Date of Award

Fall 2002

Document Type

Thesis

Degree Name

Master of Science in Computer Engineering - (M.S.)

Department

Electrical and Computer Engineering

First Advisor

Constantine N. Manikopoulos

Second Advisor

Bin He

Third Advisor

Sotirios Ziavras

Abstract

In this master's thesis work, a program was developed using the Perl programming language to enable user defined attack programs to run automatically. A similar program was also developed for background traffic. With this program, the different features of the Nmap exploration and scanning tool were exploited to build scenarios of attacks.

Automated scenarios of attacks running in to the order of hundreds were developed. Also, different sets of automated stealthy attacks scenarios running in to the order of hundreds were developed using the timing modes, stealthy scans and scan delay features of Nmap.

These automated attacks scenarios were employed in the evaluation of the Snort intrusion detection system. It was discovered that 73% of all the Nmap's scanning types and discovery methods that were used in this work resulted in scanning activity. The Snort intrusion detection system detected and produced alerts on every of the 73% Nmap's scan types and discovery method that resulted in scanning activity. Snort was found to have a non-existent false alarm rate and a very high detection rate of 100% using these attacks scenarios and background traffic.

The developed attacks scenarios program were found to be easy to use, efficient, and easy to expand by setting only the type of attacks, parameters of the attack, and the delay time between two successive attacks in a configuration file.

Share

COinS