Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Utvärdering av signaturdatabaser i systemet Snort
Karlstad University.
2019 (Swedish)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Evaluation of Signature Databases in the System Snort (English)
Abstract [sv]

Konstant uppkoppling till internet idag är en självklarhet för många världen över. Internet bidrar till en global förbindelse som aldrig tidigare varit möjligt, vilken kan tyckas vara underbart i många avseenden. Dessvärre kan denna digitala förbindelse missbrukas och användas för ondsinta ändamål vilket har lett till behov av säkerhetslösningar som bland annat nätverks-intrångsdetektionssystem. Ett av de mest omtalade verktygen som är ett exempel på ett sådant system är Snort som studeras i denna studie. Utöver analysering av Snort, evalueras även olika signaturdatabasers detektionsförmåga av angrepp. Totalt exekverades 1143 angrepp från 2008-2019 och dessa utvärderades av tre Snort-versioner daterade 2012, 2016 och 2018. Varje Snort-version analyserade angreppen med 18 signaturdatabaser daterade 2011-2019 från tre olika utgivare. Resultaten visar att det stor skillnad mellan de olika utgivarnas signaturdatabaser där den bästa detekterade runt 70% av angreppen medan den sämsta endast detekterade runt 1%. Även hur Snort konfigurerades hade stor inverkan på resultatet där Snort med för-processorn detekterade omkring 15% fler angrepp än utan den.

Abstract [en]

For many people all over the world being constantly connected to the Internet is taken for granted. The Internet connects people globally in a way that has never been possible before, which in many ways is a fantastic thing. Unfortunately, this global connection can be abused for malicious purposes which have led to the need for security solutions such as network intrusion detection systems. One prominent example of such a system is Snort which is the subject of evaluation in this thesis. This study investigates the ability of signature databases for Snort to detect cyberattacks. In total, we executed 1143 attacks released between 2008-2019 and recorded the network traffic. We then analyzed the network traffic using three versions of Snort released 2012, 2016, and 2018. For each version, we used 18 different signature databases dated 2011-2019 from three different publishers. Our results show that there are a significant difference between the different publishers’ signature databases, where the best signature database detected around 70% of the attacks and the worst only detected around 1%. The configuration of Snort also had a significant impact on the results, where Snort with the pre-processor detected about 15% more attacks than without it.

Place, publisher, year, edition, pages
2019. , p. 88
Keywords [en]
Snort, intrusion system, signature databases, exploits, payloads
Keywords [sv]
Snort, intrångsdetektion, signaturdatabaser, angreppskoder, nyttolaster
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:kau:diva-72581OAI: oai:DiVA.org:kau-72581DiVA, id: diva2:1325272
External cooperation
Totalförsvarets forskningsinstitut
Subject / course
Computer Science
Educational program
Engineering: Computer Engineering (300 ECTS credits)
Supervisors
Examiners
Available from: 2019-06-28 Created: 2019-06-14 Last updated: 2019-06-28Bibliographically approved

Open Access in DiVA

fulltext(2108 kB)32 downloads
File information
File name FULLTEXT01.pdfFile size 2108 kBChecksum SHA-512
6cc169d3a1ac38c824276179fe4d6cafbd1091728e31d4dbbe3dd4b40ca8219f23a9c439446ab40ad84bd53ee1c22a43131965f13544637cca97cae3e4c037c0
Type fulltextMimetype application/pdf

By organisation
Karlstad University
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 32 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 22 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf