AN IMPLEMENTAION OF SNORT BASED INTRUSION DETECTION SYSTEM USING WIRELESS SENSOR NETWORK by IRJMETS

e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science Volume:02/Issue:12/December -2020 Impact Factor- 5.354 www.irjmets.com

AN IMPLEMENTAION OF SNORT BASED INTRUSION DETECTION SYSTEM USING WIRELESS SENSOR NETWORK R. Hamsaveni*1 *1Assistant

Professor, Department of Computer Science and Applications, D.K.M College for Women, Thiruvalluvar University, Vellore, India.

ABSTRACT The IDS mechanism considers various factors like traversal path, time, energy, a lifetime of the network, security of packet. The energy overhead generated by flooding control messages and another protocol support packets decrease the latency of the node as well as the whole system. By considering all these issues, the proposed method has to be designed in such a way to increase the throughput ratio. The previous approaches use hop count based methods which are not optimum in a dynamically changing environment. The othert echniques produce more latency which reduces the TP of the network. The routing procedure takes more time than the time to live value assigned by the source node. The methods produce more packet drop ratio; the poor route management as well reduced security for intrusion detection because the node deletes the path available once there is no data transfer for some time. Some of the approaches use control messages to collect the neighbor information which increases the overhead of additional packets transmitted and indirectly increases the traffic and latency in the WSN. Throughput: The cost generated by the previous approaches due to network overhead reduces the packet delivery ratio and network throughput. Keywords : Wireless Sensor Network, Throughput, Intrusion Detection System.

INTRODUCTION

A Computer Network is an interconnected group of autonomous computing nodes which use a welldefined, mutually agreed set of rules and conventions known as Protocols, interact with one-another meaningfully and allow resource sharing preferably in a predictable and controllable manner. Wireless sensor networks have exhibited significant growth within the last few years in both home and corporate environments. In the current network age, the security issues is the most paramount topic in networking, securing network boundaries using intrusion detection system ensures maintenance of many company assets and ensures the services reliability as such many companies and organizations spends more in security in order to maintained their services. However, as a result of vast increase in technology and lack of integrating good security practice in software and hardware design which has leads to backdoors, bugs and so on. A number of network attacks are increasing dramatically, ranging from denial of services, IP spoofing eavesdropping, mitnick, man in the middle attack (MITM) masquerading and malware attacks (Snehal and Jadhav,2010)[11]. These attacks have made traditional network security mechanism ineffective, which requires additional defense mechanism that can analyze, detect and mitigate these attacks. However, in order to address these challenges, intrusion detection system is now widely used as a network perimeter security. Intrusion detection has been almost studied nearly 20 years back (Ning and Jajodia, 2001)[12]. Intrusion detection system is deployed in conjunction with other security mechanism to provide a better network defense against unauthorized access by user and malicious code attacks. However, several reasons make deployment of intrusion detection system to be unavoidably part of the entire defense system. Many systems and applications are deployed without much security consideration and due to lack of good security practices in computer related application design. Moreover, a lot of different open source and commercial intrusion detection systems are in existence, the different types of intrusion detection systems depend on the nature of the environment where these systems are deployed, either through Network-based intrusion detection systems or Host-based intrusion www.irjmets.com

@International Research Journal of Modernization in Engineering, Technology and Science

[1022]

e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science Volume:02/Issue:12/December -2020 Impact Factor- 5.354 www.irjmets.com detection system. The other categories of intrusion detection system are based on the techniques used in identifying network intrusion. The two major techniques include misuse and anomaly detection. However, signature-based detection techniques are used to identify malicious packet or code by matching the packet payload with the pre-defined signature stored on the system data base. This technique is considered as techniques used for detecting usually malicious packet or malware but despite its good quality in detection accuracy it present performance degradations when subjected in a higher traffic network (Salah and Kahtani, 2010)[13]. The performance limitation has lead to many problems associated with systems using signature based as a techniques for intrusion detection which includes packet dropping that happen as a result of excessive string processing by the pattern matching algorithm which nearly took almost 40% to 50% of the SNORT processing time. An example of signature-based technique is SNORT tool which also experience a higher number of packet dropping. However, SNORT tool is an open source intrusion detection system widely deployed in middle sized industries and most of campus networks. Because of its nature of flexible code, it has attract many researchers toward developing additional features that can meet user requirement example, SNORT Mysql pre-processor plug-in to monitor communication between client and mysql server and to be able to detect any anomalous packets (Steven M.Bellovin)[14].

LITERATURE SURVEY

K. Prabha, S.Sukumaran derived an ISPMA algorithm for single keyword pattern matching for IDS. They have compared their result with Boyer-Moore Algorithm, Horspool, Karp-Rabin algorithm , Brute force algorithm and illustrated that their ISPMA algorithm is faster and more reliable [1]. Lata ,Kashyap Indu and Nagaraju identified intrusion can be possible on the header part or payload part. Intrusion detection algorithms normally have high false alarm. The authors have proposed an algorithm which lowers the false alarm considerably [2]. V. K. Pachghare, Dr. Parag Kulkarni, proposed an efficient pattern matching Algorithm in order to overcome the troubles in network traffic[3]. Dai Hong proposed enhanced pattern matching performance using improved Boyer Moore Horspool Algorithm. Moreover the algorithm combines the deterministic finite state; the improved Boyer Moore Horspool Algorithm takes full use of the matching information to skip several characters. The proposed algorithm saves more memory resource, especially adapts to pattern string character sets and text character sets, matching speed increases greatly and pattern length and number influence hardly[4]. Priya jain, Shikha Pandey have done comparative study on various existing Pattern Matching Algorithms and confirmed that the Bayer Moore Pattern matching algorithm is the most efficient as well as fast and gives the accurate results [5]. Abhay Bhatia,Shashikant, Robin Choudhary exposed the challenges in pattern matching and shows the comparison between the existing and a proposed Optimized Pattern Matching (OPM) algorithm for finding out the matched links with the given number of links[6]. Akinul Islam Jony illustrates a widely used multiple string patterns matching algorithm . A theoretical and experimental result along with the analysis and discussion of the algorithms was presented[7]. Urmila Patel, Mitesh Thakkar, proposed an efficient version of Bidirectional Pattern is An Efficient Exact Single Pattern Matching (EESP) algorithm in which they tried to reduce pre-processing time and also found its all occurrences of the Pattern in to long Text String[8]. BruceW.Watson , gave a more practical algorithm for a special characterization of ‘matching productions’, using the transitive closure of a relation to deal with chain rules in the pattern grammar.The idea of shift distances greater than one symbol (as in the Boyer–Moore and Commentz-Walter algorithms) was also introduced[9]. Nguyen Le Dang, Dac-Nhuong Le, and Vinh Trong Le, presented a new algorithm for multiple-pattern exact matching. In their algorithm they reduced character comparisons and memory space based on graph transition structure and search technique using dynamic linked list. Theoretical analysis and experimental results, when compared with previously known pattern-matching algorithms,was highly efficient in both space and time[10].Seyedeh Yasaman Rashida, presented a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects not in the network based Intrusion Detection System[15].Martins Sapats, Nauris Paulins, have www.irjmets.com

@International Research Journal of Modernization in Engineering, Technology and Science

