Spartan: Stateful network intrusion prevention system
Security tools that exist today are anti-virus, anti-spyware and firewall systems. However, given these tools, security breaches still happen. Improvements are made through the development of Network Intrusion Prevention Systems (NIPS). NIPS provides a new way of detection through logging traffic an...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Animo Repository
2010
|
| Subjects: | |
| Online Access: | https://animorepository.dlsu.edu.ph/etd_bachelors/14655 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | De La Salle University |
| Language: | English |
| Summary: | Security tools that exist today are anti-virus, anti-spyware and firewall systems. However, given these tools, security breaches still happen. Improvements are made through the development of Network Intrusion Prevention Systems (NIPS). NIPS provides a new way of detection through logging traffic and analyzing its content. Based on the generated result, it tries to block and prevent attacks that are detected from happening again. NIPS is categorized into two types based on its detection method, either Signature-based or Behavioral-based. This study focuses on Behavioral-based NIPS that identifies malicious threats and activities by applying statistical measures and artificial intelligence to compare the current network flow against the historical knowledge of network utilization. This study focuses on the development of NIPS that uses algorithms that makes rule analysis efficient and can do stateful packet inspection. To quantify the efficiency, the system is tested by deploying it with and without rule summarization and determines whether it reduced network latency. Stateful Packet Inspection test were done to detect packers in the same session. Specifically, the system is able to observe and record network behavior. It also analyzes the packets base on its normal rates. The system prevents attacks with comparison to the normal network baseline and decides whether to allow or to drop it. |
|---|