Implementation of signature-based intrusion detection system using SNORT to prevent threats in network servers

Abstract

Security is an important factor in today's digital era. In a network, implementing a security system is the focus of a network developer. One of the most basic network securities is in the form of access. To manage the security of a system must be known in advance who is involved in the system and what activities are carried out. Just like a security alarm, which monitors work conditions, this is the function of the Intrusion Detection System (IDS). IDS has several effective methods for detecting threats, one of which is the Signature-based method. IDS can be implemented through the open-source SNORT application, and the method works with rules which are commands to IDS to recognize various attacks. IDS rules will be included in the signature matching process, which means matching between rules and incoming attacks and views of both protocols, then the IDS will generate alerts that contain notifications. This study conducted a reading of the MIT-DARPA 1999 dataset on 1,252,412 packages and tested alerting with Network Scanning and DoS attacks. Analyze Package Data runs at a speed of 83,494 packets /second and gets a true positive percentage reaching 100% and an accuracy of 98.10%.