[1023]

e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science Volume:02/Issue:12/December -2020 Impact Factor- 5.354 www.irjmets.com done comparative and evaluation of pattern matching algorithms performance under the tool of Snort and Suricata has ability to use multithreaded design and the test results are Suricata algorithms more effective than Snort algorithms in multithreaded computing approach[11].A.B. Pawar, D.N. Kyatanavar, M.A. Jawale described the details about the implementation and experimental analysis of Advanced Intrusion Detection System (AIDS) with its prevention capabilities to provide detection of known as well as unknown intrusions in the computer system and also automatic alerts are given to the network administrator for applying prevention capabilities[12]. Leena Shibu, Dr.Ajeet Chikkamannur, presented a survey of current techniques used in social media fraud detection. The goal of this paper is to provide a comprehensive review of different techniques to detect frauds in social media. Fraud Detection an emerging field and, it is beginning to assume enormous importance in todayâ&#x20AC;&#x2122;s computing environment like the combination of facts such as the uninhibited growth of the Internet, the vast financial possibilities opening up in electronic trade, and the lack of truly secure systems make it an important, that neither of the models can detect all fraud attempts on their own [13]. A.B.Pawar , Dr.D.N.Kyatanavar and M.A.Jawale , gave a proposed system intends to speed up the attack data detection and its prevention could be improved by applying the attack data inference detection. But in the sense of growing business and interacting with each other, these networks and their data collections are highly targeted by all kinds of attackers like internal people, external attackers, hackers and even terrorists to exploit these networks and to damage their vital credentials because of weakness, security norms ignorance and little knowledge expertise of leaking security of individuals. sothere is really need to robust protection against such kind of intrusive attacks and their rise before massive damage to collected data resources, industries confidential, government credentials and individual details[14].Karthiga.R, Suresh , focused on reducing the memory size of the exact string patterns. But many string patterns are similar because of common sub-strings. It describes state-traversal mechanism, which can significantly reduce the number of states and transitions by merging pseudoequivalent states while maintaining correctness of string matching [15].

II.

PROBLEM BACKGROUND

Intrusion Detection System (IDS) has become an indispensable tool for recognition and respond to suspicious activity for computing resources. They are responsible for analyzing network traffic and identify potentially malicious information mode. Each substance is an intrusion detection system underlying the pattern matching processing algorithms. These algorithms have low complexity and must be able to match the input of simultaneous mode. The network based intrusion detection system activities monitors all the intrusion detection is the process of monitoring and events occurring in a computer system or network it analyses their possible occurrence, it is a sign violation or breach of computer threats looming Security policies, acceptable use policies. Intrusion Detection System (IDS) concentrates in identifying promising incidents, logging information about them, and they reported to the security administrator. Intrusion detection systems often records information about the observed events; notifies security administrators and generate reports. Since the growth of the network environment the need to check the complexity of the payload, the data packet increase application layer. String matching, which is critical network intrusion detection system, checks using a set of payload and detects malicious network attacks rules. The invasion may occur in header part or payload header portion signature based IDS are used to mitigate this invasion. Many patterns matching algorithm has a high false positives. Recommendation of Logo Pattern Matching (LPM) programs to reduce the false alarm rate to a wide range of levels to effectively detect intruders. The proposed Logo Pattern Matching algorithm uses contemporary intrusion detection systems. Therefore, this research will focus on studying the pattern matching algorithms used by SNORT signature based detection system and compares these algorithms with the proposed algorithm and shows that the Logo Pattern Matching yields better performance.

www.irjmets.com

@International Research Journal of Modernization in Engineering, Technology and Science

[1024]

e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science Volume:02/Issue:12/December -2020 Impact Factor- 5.354 www.irjmets.com III.

WIRELESS SENSOR NETWORK

IV.

