Upload
kevork
View
28
Download
0
Embed Size (px)
DESCRIPTION
Using CLIPS to Detect Network Intrusions - (CLIPNIDS) Phase I MSE Project Sripriya Marry Committee Members Dr. David Gustafson (Major Professor) Dr. Rodney Howell Dr. Mitchell Nielsen. Overview. Problem Statement Purpose and Motivation Background Project phases Project Requirements - PowerPoint PPT Presentation
Citation preview
Using CLIPS to Detect Network Intrusions - (CLIPNIDS)
Phase IMSE Project
Sripriya Marry
Committee MembersDr. David Gustafson (Major Professor)
Dr. Rodney Howell Dr. Mitchell Nielsen
Overview
Problem Statement Purpose and Motivation Background Project phases Project Requirements User Interface Cost Estimation Effort Distribution
Problem Statement
Objective
To update Clipnids with the signatures of latest network
attacks so as to detect and notify network administrators about
any unauthorized access to the network resources by intruders
Purpose and Motivation
To excel in the Linux, C and GNU Programming.
Inspired by SNORT.
Background
• Intrusion detection: Process of monitoring the events occurring in a computer system or network and analyzing them for signs of intrusion.
• Types of Intrusion Detection Systems:Network-based IDSHost-based IDSApplication-Based IDS
• Types of Analysis: Misuse Detection Anomaly Detection
• Types of Response:Passive measureActive measure
• Conclusion: CLIPNIDS is Network-based IDS, that uses “Misuse Detection” analysis technique for detecting intrusions and uses “Passive Measure” to Respond to intrusions.
Project phases
Inception Phase.
Elaboration Phase.
• Production Phase
Inception Phase
Vision Document 1.0
Project Plan 1.0
Software Quality Assurance Plan
Prototype
Project Requirements
•Actors identified for Clipnids.
•Use-Case diagram.
• Tasks required to achieve the objective of the project.
•Actors identified for Clipnids.
Network
Clipnids
System Administrator
•Use-Case diagram.
• Tasks required to achieve the objective of the project.
Strong knowledge of Linux, C, GNU Programming and Bash scripting language.
Strong knowledge of GDB tool for debugging.
Migration of source code of CLIPNIDS from PCAP to DAQ to capture packets.
Integrating of latest versions of decoders and pre-processors from SNORT into CLIPNIDS
Identifying the version of SNORT using which CLIPNIDS decoder and pre-processors were built.
Possessing the latest version of SNORT.
Good understanding of working of expert-system CLIPS.
Good understanding of working of CLIPNIDS and its architecture.
Good understanding of working of SNORT and its architecture.
Modifying of “conf.clp” file to alter configuration settings for
CLIPNIDS based on the latest pre-processors.
Adding new CLIPS files to incorporate the latest signatures of
intrusions into pattern database of CLIPNIDS.
User Interface
Cost Estimation
• COCOMO Model is used as cost estimation for CLIPNIDSEffort = C1 * EAF * (Size)P1
Time = C2 * (Effort)P2
Organic Mode
• C1= 3.2• C2= 2.5• P1= 1.05• P2= 0.38
Parameter Value Level
RELY 1.00 Nominal
DATA 1.08 High
CPLX 1.15 High
TIME 1.11 High
STOR 1.06 High
VIRT 0.87 Low
TURN 1.00 Nominal
ACAP 0.86 High
AEXP 1.00 Nominal
PCAP 0.86 High
VEXP 1.10 Low
LEXP 0.95 High
MODP 1.00 Nominal
TOOL 1.00 Nominal
SCED 1.00 Nominal
Parameter Name Effort Adjustment Factor Value Range
RELY Required Reliability 0.75-1.40
DATA Database Size 0.94-1.16
CPLX Product Complexity 0.70-1.65
TIME Execution Time Constraint 1.00-1.66
STOR Main Storage Constraint 1.00-1.56
VIRT Virtual Machine Volatility 0.87-1.30
TURN Computer Turnaround Time 0.87-1.15
ACAP Analyst Capability 0.71-1.46
AEXP Applications Experience 0.82-1.29
PCAP Programmer Capability 0.70-1.42
VEXP Virtual Machine Experience 0.90-1.21
LEXP Language Experience 0.95-1.14
MODP Use of Modern Practices 0.82-1.24
TOOL Use of Software Tools 0.83-1.24
SCED Required Development schedule 1.10-1.23
Effort Estimation – Gantt chart
Inception Phase Vision Document 1.0
Project Plan 1.0 SQA Plan Prototype
Presentation 1Elaboration Phase
Vision Document 2.0 Project Plan 2.0
Formal Specification Architectural Design
Test Plan Inspection checklist
Inspection Prototype
Presentation 2Production Phase
Component Design Develop code
Testing Documentation
User Manual Project Evaluation
Presentation 3
1/23/14 1/30/14 2/6/14 2/13/14 2/20/14 2/27/14 3/6/14 3/13/14 3/20/14 3/27/14 4/3/14 4/10/14 4/17/14
Start Date Duration