Installation, Extension, and Experimentation of a Network Intrusion Detection System

Sponsor	Wenke Lee wenke@cc.gatech.edu Room 222, CCB http://www.cc.gatech.edu/~wenke
Area	Information Security

Problem

As the Internet plays an increasingly important role in our society, e.g., the infrastructure for E-Commerce and Digital Government, criminals and enemies have begun devising and launching sophisticated attacks motivated by financial, political, and even military objectives. It is imperative that we provide the best protection possible for our network infrastructures. Intrusion detection is a critical component of the defense-in-depth network security mechanisms. An intrusion detection system (IDS) collects and monitors operating system and network activity data, and analyzes the information to determine whether there is an attack occurring.

The purpose of this project is to gain experience with network intrusion detection. Students will:

compile, install, and configure a network intrusion detection system;
extend it to detect more intrusions;
study ways to evade it; and
evaluate its detection performance.

Interested students should contact Wenke Lee to get the source code of the network IDS and pointers to attack programs.

Deliverables

Students should expect to give a demo, turn in the modified network IDS, and write a 5-10 page report summarizing the project.

Evaluation

Evaluation is based on the quality of your deliverable.