OVERVIEW OF INTRUSION DETECTION SYSTEM

An intrusion detection system (IDS) is a type of security software designed to automatically alert administrators when someone or something is trying to compromise information system through malicious activities or through security policy violations. An IDS works by monitoring system activity through examining vulnerabilities in the system, the integrity of files and conducting an analysis of patterns based on already known attacks. It also automatically monitors the Internet to search for any of the latest threats which could result in a future attack. In order to ensure that optimal measures are taken against cyber criminals, professionals in the cyber security industry have suggested that a comprehensive set of tools must be used to form a solid shield around a company’s virtual intellectual property. A vital part of these tools are Intrusion Detection Systems (IDSs). The underlying operation of IDSs hasn’t changed much since their first inception in the late 80’s and early 90’s. In general, an IDS is deployed on the inside of the network, past all firewalls and routers. Depending on the scale of the organization’s infrastructure and the need for optimal security (banks, government associations, etc.) multiple systems might be installed in separate nodes of the network. The primary function of IDS is to monitor incoming and outgoing network traffic and apply various algorithms in order to detect patterns of information, called signatures that correspond to a specific intrusion. Once an attack is detected the system triggers an alarm and logs the event in a database so that it can be properly examined by a security professional. However, before we attempt to write an algorithm that recognizes these patterns we must establish a definition for an intrusion which is not a trivial task. Modern computer systems and networks are very complex with thousands of processes being executed every second on different levels.

PATTERN MATCHING ALGORITHMS

5.1 SINGLE KEYWORD PATTERN ALGORITHMS The Boyer-Moore algorithm and its variants are widely used in the string matching. The Horspool algorithm performs the comparison in a simple way, which works for most of the practical cases. The Brute Force algorithm requires no preprocessing of the pattern. In the Karp-Rabin Algorithm has the main idea is that instead of using comparisons it involves mathematical computations which more specifically extends to the notion of hashing concepts.     

Boyer-Moore algorithm (BM) Horspool algorithm (HA) Karp-Rabin Algorithm (KR) Brute Force Algorithm (BF) Knuth-Morris-Pratt Algorithm (KMP)

www.irjmets.com

@International Research Journal of Modernization in Engineering, Technology and Science

[1025]

e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science Volume:02/Issue:12/December -2020 Impact Factor- 5.354 www.irjmets.com 5.2 MULTIPLE-KEYWORD PATTERN MATCHING ALGORITHMS The pattern matching algorithms pertaining to the general keyword pattern matching problem are the ones of particular interest in this thesis. The set of algorithms that solve this problem is growing all the time and slight variations of the algorithms do exist. The classifications of Multiple-Keyword Pattern Matching Algorithms are:    

Aho-Corasick Algorithm Commentz-Walter Algorithm Wu-Manber Algorithm Fan-Su Algorithm

VI.

SNORT INTRUSION DETECTION SYSTEM

6.1 Components of SNORT SNORT is logically divided into multiple components. These components work together to detect particular attacks and to generate output in a required format from the detection system. A SNORT-based IDS consists of the following major components: 1. 2. 3. 4. 5.

Packet Decoder Preprocessors Detection Engine Logging and Alerting System Output Modules

Figure 8.1 shows how these components are arranged. Any data packet coming from the Internet enters the packet decoder. On its way towards the output modules, it is either dropped, logged or an alert is generated.

Fig.-1: Architecture of SNORT. A brief introduction to these components is presented given below: Table 1: Different Components of SNORT Name

Description

Packet Decoder

Prepares Packets for Processing

Preprocessors or Input Plug-in

Used to normalize protocol headers, detect anomalies ,Packet reassembly and TCP stream re-assembly

Detection Engine

Applies rules to packets

Logging and Alerting System

Generates alert and log messages

Object Modules

Process alerts and logs and generate final output

www.irjmets.com

@International Research Journal of Modernization in Engineering, Technology and Science

[1026]

e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science Volume:02/Issue:12/December -2020 Impact Factor- 5.354 www.irjmets.com VII.

PROPOSED LOGO PATTERN MATCHING ALGORITHM

The two phases of the proposed algorithm are (i) preprocessing phase, (ii) searching phase and also two tables are used named Prefix table and Suffix Table. Step1: In the first phase, the Logo Pattern Matching Algorithm (LPMA) performs the same preprocessing phase as in the existing two algorithms. It prepares the hash function used in KR algorithm and the bmBc table used in HP algorithm for the pattern. Step 2: The process of computing hash functions for the patterns and text window are exactly the same as the process of creating them in the existing KR algorithm. The bmBc table is the same as it was in the existing HP algorithm. In the searching phase, the Logo Pattern Matching Algorithm (LPMA) performs the comparison between the pattern and the text by utilizing the advantages of the KR and HP. Step 3: After the preprocessing phase has finished, the comparison start between the text and pattern by comparing the numerical value of pattern hash and window text hash. Step 4: Whether, if the two hash value are not identical then the LPMA perform the shifting and also logo is attached. Step 5: Next Shift to the right based on the values of right most character for the window text in the bmBc table. This will speed up the algorithm during the comparison process and it reduced the number of character comparison by using the hash function.

VIII.

TECHNIQUES OF INRUSION DETECTION SYSTEM

There are two types of techniques in the intrusion detection systems mechanism, such as i) Signature-based Detection Technique ii) Anomaly-based Detection Technique 9.1. Signature-based Detection Technique Different types of Intrusion Detection Systems in an important aspect of the detection mechanism. It is fundamentally important to acknowledge the differences of the two main types of detection – signaturebased and anomaly-based. Signature-based detection is the more common approach used in modern IDSs. Its principle is based on signatures – patterns (or blocks) of information that represent a specific security risk. These signatures are pre-defined by the vendors offering IDS solutions 9.2. Anomaly-based Detection Technique Anomaly-based detection, on the contrary, is a much more sophisticated approach for detecting intruders. The underlying concept is very close to the human behavior. First to define a “normal” state of a target device or a network node and then we monitor to see if any deviation from this “normal” behavior will occur. This process is also referred to as profiling because we must pre-defined various profiles for users, hosts, services, applications or network segments. Usually it takes several weeks to complete a full and accurate profile before the system is deployed.

IX.

CLASSIFICATIONS OF INRUSION DETECTION SYSTEM

10.1 Network-based IDSs (NIDSs) In order to further classify IDSs into two types of attacks, each system recognizes and the number of devices they protect. In general, Network Intrusion Detection Systems (NIDSs), are responsible for protecting multiple hosts (or subnets of hosts) while Host Intrusion Detection Systems (HIDSs) are designed to specifically monitor single machines. Figure 12.2.1 shows a typical deployment of NIDSs within a small business. A few different components comprise a NIDS: IDS Sensor – a hardware device responsible for monitoring the network packets as they arrive from the router and the DMZ switch.

www.irjmets.com

@International Research Journal of Modernization in Engineering, Technology and Science

[1027]

e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science Volume:02/Issue:12/December -2020 Impact Factor- 5.354 www.irjmets.com Management Server – after the packets are detected a copy is sent off to the Management Server which is accountable for performing preliminary analysis of the packets and categorizing them based on the types of attacks detected. This helps security officers to more easily examine the logs. The Management Server then logs the alerts in a Database Server which is some instances could be the same machine. IDS Console – this is a terminal which administrators use to log into the system and examine the alerts in greater detail. The IDS console could be any type of desktop or laptop and sometimes it might not be located inside the organization’s Intranet – this machine could be an outside host that connects to the Management Server via a secure VPN connection.

Fig.-2: A typical deployment of a Network Intrusion Detection System 10.2 Host-based IDSs (HIDS s) HIDSs, on the other hand, are installed onto single machines and designed to solely protect the host they reside on. But most importantly, HIDSs do not focus on scanning the network packets but instead they monitor the system behavior by constantly monitoring file modifications, changes in system resources (disc space, CPU, memory, cache, bandwidth), suspicious performance of various applications, changes in the event logs, user activity, and audit trails of the machine. Since many attacks these days are focused solely on web servers or various web applications, Host Intrusion Detection Systems can be deployed and configured to specifically monitor the activities of a network service or application. 10.3 Distributed IDS There is one more loosely-defined type of IDS – Distributed Intrusion Detection System (DIDS). Its primary use is in large organizations or institutions where protection of intellectual property is of critical importance (government facilities, data centers, banks, healthcare providers). In such networks we usually deploy several NIDSs or HIDS in the most significant nodes. Each NIDS usually monitors only a few devices (such as web server and FTP servers) instead of being responsible for the whole network. This way the traffic monitoring is segregated and the load on each IDS is decreased which leads to more accurate detection. All NIDSs report to a NIDS Management Station where alerts are logged and analyzed.

Fig.-3: Distributed Intrusion Detection System

www.irjmets.com

@International Research Journal of Modernization in Engineering, Technology and Science

[1028]

e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science Volume:02/Issue:12/December -2020 Impact Factor- 5.354 www.irjmets.com X.

EXPERIMENTAL RESULTS

The proposed approach is implemented using SNORT. The evaluation of the proposed method is performed based on the factors Efficiency, Runtime, Space and Accuracy performance. The challenges outlined as a result of inefficiency of the pattern matching algorithms to efficiently perform pattern matching. In addition, this research work aims to compare the existing pattern matching algorithm and proposal of logo pattern matching algorithm implemented by the SNORT IDS. These algorithms in order to evaluate their performance and recommend for the implementation of the new pattern matching algorithm that will enhance SNORT detection performance. The proposed Logo Pattern Matching scheme reduces false alarm percentage to an extensive level and detects the intruder efficiently. 11.1 Throughput It is defined as the total amount of data, that the destination receives them from the source which is divided by the time it takes for the destination to get the final packet. Throughput= Total number of transferred packets / Time taken The following table 2 shows that, the experimental results of the throughput of Energy Efficient Clustering, Distributed Logo pattern, ALPGS, RAELPM against varying the percentage of malicious nodes. Table-2: Effect of malicious node on Throughput Energy efficient Clustering

Distributed Logo pattern

ALPGS

RAELPM

14560

15920

16300

17700

14120

15821

16350

17650

13000

15046

16320

17350

13052

14021

16290

17400

13225

14069

15900

17250

13152

14120

15820

17150

13420

14125

15940

17075

13455

14200

15995

17050

13460

14260

15870

17000

Throughput in packets

Nodes

20000 15000

10000 5000 0 0

Number of Nodes Energy efficient Clustering

Distributed Logo pattern

ALPGS

RAELPM

Fig.-2: Effect of the malicious nodes on Throughput www.irjmets.com

@International Research Journal of Modernization in Engineering, Technology and Science

[1029]

XI.

CONCLUSION AND FUTURE SCOPE

This work identifies the number of promising algorithms and provides an overview of recent developments in the single keyword pattern matching for IDS. The Boyer-Moore Algorithm uses two tables and matching starts with right to left, but in Horspool uses only one table and the matching is faster than the Boyer-Moore. The Brute force algorithm requires no preprocessing of the pattern. The Kunth –Morris - Pratt algorithm performs the comparisons from left to right. Karp-Rabin algorithm is based on hashing approach. The proposed Logo Pattern Matching algorithm is compared with the exiting algorithms and the result shows that the algorithm is faster and more reliable in network security applications. The results of algorithm show an improvement in average comparing, faster than the original algorithms, less character comparison and performs less number of attempts compared to the exiting algorithms. In future work, it will enhance the method by moving toward the distributed computing to reduce the workload of system and consequently improve the speed and accuracy of the detection of malicious activities.

XII. [1] [2] [3]

[4]

[5]

[6] [7]

[8]

[9]

[10]

[11] [12] [13]

