Intrusion Detection System experiment

You are required to write an academic report of a maximum of 1000 words based on practical experience of applying an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) using Snort. Snort is an open source, free, lightweight network intrusion detection and prevention system. You are required to simulate any three cyber-attacks of your choice and use an IDS/IPS (Snort) to detect the simulated attack. You may simulate your chosen cyber-attacks in a Virtual Machine (VM) and detect them using an IDS/IPS (i.e., Snort) either in the same VM or a separate one. For the simulation of your chosen attacks, you may use any code-based, tool-based or command-based attack. You may write your own attack code or may find it from any source (which you should reference in the case of the latter).

Context:

You are required to write an academic report of 1000 words based on practical experience of applying an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) using Snort. Snort is an open source, free, lightweight network intrusion detection and prevention system. You are required to simulate any three cyber-attacks of your choice and use an IDS/IPS (Snort) to detect the simulated attack. You may simulate your chosen cyber-attacks in a Virtual Machine (VM) and detect them using an IDS/IPS (i.e., Snort) either in the same VM or a separate one. For the simulation of your chosen attacks, you may use any code-based, tool-based or command-based attack. You may write your own attack code or may find it from any source (which you should reference in the case of the latter).
Your report should present, in detail, your understanding and practical experimentation on IDS/IPS using Snort.

Your report should cover the following points:
1. Introduction: Describe your three chosen cyber-attacks all of which can be protected via the use of IDS/IPS. (10%)

For each of the attacks, provide the following information:
2. Attack Simulation: For attack simulation you will first need to decide on the virtual network setting and the attack simulation to use. For the virtual network setting you will need to decide how many virtual machines (VMs) you will have, what operating system each VM will have, which VM will be the attacker, which VM will be the victim, and which VM will contain the IDS/IPS (Snort). You are required to draw a diagram to show your network setup. You may use one diagram for all cyber-attack simulations if your simulation network set-up is the same for all attacks.

You must explain how you have simulated the attack to demonstrate that you have understood how it works. You are encouraged to use a screenshot of the attack simulation output in support of your claim. (40%)

3. IDS Configuration: Demonstrate how you configured the IDS/IPS (Snort) to protect against each of the attacks. You need to document the rules and the explanation of the rules. (30%)

4. Validation: Demonstrate how your configuration was successful in protecting against the attacks. You need to show the output of Snort in detecting each of the attacks. (20%)


The word count for the report is 1000 (+/- 20%) excluding references. A 10% penalty will be applied to reports where the wordcount exceeds 1200. There is no formatting restriction for the coursework, therefore you may choose any format for the report.