Objective:
To conduct a representative sequence of activities for security management.
Questions:
Your task is to solve the following problems:
1. In this task, I would like you to perform intrusion detection using SNORT that is introduced as in Hands-on Lab 6. For this purpose, you can use pcap and/or tcpdump files from the followingpublic repositories (or others): • DARPA Intrusion Detection Datasets:
• NETRESEC Pcap Datasets
• UNB Datasets:
• Dalhousie NIMS Lab Datasets:
• Or others.
For this task, you can use the following as needed: • Snort
To demonstrate that you perform the task, you must give screen shots, results of detection in terms of IDS performance metrics as the well as the statistics (count, mean, min, max)regarding the Snort rules used and their discussion.
As an example, please read:
• Ansam Khraisat, Iqbal Gondal, Peter Vamplew, Joarder Kamruzzaman ; “Survey ofintrusion detection systems: techniques, datasets and challenges”, Cybersecurity, 2019:(check pages 11 and 12 for the performance metrics)
2. In this task, you are expected to investigate / read about the pcap (or tcpdump) data set that you choose for the first task and understand the attacks that were captured. Then, you can design /find / improve the rule to detect that type of attack. You can get some ideas from:• Gunes Kayacik, Nur Zincir-Heywood; “Evaluation of the Cisco IOS Firewall with Darpa 99 Dataset”
The post CSCI 6706 Computer & Networks Security appeared first on My Assignment Online.