Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Assessment of Snort Intrusion Prevention System in Virtual Environment Against DoS and DDoS Attacks: An empirical evaluation between source mode and destination mode
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
2017 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Context. Cloud computing (CC) is developed as a Human-centered computing model to facilitate its users to access resources anywhere on the globe. The resources can be shared among any cloud user which mainly questions the security in cloud computing. There are Denial of Service and Distributed Denial of Service attacks which are generated by the attackers to challenge the security of CC. The Next-Generation Intrusion Prevention Systems (sometimes referred as Non-Traditional Intrusion Prevention Systems (NGIPS) are being used as a measure to protect users against these attacks. This research is concerned with the NGIPS techniques that are implemented in the cloud computing environment and their evaluation.

Objectives. In this study, the main objective is to investigate the existing techniques of the NGIPS that can be deployed in the cloud environment and to provide an empirical comparison of source mode and destination mode in Snort IPS technique based on the metrics used for evaluation of the IPS systems.

Methods. In this study, a systematic literature review is used to identify the existing NGIPS techniques. The library databases used to search the literature are Inspec, IEEE Xplore, ACM Digital Library, Wiley, Scopus and Google scholar. The articles are selected based on an inclusion and exclusion criteria. The experiment is selected as a research method for the empirical comparison of Source mode and destination mode of Snort NGIPS found through literature review. The testbed is designed and implemented with the Snort filter techniques deployed in the virtual machine.

Results. Snort is one of the mostly used NGIPS against DoS and DDoS attacks in the cloud environment. Some common metrics used for evaluating the NGIPS techniques are CPU load, Memory usage, bandwidth availability, throughput, true positive rate, false positive rate, true negative rate, false negative rate, and accuracy. From the experiment, it was found that Destination mode performs better than source mode in Snort. When compared with the CPU load, Bandwidth, Latency, Memory Utilization and rate of packet loss metrics.

Conclusions. It was concluded that many NGIPS of the cloud computing model are related to each other and use similar techniques to prevent the DoS and DDoS attacks. The author also concludes that using of source based and destination based intrusion detection modes in Snort has some difference in the performance measures.

Place, publisher, year, edition, pages
2017. , 73 p.
Keyword [en]
Intrusion Prevention Systems, cloud computing, snort, source mode, destination mode.
National Category
Computer Science
Identifiers
URN: urn:nbn:se:bth-14056OAI: oai:DiVA.org:bth-14056DiVA: diva2:1085340
Subject / course
DV2566 Master's Thesis (120 credits) in Computer Science
Educational program
DVAXA Master of Science Programme in Computer Science
Presentation
2017-01-23, J1620, 13:00 (English)
Supervisors
Examiners
Available from: 2017-03-29 Created: 2017-03-28 Last updated: 2017-03-29Bibliographically approved

Open Access in DiVA

fulltext(1470 kB)143 downloads
File information
File name FULLTEXT02.pdfFile size 1470 kBChecksum SHA-512
dfe53219164aadea6c42fbd038020f35a7c5093c5842557d6cf5551644c5315492d7a4510e04a8a2be58ddce99dcdbdddcf3dddb60d60881f8517032a8297e52
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Ivvala, Avinash Kiran
By organisation
Department of Computer Science and Engineering
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 143 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 1260 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf