COMPARISON OF SOFTWARE AND HARDWARE BASED INTRUSION PREVENTION SYSTEMS

Öz

In this study, attacks in three different scenarios were organized by Nmap and Hping3 tools on the virtual Kali server to physical servers running two software-based, open source Intrusion Prevention Systems (IPS-A and IPS-B) and one hardware-based, closed-source Intrusion Prevention System (IPS-C). Although the software-based IPS-A has high packet capture performances, it has been observed that the detection/alarm results are below the average. Although the hardware-based IPS-C is an optimized appliance to put a minimum load on the processor, the detection/alarm figures are at very low levels. In this paper, it has been observed that the IPS-B which is the other software-based Intrusion Prevention System, has a processor usage of 100% but it has reached a far ahead result with very high analysis and detection/alarm performance. In this study, in all the scenarios, four different packet numbers and about twenty parameters were applied to all three IPSs that packet capture performance is quite high and 100%. All three IPSs achieved 100% detection results in attacks where a small number of packets were sent.

Anahtar Kelimeler

• Intrusion Prevention Systems. Security. Network. Comparison. Software. Hardware.

Kaynakça

1. 1. Li H. and Liu D., "Research on intelligent intrusion prevention system based on snort", International Conference on Computer, Mechatronics, Control and Electronic Engineering, Pages 251-253, 2010.
2. 2. Innella P., "The evolution of intrusion detection systems," Tetrad Digital Integrity, Pages 1-15, 2001.
3. 3. Hicham Z., Ahmed T., Rachid L., and Noureddin I., "Evaluating and comparison of intrusion in mobile ad hoc networks," International Journal of Distributed and Parallel Systems, Vol. 3, Page 243, 2012.
4. 4. Gunasekaran S., "Comparison of network intrusion detection systems in cloud computing environment", International Conference on Computer Communication and Informatics, Pages 1-6, 2012.
5. 5. Albin E. and Rowe N. C., "A realistic experimental comparison of the Suricata and Snort intrusion-detection systems", 26th International Conference on Advanced Information Networking and Applications Workshops, Pages 122-127, 2012.
6. 6. Kacha C. and Shevade K. A., "Comparison of different intrusion detection and prevention systems," International Journal of Emerging Technology and Advanced Engineering, Vol. 2, Pages 243-245, 2012.
7. 7. Park W. and Ahn S., "Performance comparison and detection analysis in snort and suricata environment," Wireless Personal Communications, Vol. 94,Pages 241-252, 2017.
8. 8. Shah S. A. R. and Issac B., "Performance comparison of intrusion detection systems and application of machine learning to Snort system," Future Generation Computer Systems, Vol. 80, Pages 157-170, 2018.

9. 9. Baykara M. and Resul D., "Saldırı tespit ve engelleme araçlarının incelenmesi," Dicle Üniversitesi Mühendislik Fakültesi Mühendislik Dergisi, Cilt 10, Sayfa 57-75, 2019.
10. 10. Beale J. , "Snort 2.1 Intrusion Detection", Syngress, MA, USA, 2004.
11. 11. Elmubarak M., Karrar A., and Hassan N., "Implementation Hybrid (NIDS) System using Anomaly Holt-winter Algorithm and Signature based Scheme," 2019.
12. 12. Roesch M., "Snort: Lightweight intrusion detection for networks", Lisa, Pages 229-238, 1999.
13. 13. Bukac V., "IDS system evasion techniques," Master. Masarykova Univerzita, 2010.
14. 14. Stiawan D., Abdullah A. H., and Idris M. Y., "The trends of intrusion prevention system network," in 2nd International Conference on Education Technology and Computer, Pages V4-217-V4-221, 2010.
15. 15. Wang Y., Meng W., Li W., Li J., Liu W.-X., and Xiang Y., "A fog-based privacy-preserving approach for distributed signature-based intrusion detection," Journal of Parallel and Distributed Computing, Vol. 122, Pages 26-35, 2018.
16. 16. Ersoy M. and Emik M. H., "Akış Tabanlı IP Ağlarda Ağ Trafiği Üzerinde Yapay Sinir Ağı Kullanılarak SYN Seli Saldırılarının Tespiti", Uluslararası Mühendislikte Yapay Zeka ve Uygulamalı Matematik Konferansı, Sayfa 77-88, Antalya, 2019.
17. 17.Kolahi S. S., Treseangrat K., and Sarrafpour B. , "Analysis of UDP DDoS flood cyber attack and defense mechanisms on Web Server with Linux Ubuntu 13", International Conference on Communications, Signal Processing, and their Applications, Pages 1-5, 2015.
18. 18. Bou-Harb E., Debbabi M., and Assi C., "Cyber scanning: a comprehensive survey," Ieee communications surveys & tutorials, Vol. 16, Pages 1496-1519, 2013.
19. 19. Haris S., Ahmad R., and Ghani M., "Detecting TCP SYN flood attack based on anomaly detection", Second International Conference on Network Applications, Protocols and Services, Pages 240-244, 2010.
20. 20.Choi S.-H., Hwang D.-H., and Choi Y.-H., "Wireless intrusion prevention system using dynamic random forest against wireless MAC spoofing attack", IEEE Conference on Dependable and Secure Computing, Pages 131-137, 2017.