Network Intrusion prevention system based on enhanced snort rules to protect network resources from DoS & DDoS attacks :

Abstract

Virtual computers from anywhere in the world are designed to enable any user to acce the computer resources contained in the cloud computing (CC) environment. The flourresources in the cloud environment, which pose a great threat to security, are shared that they can be accessed by users anywhere in the world. Denial of service and denialof distributed services is one of the leading challenges posed by attackers who poseserious threat to CC's security. Next Generation Invasion Prevention Systems (NGIPSalso known as non-traditional invasion prevention systems or next-generation invasion prevention systems, is being introduced as a tactic to overcome these offensivechallenges. Thus, the author intends to find research results on the technologicstrategies used in NIPS and their evaluation and to find solutions to the challenges cloud computing (CC). The author has used a very systematic literature review to explore and identify the lateNIPS techniques using Inspec, IEEE, ACM Digital Library, Wiley, Scopus and Googscholar library databases. Articles are selected based on the acceptance and rejectionformula when selecting for literature review. This experimental methodology has beeselected as a research methodology for experimental comparison of the source and destination approaches of Snort NIGPS. The experimental bed is designed andeployed using Snort filtering techniques deployed in a virtual machine through virtual switch in a virtual environment. In this research, the author involves in finding the answers to the research problems andthe first problem was the use of next-generation IPS technologies to protect the cloud computing surrounding from DoS and DDoS attacks. The second and third researcquestions are identifying different types of measurements to assess the performance ofNIPS, and the third is the find the performance skill among both source and destination approaches of Snort Intrusion prevention systems. Network engineers, network administrators and academia has been considered as useof the research scope. The hypothesis in this research is the filter will never work if the attack is launched on a large number of source IP addresses, and Snort will not be able to distinguish between legal and non-legal packets, even if the filter is functionaFinally, the null hypothesis used is the Snort does not show any difference betweeboth source and destination approaches. TCP, UDP, HTTP and mixture of the protocols used as attack input using LOIC attack tool and legitimate traffic inputs to the system generated using JMeter tool and Further, TCPreplay has been used to regenerate the same amount of both attack and normal traffic to maintain the justification and all those considered as independent variables. The dependent variables considered as the output of the research results are load on the CPU results, Utilization of the memory, availability of the Bandwidth, Delay (Latency), percentage (rate) of loss of packets.

In this research, the processes are the generating of both normal and attack traffics, detecting and preventing malicious traffic using Snort rate filtering rules. In the source approach, packet-based identification and filtering of packets are done by scanning the source IP address and enabling Snort to activate the filter if a specific packet rate is reached. Destination detection and filtering of packets are done by ordering Snort to swipe packets to the destination IP address and to enable filtering when a predetermined packet rate is reached. NIPS strategic algorithms can be evaluated using classical metrics such as Load of the CPU, Utilization of Memory, Bandwidth availability, Delay (Latency), Rate of packet loss (both “false positives” and “false negatives”) and Accuracy. This experiment also found that when accessing parameters such as Load of the CPU, Utilization of Memory, Bandwidth availability, Delay (Latency) and Rate of packet loss, destination access was more efficient than source access. That is, the filtration rate system of the destination approach is more efficient. Most of the NIPS technologies used in the Cloud Computing environment to protect from DoS and DDoS attacks are concluded as similar and interrelated. Furthermore, the author concludes that there is a difference in performance appraisal in the cloud computing environment between Snort's source and destination approaches.