Avaliando o desempenho dos sistemas de detecção de intrusão Snort e Suricata em ataques de negação de serviço
| Ano de defesa: | 2017 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal da Paraíba
Brasil Informática Programa de Pós-Graduação em Informática UFPB |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | https://repositorio.ufpb.br/jspui/handle/123456789/12933 |
Resumo: | Intrusion Detection Systems (IDS) are signature-based software tools that provide mechanisms for the detection and analysis of network intrusions. Intrusion Detection is the process of monitoring events occurring in a network and analyzing them to detect signals of intrusion, defined as attempts to compromise the confidentiality, integrity, and availability of the network. Using an experimental scenario and traffic collections in an Institution of higher education in Brazil, we evaluated the performance of Snort and Suricata Intrusion Detection Systems for the detection of Denial of Distributed Services attacks (Slowloris, LOIC-UDP and LOIC-HTTP). Our study found that Suricata does not generate an appropriate number of alerts to draw attention of the network manager about the Slowloris attack, while Snort does. For LOIC-UDP and LOIC-HTTP both IDSs are able to detect the attack efficiently. It was also analyzed the CPU and memory consumption of the target machine where the IDS operated during the attacks, being verified the exhaustion of the memory resources during certain attacks. Finally, the analysis of offline traffic reveals that the Institution of Higher Education during the analyzed period, was under DDoS attacks. |