NJIT eTD::njit-etd2003-002::Akpan, Friday Bassey::"Evaluation of intrusion detection systems with automatic traffic generation programs"

In this master's thesis work, a program was developed using the Perl programming language to enable user defined attack programs to run automatically. A similar program was also developed for background traffic. With this program, the different features of the Nmap exploration and scanning tool were exploited to build scenarios of attacks.

Automated scenarios of attacks running in to the order of hundreds were developed. Also, different sets of automated stealthy attacks scenarios running in to the order of hundreds were developed using the timing modes, stealthy scans and scan delay features of Nmap.

These automated attacks scenarios were employed in the evaluation of the Snort intrusion detection system. It was discovered that 73% of all the Nmap's scanning types and discovery methods that were used in this work resulted in scanning activity. The Snort intrusion detection system detected and produced alerts on every of the 73% Nmap's scan types and discovery method that resulted in scanning activity. Snort was found to have a non-existent false alarm rate and a very high detection rate of 100% using these attacks scenarios and background traffic.

The developed attacks scenarios program were found to be easy to use, efficient, and easy to expand by setting only the type of attacks, parameters of the attack, and the delay time between two successive attacks in a configuration file.

Title:	Evaluation of intrusion detection systems with automatic traffic generation programs
Author:	Akpan, Friday Bassey
Document Type:	Thesis
Department:	Department of Electrical and Computer Engineering
Degree:	Master of Science
Major:	Computer Engineering
Advisory Committee:	Manikopoulos, Constantine N. He, Bin Ziavras, Sotirios
Thesis Date:	2003, January
Keywords:	Intrusion dectection systems Automatic traffic generation programs
Availability:	Unrestricted
Abstract:	In this master's thesis work, a program was developed using the Perl programming language to enable user defined attack programs to run automatically. A similar program was also developed for background traffic. With this program, the different features of the Nmap exploration and scanning tool were exploited to build scenarios of attacks. Automated scenarios of attacks running in to the order of hundreds were developed. Also, different sets of automated stealthy attacks scenarios running in to the order of hundreds were developed using the timing modes, stealthy scans and scan delay features of Nmap. These automated attacks scenarios were employed in the evaluation of the Snort intrusion detection system. It was discovered that 73% of all the Nmap's scanning types and discovery methods that were used in this work resulted in scanning activity. The Snort intrusion detection system detected and produced alerts on every of the 73% Nmap's scan types and discovery method that resulted in scanning activity. Snort was found to have a non-existent false alarm rate and a very high detection rate of 100% using these attacks scenarios and background traffic. The developed attacks scenarios program were found to be easy to use, efficient, and easy to expand by setting only the type of attacks, parameters of the attack, and the delay time between two successive attacks in a configuration file.
Complete Thesis:	njit-etd2003-002 (78 pages ~ 3,243 KB pdf)
Feedback:	Please complete this Feedback Form to inform us about your experience using this website. It will assist us in better serving your information needs in the future. Thank You!