCP Vulnerabilities
[5] Denis Atanasov, KirilKassive (2020), Intrusion Detection System Model Implementation against
DDOS attacks
[6] Raja Majid Ali Ujjan, KeshavDahal (2020), Snort-Based Collaborative Intrusion Detection System
Using Blockchain in SDN
[7] A. Khurat and W. Sawangphol, "An Ontology for SNORT Rule," 2019 16th International Joint
Conference on Computer Science and Software Engineering (JCSSE), Chonburi, Thailand, 2019,
pp. 49-55, doi: 10.1109/JCSSE.2019.8864190.
[8] Imran Shafi, Atif Ali (2020), Performance Enhancement of Snort IDS through Kernel Modification
[9] Ravi Shankar, Aman Singh (2022), Analysis of Network Attacks at Data Link Layer and its
Mitigation
13. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
13
[10] H. Premkumar and A. P Patil (2022), JARVIS, An Intelligent Network Intrusion Detection and
Prevention System
[11] A. Alsaleh and W. Binsaeedan, “The Influence of Salp Swarm Algorithm-Based Feature Selection
on Network Anomaly Intrusion Detection”,Journal of Network Security, Aug 2021
[12] G. Pu, L.Wang, J. Shen and F. Dong, “A Hybrid Unsupervised Clustering-Based Anomaly
Detection Method”, April 2021.
[13] A.Mezina, R. Burget and C. M. T. Conzalez, “Network Anomaly Detection with Temporal
Convolutional Network and U-Net Model”, Journal of Signals and Communication, Oct 2021.
[14] B. Adhi Tama and L. Nkenyereye, “An Enhanced Anomaly Detection in Web Traffic Using a Stack
of Classifier Ensemble”, 2020.
[15] D. Fadhilah and M. I. Marzuki, "Performance Analysis of IDS Snort and IDS Suricata with Many-
Core Processor in Virtual Machines Against Dos/DDoS Attacks," 2020 2nd International
Conference on Broadband Communications, Wireless Sensors and Powering (BCWSP),
Yogyakarta, Indonesia, 2020, pp. 157-162, doi: 10.1109/BCWSP50066.2020.9249449.
[16] E. Tufan, C. Tezcan and C. Acartürk, “Anomaly-Based Intrusion Detection by Machine Learning: A
Case Study on Probing Attacks to an Institutional Network”, IEEE Access, 2021.
[17] W. Alhakami, A. Alharbi, S. Bourouis, R.Alroobaea and N. Bouguila, “Network Anomaly Intrusion
Detection Using a Nonparametric Bayesian Approach and Feature Selection”, January 2019
[18] I. A. Khan, D. Pi, Z. U. Khan, Y. Hussain and A. Nawaz, “HML-IDS: A Hybrid-Multilevel
Anomaly Prediction Approach for Intrusion Detection in SCADA Systems”, IEEE Access, July
2019.
[19] Y. He and J. Zhao, “Temporal Convolutional Networks for Anomaly Detection in Time Series”,
Journal of Physics Conference Series”, June 2019.
[20] A. A. Tama and L. Nkenyeyeye , “An Enhanced Anomaly Detection in Web Traffic Using a Stack
of Classifier Ensemble”, Feb 2020.
[21] A. Khraisat, I. Gondal and P. Vamplew et al, “Survey of intrusion detection systems: techniques,
datasets and challenges”, (2019). https://doi.org/10.1186/s42400-019-0038-7.
[22] Z. Zhou, Z. Chen, T. Zhou and X. Guan, "The study on network intrusion detection system of
Snort," 2010 International Conference on Networking and Digital Society, Wenzhou, China, 2010,
pp. 194-196, doi: 10.1109/ICNDS.2010.5479341.
[23] T. Chand and B. Sharma, “HRCCTP: a hybrid reliable and congestion control transport protocol for
wireless sensor networks”, IEEE sensors, pp. 1-4, 2015.
[24] R. Dogra, S. Rani, B Sharma and S. Verma, “Essence of scalability in wireless sensor network for
smart city applications”, In IOP Conference Series: Materials Science and Engineering, vol. 1022,
No. 1, p. 012094). IOP Publishing, 2021.
[25] S. Srujana, P. Sreeja, G. Swetha and H. Shanmugasundaram, "Cutting Edge Technologies for
Improved Cybersecurity Model: A Survey," 2022 International Conference on Applied Artificial
Intelligence and Computing (ICAAIC), Salem, India, 2022, pp. 1392-1396, doi:
10.1109/ICAAIC53929.2022.9793228.
