Network Intrusion Detection System
System based IDSs screens the attributes of a solitary Network and the occasions happening inside that Network for suspicious movement. Instances of the kinds of attributes a Network-based IDS may screen are wired and remote system traffic, framework logs, running procedures, document access and alt
2025-06-28 16:34:15 - Adil Khan
Network Intrusion Detection System
Project Area of Specialization Cyber SecurityProject SummarySystem based IDSs screens the attributes of a solitary Network and the occasions happening inside that Network for suspicious movement. Instances of the kinds of attributes a Network-based IDS may screen are wired and remote system traffic, framework logs, running procedures, document access and alteration, and framework and application arrangement changes. Most Network-based IDSs have discovery programming known as operators introduced on the Networks of intrigue. Every specialist screens movement on a solitary Network and if avoidance abilities empowered, performs counteraction activities. The operators transmit information to the executives servers. Every operator is ordinarily configuration to ensure a server, a work area or workstation, or an application administration.
Project ObjectivesThe purpose of our IDS is to help computer systems on how to identify attacks, and that IDS is collecting information from several different sources within the computer systems and networks and compares this information with pre-existing patterns of discrimination as to whether there are attacks or weaknesses.
• Monitoring and analyzing both user and network activities and display all the information in an orderly and categorized fashion.
• Assessing system and network integrity and allowing the modules of the system to interact with the system and network to properly identify attacks.
• Ability to recognize patterns of attacks and categorized them base on several metrics (Category, probability and detectability etc).
• Analysis of abnormal activity behavior in applications and services of the user and properly detecting these abnormal behaviors with a low false positive rate.
• Produce reports that help user track attacks and are easily readable by user, is also informative/provides the logs of these attacks as well as attacks occurring on your network, with information on the most frequent attacks and the source of these attack.
Project Implementation MethodOur proposed system has three main modules. The first will be a monitoring GUI , It is to be operated by the admin with unique id and password. The Monitoring will capture all incoming data packets of the TCP/IP layer and output it in a list to the end user. The captured packets will then be send to both the signature detection and anomaly detection modules and an alert will be generated if an intrusion is detected. The signature detection module will is a rule-based system to detect all incoming attacks on the network and report then to the end user to the alerting system. The anomaly detection module will utilize machine-learning algorithms to detect attacks. Finally, the alerting module will send the attack data to the reporting module, which will then, create a report to the end user via email mentioning all relevant information about the attack. This will then allow users to detect cyber-attacks related to the TCP/IP layer.
Benefits of the ProjectIn current scenario most of the intrusion detection systems (IDS) use one of the two detection methods, Signature detection or Anomaly detection,both of them have their own limitations. Technology has developed the technique that combines Signature detection system with anomaly detection system (ADS) or network intrusion detection system and Network based intrusion detection system is known as hybrid intrusion detection .The aim is to increase the detection rate and decrease the false positive rate by the use of Signature detection and anomaly detection. With respect to our objectives the current scope of our project is.
• A user authentication system for our users
• A network traffic analyzer
• Detection modules which gather data from the analyzer
• A Reporting system which outputs the nature of attack to the user
Technical Details of Final DeliverableOur application is a desktop application. The Network Intruder Detection System will be developed on Visual Basic code resulting in a very fast and have immediate response time. The System will be a desktop application that needs some additional dependencies to work more efficiently. The application will require latest .Net Framework that support C#. The application will also require internet 24/7 for reliable service as well as network adapter. As our application is user friendly effective and efficient but it also have some constraints including no or poor internet access, limited memory for processes, latest version of .Net framework.
• .Net Accord for our machine learning library
• .Net Core for packet capture and network diagnostics
• Visual Studio Code for developing our frontend and backend of the Application
• C# as main developing language
Final Deliverable of the Project Software SystemCore Industry SecurityOther IndustriesCore Technology Artificial Intelligence(AI)Other TechnologiesSustainable Development Goals Industry, Innovation and Infrastructure, Peace and Justice Strong InstitutionsRequired Resources| Item Name | Type | No. of Units | Per Unit Cost (in Rs) | Total (in Rs) |
|---|---|---|---|---|
| Total in (Rs) | 4742 | |||
| Printing Expenses | Miscellaneous | 14 | 53 | 742 |
| Networking Costs | Miscellaneous | 8 | 500 | 4000 |