REFERENCES

Bruce W. Watson “A new regular grammar pattern matching algorithm” 2002 Elsevier Science , Theoretical Computer Science 299 (2003) 509 – 521. V.K. Pachgharel, Parag kulkarni,” Network Security Based On Pattern Matching: An Overview “, International Journal of Computer Science and Network Security, VOL.8 No.10, October 2008 Dai Hong, Anshan, Liaoning,” Enhanced Pattern Matching Performance Using Improved Boyer Moore Horspool Algorithm”, Journal of Convergence Information Technology, Volume7, Number4, March 2012 Priya jain, Shikha Pandey,” Comparative Study on Text Pattern Matching for Heterogeneous System”, International Journal of Computer Science & Engineering Technology , ISSN : 2229-3345 Vol. 3 No. 11 Nov 2012. Abhay Bhatia, hashikant, Robin Choudhary, “Comparative Study of Pattern Matching Using Text Mining”, International Journal of Research Review in Engineering Science and Technology (ISSN 2278- 6643) | Volume-1 Issue-1, June 2012 Lata, Kashyap Indu,” Novel Algorithm for Intrusion Detection System”, International Journal of Advanced Research in Computer and Communication Engineering, Vol. 2, Issue 5, May 2013 K. Prabha, S.Sukumaran, “Improved Single Keyword Pattern Matching Algorithm for Intrusion Detection System”, . International Journal of Computer Applications (0975 – 8887) Volume 90 – No 9, March 2014 Akinul Islam Jony,” Analysis of Multiple String Pattern Matching Algorithms”, International Journal of Advanced Computer Science and Information Technology, Vol. 3, No. 4, 2014, Page: 344-353, ISSN: 2296-1739 Urmila Patel, Mitesh Thakkar,”An Efficient Exact Single Pattern Matching Algorithm”, International Journal of Advanced Research in Computer Engineering & Technology Volume 3 Issue 5, May 2014 Nguyen Le Dang, Dac-Nhuong Le, and Vinh Trong Le,” A New Multiple-Pattern Matching Algorithm for the Network Intrusion Detection System “International Journal of Engineering and Technology, Vol. 8, No. 2, April 2016 Snehal and Jadhav,”Wireless Intrusion Detection System”, International journal of computer Applications, Vol 5,no 8,Aug 2010 Ning and Jajodia, “Abstraction-based Intrusion Detection in Distributed Environments”, Vol 4,issue 4, ACM Transactions on information and system Security, Page 407-452,2001 K. Salah and A.Kahtani, ,”Performance evaluation comparison of SNORT NIDS under Linux and Windows”,Vol -33,issue 1,Jan2010

www.irjmets.com

@International Research Journal of Modernization in Engineering, Technology and Science

[1030]

e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science Volume:02/Issue:12/December -2020 Impact Factor- 5.354 www.irjmets.com [14] [15]

Steven M.Bellovin,”Firewalls and Internet Security book ”2010 Seyedeh Yasaman Rashida,” Hybrid Architecture For Distributed Intrusion Detection System In Wireless Network”, International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.3, May 2013

[16]

B. Raju and B. Srinivas,” Network Intrusion Detection System Using KMP Pattern Matching Algorithm”,International Journal of Computer Science and Telecommunications Volume 3, Issue 1, January 2012

[17]

V. K. Pachghare1, 2. Parag Kulkarni,” Network Security Based On Pattern Matching: An Overview “,International Journal of Computer Science and Network Security, VOL.8 No.10, October 2008 P. Nagaraju, “Intrusion Detection System Using Pattern Matching Algorithms”, JECET; March 2015-May 2015; Sec. B; Vol.4.No.2, 149-157 Najib Kofahi and Ahmed Abusalama,” A Framework for Distributed Pattern Matching Based on Multithreading”, The International Arab Journal of Information Technology, Vol. 9, No. 1, January 2012 Shivani Jain, A.L.N. Rao,” A Comparative Performance Analysis of Approximate String Matching “,International Journal of Innovative Technology and Exploring Engineering, ISSN: 2278-3075, Volume-3, Issue-5, October 2013 Devaki Pendlimarri , .Devaki Pendlimarri,” Novel Pattern Matching Algorithm for Single Pattern Matching”, International Journal on Computer Science and Engineering ,Vol. 02, No. 08, 2010, 2698-2704.

[18] [19]

[20]

[21]

www.irjmets.com

@International Research Journal of Modernization in Engineering, Technology and Science

[1031]