[26] D. Dhanalakshmi, N. D. Rani, K. Pendam, S. Hariharan, V. Kukreja and P. Jayakshata, "Machine
Learning based Intelligent Cyberbullying Avoidance System," 2023 International Conference on
Sustainable Computing and Smart Systems (ICSCSS), Coimbatore, India, 2023, pp. 1594-1597, doi:
10.1109/ICSCSS57650.2023.10169376.
[27] B. N, P. K, M. S, H. S, V. K. M and V. MRM, "A Novel Framework for Cyber Security Attacks on
Cloud-Based Services," 2022 Fourth International Conference on Cognitive Computing and
Information Processing (CCIP), Bengaluru, India, 2022, pp. 1-4, doi:
10.1109/CCIP57447.2022.10058673.
[28] A.H. Wheeb, “Performance Analysis of VoIP in Wireless Networks,” International Journal of
Computer Networks and Wireless Communications (IJCNWC), vol. 7, no. 4, pp. 1-5, 2017.
[29] D. N. Kanellopoulos and A. H. Wheeb, “Simulated Performance of TFRC, DCCP, SCTP, and UDP
Protocols Over Wired Networks,” Int. J. Interdiscip. Telecommun. Netw., vol. 12, no. 4, pp. 88–103,
2020, doi: 10.4018/ijitn.2020100107.
14. International Journal of Managing Information Technology (IJMIT) Vol.15, No.3, August 2023
14
AUTHORS
Dr. A. Manju is working as Assistant Professor in the Department of CSE at SRMIST,
Ramapuram campus. She holds a Ph. D degree in the field of Computer Vision and
Video Analytics from Saveetha Institute of Medical and Technical Sciences (SIMATS)
since 2022. She has 16 years of teaching experience with good programming skills. She
is a certified EMC Academic Associate in Data Science & Big Data Analytics and also
certified in various courses from Coursera and NPTEL. She has published articles in
National and International Journals, Conferences and Symposiums.
Dr. S. Hariharan received his B.E degree specialized in Computer Science and
Engineering from Madurai Kammaraj University, Madurai, India in 2002, M.E degree
specialized in the field of Computer Science and Engineering from Anna University,
Chennai, India in 2004 and Ph.D degree in the area of Information Retrieval from Anna
University, Chennai, India in the year 2010. He is a Senior member of IEEE and member
of several other professional societies. He has 19 years of experience in teaching.
Currently he is working as Professor in Department of Computer Science and
Engineering, Vardhaman College of Engineering, Hyderabad, India. His research interests include
Information Retrieval, Data mining, Opinion Mining, Web mining. He has to his credit several papers in
referred journals and conferences. He also serves as editorial board member and as program committee
member for several international journals and conferences.
Dr. M. Mahasree is working as Assistant Professor in the Department of CSE at
SRMIST, Ramapuram campus. She holds a Ph.D degree in Computer Science and
Engineering from Annamalai University since 2022. She has completed several certified
courses from NPTEL. She has presented papers in National and International
Conferences. She also has published articles, book chapters in International Journals. Her
area of research includes computer vision, data security and deep learning
Andraju Bhanu Prasad M.E (CSE) from Sathyabama University, Chennai, B.Tech
(CSE) from SVCET JNTUH, Hyderabad. Having 17 years of experience in Academics
and currently he is an Associate Professor at Vardhaman College of Engineering,
Hyderabad, research areas are Data science, Machine Learning and Deep Learning.
Currenlty he is pursuing his doctoral degree in the area of machine learnig. He has
published several research articles in refereed journals and conferences. He also authored
two books in the cybersecurity and big data.
Dr. H. Venkateswara Reddy is a Doctoral Fellow from JNTUH, Hyderabad, India and
working at this institute since 2002 at various capacities as Professor and Head of the
Department of CSE at present doing the services as Control of the Examinations. Worked
as deeper investigation of Study on Rough Sets Theory. He has published more than 35
research articles in international and national journals and conferences, one Indian patent
got published titled as “Face Detection and Recognition using SVM and HOT
Technologies” and handled two DST projects. He is also a Principle Investigator of a
research project approved by DST is carrying out in the field of Cognitive science with the title
“Understanding Bisociation capabilities in Indian engineering students” amount of 31 lackhs and my
second DST project titled as “Rural Women Technological Park” worked as a co-investigator. Currently
he is guiding Ph.D Research Scholars affiliated to JNTUH and Annamalai University.