Intrusion detection

Abstract

With the rapid development of Internet, it is an important task to ensure that college students accessing the Internet in a healthy way. This paper discusses the monitoring of user behavior by means of SNORT software in order to establish a campus network security monitoring system.

Key words: Campus Network; SNORT; security;

I. INTRODUCTION Developed in 1969, ARPANet, the first form of internet, was initially used for military purposes. In 1993, it started being used for other non-military applications and business and hence entered a stage of rapid development. In 1994, India introduced the Internet; in only a few years, the application of internet technology and services has grown tremendously, providing more and more new services. At the same time, the Internet has also brought forth a multitude of media and information to the public, both beneficial and harmful. Users can view illegal sites of violence, pornographic material, anti-government, and other undesirable content, creating detrimental effects to the user’s mental and physical health. Thus, it is imperative to study, develop, and employ measures which create a real-time security monitoring system capable of controlling and protecting the information available in order to ensure the healthy growth of college students and also the smooth and safe operation of the school network.

This paper investigates the capabilities of SNORT to analyze those specific sensitive vocabularies of web contents and to monitor in real-time any unusual behaviors so as to establish a security system for campus network.

'''II. THE TECHNOLOGY OF SNORT'''

Snort is a lightweight network intrusion detection software, which is based on the network packet sniffer and logging tools in the lib pcap.

Snort is scalable and portable. Developed in C, this open source software is free to use by any organization or individual.

Snort is a software based on feature detection by which suspicious data packets are inspected and analyzed according to pre-defined rules; Once a rule is triggered, it generates an alert message. Snort can generate reporting messages in real-time, each of which can be directed to user defined destination; it also delivers WinPopup messages to Windows client programs by using SAMBA protocols.

Snort is comprised mainly of the following four components: 2. Detection module that detects and analyzes any intrusion behaviors and sends real-time alert messages. 3. Knowledge database that provides necessary supporting data information. 4. Control module that responds automatically or manually to alert messages.
 * 1) 1. Data collection module that collects status data and feeds the data to the detection module.

What are the ways to use the same for the Campus Network System?