N E T W O R K I NT R U S I O N D E T E C T I O N S Y S T E M

ABSTRACT

The project entitled NETWORK INTRUSION DETECTION SYSTEM is objective with the responsible for detecting any information of the about a kind of intruder that come in to the network. It achieves its predetermined Just as the rest particular intruder, Anti-viruses

got updated and also other NIDSs we are updating manually by inserting necessary information that it need to detect.

2 . I NT R O D U C T I O N
The development in science and technology are so rapid that the development and existence of mankind is dependent on the implementation of scientific knowledge. The entire world is paying much attention to improve the file style by synthesizing the result of gaining the classical as well as modern knowledge. No country can move in phase with the time. Under such circumstances computerization techniques takes its role. The main problem arising in a network is the question of security, which means protection from attacks. The project entitled Network Intrusion Detection System tries to trace out the intruder packets using IP Address or data and decides if it is to be forwarded and assures security. The project entitled Network Intrusion Detection System is an IDS where it monitors packets on the network wire and attempts to the discovery of hacker/cracker who is attempting to break into system This discovery is being performed by comparing the captured packet with the intruder details stored in the database .If the packet is found to be an intruder it is then forwarded to the firewall with the respective message for blocking. The software is developed using C#.Net as the front end and SQL Server as the Back-end. The system can be implemented in Windows NT Platform. The project ensures more security, accuracy, and efficiency to the system. All intrusion-detection systems tested were susceptible to

packet spoofing which tricks the server into thinking packets

have come from a trusted host or into using its own intrusiondetection counter measures to cut connectivity to legitimate sites. The systems were also found to be vulnerable to packet fragmentation attacks, and to denial-of-service attacks that flood networks devices with too many requests for connections, which can cause them to shut down. The project entitled NETWORK INTRUSION DETECTION SYSTEM provides server side security for network intrusion through packet sniffing and analysis and pattern matching. The filtering mechanism usually can filter IP packets based on some or all of the following conditions: Source IP address, the system from which the packet originated Destination IP address, the system for which the packet is destined Protocol Source TCP/UDP port, the port number of the service on the host originating connection Destination TCP/UDP port String match in a packet.

SYSTEM ANALYSIS AND DESIGN

Existing system

The existing Network Intrusion Detection System is a Windows based system developed internally by the company. It is the manual encoding of the expert system hence responding properly only to known attacks. This is an ordinary system that can be used to detect only a known or ungeneralised set of users. The main drawback lies in the fact that the system cannot be generalized. The system acts as a subsystem of the firewall itself. The system contains the details of the intruder, which is then forwarded to the firewall.

Proposed system The proposed system is a Network Intrusion Detection System that is an enhancement of the existing system. It is a system level program that works as the lower layer of the firewall. The system checks the database for the already registered to the intruders. firewall If for found intruding, The they firewall are is forwarded blocking.

responsible for the blocking of the packet.

DESIGN

Module design

Modular design means breaking the program tasks into small parts. The advantage of modularity is in easy accessing of coding and debugging, also more number of programs can engage in a Software development and the work could be finished within a targeted minimum span of time by splitting the program into small parts.

This project is mainly classified into seven modules Action Intrusion Modal Traffic Sniffing Detection Reports

Main modules are sub divided into small parts, called sub modules and the details regarding these modules are as follows. ACTION - Security Application Lock Application Exit INTRUSION - Registration (IP) Reg.Alter Reg.Removal MODAL - Registration Name Reg.Alter Reg.Removal TRAFFIC - IP Request Port Scanning Ping Machine SNIFFING - TCP Protocol UDP Protocol All Sniffing DETECTION - Detect New Data Mining REPORTS - Intruder Details Modal Details Detection Details

The project is mainly developed in the background view of administrator. This Software has been mainly divided into seven to eight modules, starting with Action to Reports. The first module Action expresses the ability of administrator to handle the entire control by providing security using password, also through locking application. The second module Intrusion does the job of fixing IP addresses of systems with the assumption that they are intruders. It also provides the options for updating/dropping of registration. The third module Modal also has the same work of Intrusion except the fact that it registers the intruder with the predetermined information about intruder. The fourth module Traffic displays the packet details based on the source or destination IP. It displays the available ports in the system, also the connectivity between systems in the network are checked and give the responds through the ping machine form. The fifth module Sniffing gives the details of packets on the basis of different network protocols. In the Detection module new and existing intruders are detected and displayed. It also monitors the data part included in the packets. The last module Report gives the entire details of intruder.