Implementation of IDS and IPS for Detecting and Preventing TCP Port Scanning and ICMP Flooding Attacks
Abstract
The implementation of Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) is a crucial step in maintaining network security. This research aims to test the effectiveness of IDS and IPS in detecting and preventing TCP port scanning attacks and ICMP flooding attacks and also providing real-time notifications using Telegram. The methodology used includes configuring a test environment that reflects real network scenarios, where various attacks are initiated to test the IDS and IPS responses. The experimental results show that IDS is able to detect suspicious activity with a high degree of accuracy, while IPS is effective in blocking identified attacks, thereby reducing potential damage to the system. Proper implementation of IDS and IPS can significantly improve network security by early detecting and preventing cyberattacks.
Downloads
References
C. Anilkumar, D. Paul Joseph, V. Madhu Viswanatham, A. Karrothu, and B. Venkatesh, “Experimental and comparative analysis of packet sniffing tools,” in Proceedings of the 2nd International Conference on Data Engineering and Communication Technology: ICDECT 2017, Springer, 2019, pp. 597–605.
S. Ennaji, N. El Akkad, and K. Haddouch, “A powerful ensemble learning approach for improving network intrusion detection system (nids),” in 2021 Fifth International Conference On Intelligent Computing in Data Sciences (ICDS), IEEE, 2021, pp. 1–6.
H. Kılıç, N. S. Katal, and A. A. Selçuk, “Evasion techniques efficiency over the ips/ids technology,” in 2019 4th International Conference on Computer Science and Engineering (UBMK), IEEE, 2019, pp. 542–547.
D. E. Kurniawan, H. Arif, N. Nelmiawati, A. H. Tohari, and M. Fani, “Implementation and analysis ipsec-vpn on cisco asa firewall using gns3 network simulator,” in Journal of Physics: Conference Series, IOP Publishing, 2019, p. 012031.
D. Ghelani, “Cyber security, cyber threats, implications and future perspectives: A Review,” Authorea Preprints, 2022.
O. H. Abdulganiyu, T. Ait Tchakoucht, and Y. K. Saheed, “A systematic literature review for network intrusion detection system (IDS),” Int J Inf Secur, vol. 22, no. 5, pp. 1125–1162, 2023.
L. Ashiku and C. Dagli, “Network intrusion detection system using deep learning,” Procedia Comput Sci, vol. 185, pp. 239–247, 2021.
P. S. Fat, K. Khairil, and E. P. Rohmawan, “Design and Implementation of Intrusion Detection System (IDS) for Wireless Local Area Network (WLAN) Security at SMKN 5 Bengkulu City,” Jurnal Media Computer Science, vol. 2, no. 1, pp. 1–8, 2023.
S. Muneer, U. Farooq, A. Athar, M. Ahsan Raza, T. M. Ghazal, and S. Sakib, “A Critical Review of Artificial Intelligence Based Approaches in Intrusion Detection: A Comprehensive Analysis,” Journal of Engineering, vol. 2024, no. 1, p. 3909173, 2024.
P. F. De Araujo-Filho, A. J. Pinheiro, G. Kaddoum, D. R. Campelo, and F. L. Soares, “An efficient intrusion prevention system for CAN: Hindering cyber-attacks with a low-cost platform,” IEEE Access, vol. 9, pp. 166855–166869, 2021.
G. Jain, “Application of snort and wireshark in network traffic analysis,” in IOP Conference Series: Materials Science and Engineering, IOP Publishing, 2021, p. 012007.
B. Pasaribu and W. Susanti, “Sistem Informasi Pengajuan Rancangan Usulan Penelitian Menggunakan PHP Native dan Bot Telegram,” Jurnal Mahasiswa Aplikasi Teknologi Komputer dan Informasi (JMApTeKsi), vol. 3, no. 1, pp. 29–38, 2021.
D. E. Kurniawan, M. Iqbal, J. Friadi, R. I. Borman, and R. Rinaldi, “Smart monitoring temperature and humidity of the room server using raspberry pi and whatsapp notifications,” in Journal of Physics: Conference Series, IOP Publishing, 2019, p. 012006.
S. Liao et al., “A Comprehensive Detection Approach of Nmap: Principles, Rules and Experiments,” in 2020 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2020, pp. 64–71. doi: 10.1109/CyberC49757.2020.00020.
F. H. Roslan, “A Comparative Performance of Port Scanning Techniques,” Journal of Soft Computing and Data Mining, vol. 4, no. 2, pp. 43–51, 2023.
W. Yunus and M. E. Lasulika, “Security system analysis against flood attacks using tcp, udp, and icmp protocols on mikrotik routers,” International Journal of Advances in Data and Information Systems, vol. 3, no. 1, pp. 11–19, 2022.
İ. Gündoüdu and A. A. Selçuk, “Effectiveness analysis of public rule sets used in snort intrusion detection system,” in 2021 29th Signal Processing and Communications Applications Conference (SIU), IEEE, 2021, pp. 1–4.
C. Yuan, J. Du, M. Yue, and T. Ma, “The design of large scale IP address and port scanning tool,” Sensors, vol. 20, no. 16, p. 4423, 2020.
F. H. M. B. Lima, L. F. M. Vieira, M. A. M. Vieira, A. B. Vieira, and J. A. M. Nacif, “Water ping: ICMP for the internet of underwater things,” Computer Networks, vol. 152, pp. 54–63, 2019.
Copyright (c) 2024 Iqbal Maqdum Razzanda
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) ) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).