Call for Paper - January 2024 Edition
IJCA solicits original research papers for the January 2024 Edition. Last date of manuscript submission is December 20, 2023. Read More

A Graphical User Interface Framework for detecting Intrusions using Bro IDS

Print
PDF
International Journal of Computer Applications
© 2012 by IJCA Journal
Volume 55 - Number 13
Year of Publication: 2012
Authors:
Shaffali Gupta
Rachit Goel
10.5120/8813-2409

Shaffali Gupta and Rachit Goel. Article: A Graphical User Interface Framework for detecting Intrusions using Bro IDS. International Journal of Computer Applications 55(13):7-12, October 2012. Full text available. BibTeX

@article{key:article,
	author = {Shaffali Gupta and Rachit Goel},
	title = {Article: A Graphical User Interface Framework for detecting Intrusions using Bro IDS},
	journal = {International Journal of Computer Applications},
	year = {2012},
	volume = {55},
	number = {13},
	pages = {7-12},
	month = {October},
	note = {Full text available}
}

Abstract

Internet has transformed and greatly improved the way we do business, the network and its associated technologies have opened the door to an increasing number of threats from which corporations must protect them. To protect the network, Network Security is needed. To make network secure, an Intrusion Detection System is needed. An intrusion is used to monitor network traffic, check for suspicious activities and notifies the system or network administrator. Many open source tools are available for detecting intrusions in a network. Most common of these are Snort and Bro . In this paper, the main emphasis will be to explore Bro. However, based upon CPU utilization and memory constraints, performance analysis of Bro and Snort is done. Taking a closer look at open source Network Intrusion Detection System, there is a very powerful open source system that is termed as Bro. It passively monitors network traffic and looks for suspicious activity by comparing network traffic against scripts. In this paper, various policy scripts written in Bro language to filter out the network traffic will be discussed. Also, a Graphical Interface called Bro GUI Framework is designed to automate the creation and run of the policy scripts.

References

  • Forrest S. , Homeyr S. and Sommayaji A. , "Computer Immunology", Communications of the ACM, vol. 40, no. 10, pp. 88- 96, October 1997.
  • Paxson V. , "Bro: A System for Detecting Network Intruders in Real-Time", in Proceedings of 7th USENIX Security Symposium, pp. 2435-2463, December 1999.
  • Sommer R. , "BRO: An Open Source Network Intrusion Detection System", in Security, E-Learning, E-Services, 17 DFN- Arbeitstagung uber Kommunikationsnetze, vol. 44, Dusseldorf, Germany: Gesellschaft fur Informatik (GI), 2004, pp. 273-288
  • Sommer R. , Slides on the Bro Network Intrusion Detection System, Lawrence Berkeley National Laboratory, Berkeley, CA, 2009.
  • Allman E. , Shapiro G. N. and Assmann C. , "Sendmail Installation and Operation guide", US Patent 6865671, 6986037, October 2001.
  • Hypertext Transfer Protocol, Available at: http://en. wikipedia. org/wiki/ Hypertext_Transfer_Protocol.
  • Transmission Control Protocol, Available at: http:en. wikipedia. org/wiki/Transmission_Control_Protocol
  • Natarajan R. (2010). 7 Steps for Linux vsftpd Install, Configuration, Users Setup [Online]. Available at: http://www. thegeekstuff. com/2010/11/vsftpd- setup. .