Network intrusion detection systems
Eva Rodríguez; Beatriz Otero; Jordi Salazar; Santiago Silvestre; Francesc Torres
Annotation

In an era where cyber threats are continuously evolving in number and complexity, network security has become paramount. Network Intrusion Detection Systems (NIDS) play a crucial role in ensuring network security. These systems are designed to detect malicious network traffic, abnormal behaviours and intrusion attempts in computer systems alerting administrators when an intrusion or abnormal behaviour is detected. The study of network security involves acquiring knowledge about network traffic monitoring and understating the most common network attacks, such as Denial of Service (DoS), Distributed Denial of Service (DDoS), reconnaissance and information theft. Additionally, it is crucial to understand intrusion detection techniques, including signature-based and anomaly-based methods.

Objectives

At the end of this module, the student should be able to:

Understand the NIDS security role in networks.

Understand network traffic monitoring tools.

Identify and categorize the most common network attacks, such as DoS, DDoS, Man-in-the-Middle, Reconnaissance, Information Theft.

Understand NIDS detection techniques, including signature-based, anomaly-based and behavioral analysis

Keywords
Network Intrusion Detection System, network monitoring, Denial of Service, Distributed Denial of Service, Man-in-the-Middle, Reconnaissance, Information Theft, Distributed Network Intrusion Detection Systems.
Date of Creation
20. 06. 2024
Language
English
License
Creative Commons BY-SA 4.0
ISBN
Literature
  1. Ozkan-Okay, et. al. A comprehensive systematic literature review on intrusion detection systems. IEEE Access, 9, 157727-157760, 2022.
  1. Martins, I., et. al. Host-based IDS: A review and open issues of an anomaly detection system in IoT. Future Generation Computer Systems, 133, 95-113, 2022.
  1. Ahmad, Z., et. al. Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, 32(1), 4150, 2021.
  1. Open Source Security Event Correlator (OSSEC), https://www.ossec.net/ [Accessed 03/07/2024]
  1. Tripwire, https://www.tripwire.com/ [Accessed 03/07/2024]
  1. Wazuh, https://wazuh.com/ [Accessed 03/07/2024]
  1. SolarWinds Security Event Manager, https://www.solarwinds.com/security-event-manager [Accessed 03/07/2024]
  1. Snort, https://www.snort.org/ [Accessed 03/07/2024]
  1. Suricata, https://suricata.io/ [Accessed 03/07/2024]
  1. Zeek, https://zeek.org/ [Accessed 03/07/2024]
  1. Cisco NetFlow, https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html [Accessed 03/07/2024]
  1. sflow, https://github.com/sflow/sflowtool [Accessed 03/07/2024]
  1. IPFIX, https://github.com/topics/ipfix [Accessed 03/07/2024]
  1. Wireshark, https://www.wireshark.org/ [Accessed 03/07/2024]
  1. TCPDUMP, https://www.tcpdump.org/ [Accessed 03/07/2024]
  1. Ettercap, https://www.ettercap-project.org/ [Accessed 03/07/2024]
  1. PRTG Network Monitor, https://www.paessler.com/prtg [Accessed 03/07/2024]
  1. ManageEngine OpManager, https://www.manageengine.com/ca/network-monitoring/ [Accessed 03/07/2024]
  1. SolarWinds Network Performance Monitor, https://www.solarwinds.com/engineers-toolset/use-cases/network-monitoring-tools [Accessed 03/07/2024]
  1. Cisco Secure Network Analytics, https://www.cisco.com/site/us/en/products/security/security-analytics/secure-network-analytics/index.html [Accessed 03/07/2024]
  1. McAfee Network Threat Behavior Analysis, https://www.mcafee.com/ [Accessed 03/07/2024]
  1. Darktrace, https://darktrace.com/ [Accessed 03/07/2024]
  1. New Relic APM, https://newrelic.com/platform/application-monitoring [Accessed 03/07/2024]
  1. AppDynamics, https://www.appdynamics.com/ [Accessed 03/07/2024]
  1. Stackify Retrace, https://stackify.com/retrace/ [Accessed 03/07/2024]
  1. Syed, N. F., Baig, Z., Ibrahim, A., & Valli, C. (2020). Denial of service attack detection through machine learning for the IoT. Journal of Information and Telecommunication, 4(4), 482-503.
  1. de Neira, A. B., Kantarci, B., & Nogueira, M. (2023). Distributed denial of service attack prediction: Challenges, open issues and opportunities. Computer Networks, 222, 109553.
  1. Mallik, A., Ahsan, A., Shahadat, M. M. Z., & Tsou, J. C. (2019). Understanding Man-in-the-middle-attack through Survey of Literature. Indonesian Journal of Computing, Engineering, and Design, 1(1), 44-56.
  1. Roy, S., Sharmin, N., Acosta, J. C., Kiekintveld, C., & Laszka, A. (2022). Survey and taxonomy of adversarial reconnaissance techniques. ACM Computing Surveys, 55(6), 1-38.
  1. Haddon, D. A. (2020). Attack Vectors and the Challenge of Preventing Data Theft. In Cyber Security Practitioner’s Guide (pp. 1-50).
  1. DarkTrace, https://darktrace.com/es [Accessed 03/07/2024]
  1. Ghanshala, K. K., Mishra, P., Joshi, R. C., & Sharma, S. (2018, December). BNID: a behavior-based network intrusion detection at network-layer in cloud environment. In 2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC) (pp. 100-105). IEEE.