Objectives: To assess various Intrusion Detection Systems (IDS) against various types of attacks in different environments like Web, Enterprise, Cloud, etc. and to propose architecture for improving the Snort based IDS performance during typical attacks. Methods: Analytical approach was used to survey various research papers in this field of research. Findings: In this research, various approaches of IDS were analysed in various aspects like Detection Accuracy, False Alarm Rate, Scalability and Capability of detecting unknown attacks. Some approaches focused on particular type of issues while ignoring the others. This lead to performance degrading in several cases which is not tolerable in real time scenarios. Improvements: Among various studied approaches, we chose Snort based IDS to improve its performance in order to deploy in enterprise networks. Being an Open Source Software, Snort gives the flexibility to improve its functionality. We propose architecture to improve Snort's detection rate and to reduce the packet drops during critical attacks like Port Scanning, DoS, DDoS Attacks, etc.
Keywords
Attacks, DoS Attacks, DDoS Attacks, Detection Accuracy, False Alarm Rate, Intrusion Detection System, Open Source Software, Port Scanning Attacks, Snort, Scalability.
User
Information