Evaluation of intrusion detection systems with automatic traffic generation programs
Department of Electrical and Computer Engineering
Master of Science
Manikopoulos, Constantine N.
Intrusion dectection systems
Automatic traffic generation programs
In this master's thesis work, a program was developed using the Perl programming language to enable user defined attack programs to run automatically. A similar program was also developed for background traffic. With this program, the different features of the Nmap exploration and scanning tool were exploited to build scenarios of attacks.
Automated scenarios of attacks running in to the order of hundreds were developed. Also, different sets of automated stealthy attacks scenarios running in to the order of hundreds were developed using the timing modes, stealthy scans and scan delay features of Nmap.
These automated attacks scenarios were employed in the evaluation of the Snort intrusion detection system. It was discovered that 73% of all the Nmap's scanning types and discovery methods that were used in this work resulted in scanning activity. The Snort intrusion detection system detected and produced alerts on every of the 73% Nmap's scan types and discovery method that resulted in scanning activity. Snort was found to have a non-existent false alarm rate and a very high detection rate of 100% using these attacks scenarios and background traffic.
The developed attacks scenarios program were found to be easy to use, efficient, and easy to expand by setting only the type of attacks, parameters of the attack, and the delay time between two successive attacks in a configuration file.
njit-etd2003-002 (79 pages ~ 2,956 KB pdf)
Please complete this Feedback Form to inform us about your experience using this website. It will assist us in better serving your information needs in the future. Thank You!
Created November 26, 2003