Implementation of IDS and IPS for Detecting and Preventing TCP Port Scanning and ICMP Flooding Attacks

  • Iqbal Maqdum Razzanda Universitas Amikom Yogyakarta
  • Muhammad Koprawi Universitas Amikom Yogyakarta
Keywords: IDS, IPS, TCP Port Scanning, ICMP Flooding, Telegram

Abstract

The implementation of Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) is a crucial step in maintaining network security. This research aims to test the effectiveness of IDS and IPS in detecting and preventing TCP port scanning attacks and ICMP flooding attacks and also providing real-time notifications using Telegram. The methodology used includes configuring a test environment that reflects real network scenarios, where various attacks are initiated to test the IDS and IPS responses. The experimental results show that IDS is able to detect suspicious activity with a high degree of accuracy, while IPS is effective in blocking identified attacks, thereby reducing potential damage to the system. Proper implementation of IDS and IPS can significantly improve network security by early detecting and preventing cyberattacks.

Downloads

Download data is not yet available.

References

C. Anilkumar, D. Paul Joseph, V. Madhu Viswanatham, A. Karrothu, and B. Venkatesh, “Experimental and comparative analysis of packet sniffing tools,” in Proceedings of the 2nd International Conference on Data Engineering and Communication Technology: ICDECT 2017, Springer, 2019, pp. 597–605.

S. Ennaji, N. El Akkad, and K. Haddouch, “A powerful ensemble learning approach for improving network intrusion detection system (nids),” in 2021 Fifth International Conference On Intelligent Computing in Data Sciences (ICDS), IEEE, 2021, pp. 1–6.

H. Kılıç, N. S. Katal, and A. A. Selçuk, “Evasion techniques efficiency over the ips/ids technology,” in 2019 4th International Conference on Computer Science and Engineering (UBMK), IEEE, 2019, pp. 542–547.

D. E. Kurniawan, H. Arif, N. Nelmiawati, A. H. Tohari, and M. Fani, “Implementation and analysis ipsec-vpn on cisco asa firewall using gns3 network simulator,” in Journal of Physics: Conference Series, IOP Publishing, 2019, p. 012031.

D. Ghelani, “Cyber security, cyber threats, implications and future perspectives: A Review,” Authorea Preprints, 2022.

O. H. Abdulganiyu, T. Ait Tchakoucht, and Y. K. Saheed, “A systematic literature review for network intrusion detection system (IDS),” Int J Inf Secur, vol. 22, no. 5, pp. 1125–1162, 2023.

L. Ashiku and C. Dagli, “Network intrusion detection system using deep learning,” Procedia Comput Sci, vol. 185, pp. 239–247, 2021.

P. S. Fat, K. Khairil, and E. P. Rohmawan, “Design and Implementation of Intrusion Detection System (IDS) for Wireless Local Area Network (WLAN) Security at SMKN 5 Bengkulu City,” Jurnal Media Computer Science, vol. 2, no. 1, pp. 1–8, 2023.

S. Muneer, U. Farooq, A. Athar, M. Ahsan Raza, T. M. Ghazal, and S. Sakib, “A Critical Review of Artificial Intelligence Based Approaches in Intrusion Detection: A Comprehensive Analysis,” Journal of Engineering, vol. 2024, no. 1, p. 3909173, 2024.

P. F. De Araujo-Filho, A. J. Pinheiro, G. Kaddoum, D. R. Campelo, and F. L. Soares, “An efficient intrusion prevention system for CAN: Hindering cyber-attacks with a low-cost platform,” IEEE Access, vol. 9, pp. 166855–166869, 2021.

G. Jain, “Application of snort and wireshark in network traffic analysis,” in IOP Conference Series: Materials Science and Engineering, IOP Publishing, 2021, p. 012007.

B. Pasaribu and W. Susanti, “Sistem Informasi Pengajuan Rancangan Usulan Penelitian Menggunakan PHP Native dan Bot Telegram,” Jurnal Mahasiswa Aplikasi Teknologi Komputer dan Informasi (JMApTeKsi), vol. 3, no. 1, pp. 29–38, 2021.

D. E. Kurniawan, M. Iqbal, J. Friadi, R. I. Borman, and R. Rinaldi, “Smart monitoring temperature and humidity of the room server using raspberry pi and whatsapp notifications,” in Journal of Physics: Conference Series, IOP Publishing, 2019, p. 012006.

S. Liao et al., “A Comprehensive Detection Approach of Nmap: Principles, Rules and Experiments,” in 2020 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2020, pp. 64–71. doi: 10.1109/CyberC49757.2020.00020.

F. H. Roslan, “A Comparative Performance of Port Scanning Techniques,” Journal of Soft Computing and Data Mining, vol. 4, no. 2, pp. 43–51, 2023.

W. Yunus and M. E. Lasulika, “Security system analysis against flood attacks using tcp, udp, and icmp protocols on mikrotik routers,” International Journal of Advances in Data and Information Systems, vol. 3, no. 1, pp. 11–19, 2022.

İ. Gündoüdu and A. A. Selçuk, “Effectiveness analysis of public rule sets used in snort intrusion detection system,” in 2021 29th Signal Processing and Communications Applications Conference (SIU), IEEE, 2021, pp. 1–4.

C. Yuan, J. Du, M. Yue, and T. Ma, “The design of large scale IP address and port scanning tool,” Sensors, vol. 20, no. 16, p. 4423, 2020.

F. H. M. B. Lima, L. F. M. Vieira, M. A. M. Vieira, A. B. Vieira, and J. A. M. Nacif, “Water ping: ICMP for the internet of underwater things,” Computer Networks, vol. 152, pp. 54–63, 2019.

Published
2024-11-05
How to Cite
[1]
I. Razzanda and M. Koprawi, “Implementation of IDS and IPS for Detecting and Preventing TCP Port Scanning and ICMP Flooding Attacks”, JAIC, vol. 8, no. 2, pp. 326-331, Nov. 2024.
Section
Articles