This interim report summarizes the progress made on a project to develop a Java-based intrusion detection system tool. The tool will monitor network traffic by capturing packets from the host machine interface using the Jpcap library. Work accomplished so far includes researching IDS and honeypot technologies, learning to use third party Java libraries, developing a GUI to list interfaces and select one for packet capture, capturing live packet streams, port scanning the selected interface, and storing captured packets to a file. Future work includes improving the GUI, connecting to a NoSQL database, analyzing log files, and implementing honeypots and testing with JUnit. The goal is to create a complete IDS with functionality like interface selection, packet capture, port blocking rules
Transaction Management in Database Management System
IDS Prototype Captures Network Traffic
1. 1 | P a g e
ATHLONE INSTITUTE OF TECHNOLOGY
SCHOOL OF ENGINEERING
Final Year Project Interim Report
Akash Raj guru (A00226145)
BACHELOR OF ENGINEERING (HONS) IN SOFTWARE ENGINEERING
YEAR 4
SUPERVISOR: Mr. Paul Jacob
INTRUSION DETECTION SYSTEM
2. 2 | P a g e
CONTENTS
PAGE
CHAPTER 1: INTRODUCTION ANDPROJECT OUTLINE 3
1.1 Projecttitle and Interpretation 3
1.2 ProjectMotive 3
1.3 ProjectAims and Objective 3
CHAPTER 2: RESEARCH 4
2.1 Technologies 4
2.2 Application Domain 4
CHAPTER 3: REQUIREMENTS 5
CHAPTER 4: WORK DONE TILL DATE 6
4.1 Work Accomplished 6
4.2 Screen Shots 6
CHAPTER 5: REFERENCES 7
3. 3 | P a g e
CHAPTER 1 INTRODUCTIONAND PROJECT OUTLINE
1.1Project Title and Interpretation
TITLE: “Intrusion Detection System”
The goal of this project is to design and develop fully
implementable and tested java based intrusion detection system tool, which can
monitor network traffic from the host machine by capturing the network
packets from the live network. I have made the assumption that this tool will
be able to capture the network packets and allows the administrator to analyze
the capture packets and can also be able to provide some feature to control
network traffic. Tool will also able to dump (store) the captured information
into a particular file format and provide to some routines to analyze the stored
information. This project also employee’s software testing where tool like
JUnit is used to perform unit testing on the code of actual software.
1.2Project Motivation
As we know that internet is growing day by day and from small to large
enterprise, institute are creating their own private network (LANs) for the
batter performance between computers systems as well as for data protection.
So it safer to have in house software which monitor’s the internal as well as
external network traffic to find and avoid intrusion to the network.
1.3 Project Aims and Objectives
The initial proposal for the project is aimed at implementing the following:
1. To be able to list the network interfaces on host computer.
2. To be able to capture the packets on selected network interface.
3. To allow TCP port scanning
4. To be able to save the capture information in txt file format
5. To be able transform to cloud ( Transformation to Cloud )
[Note: Requirements for the final application is listed in Chapter3 Requirements]
4. 4 | P a g e
CHAPTER 2 RESEARCH
2.1 Technologies
This project is based on java technology, so various java based libraries are
analyzed in order to achieve intrusion detection function. Some libraries like
Jpcap and JNetPcap, which allows us to capture packet in real time. It also
provides library for network protocols, packet decoding, remote capture and
also provides features like dumping captured packet to an offline file,
transmitting packet no network etc.
Library Used
Jpcap library:- is an open source network packet capture library which is
based on the libpcap and winpcap lirearies .
Jpcap captures Ethernet, TCP, UDP, IPv4, IPv6, ARP and ICMPv4
packets and analyzed each’s packet’s header and payload.
Packet class in jpcap is used to access packet field information and data.
[1]
JpcapCaptor class :- for capturing and filtering packets.
2.2 Application Domain
Captures packet from the specific network interface on the host
machine. Host based system runs on individual host or device on the network.
Monitors inbound and outbound packets network traffic for the particular
device only (core domain is network security).
[Note: Application domain may change by final product complication
(may go form host based to network based)]
5. 5 | P a g e
CHAPTER 3 REQUIREMENTS
Requirements for final application
Is to make complete IDS with following functionality:
System shall have proper GUI for user interaction.
System shall be able to list all the available network interface on host
machine.
System shall be able to select particular interface for packet capture.
System shall capture packets (inbound and outbound flow) from the
selected network interface.
System shall be able to scan TCP and UDP ports and display which port is
open.
System shall dump (store) the capture information in particular file format.
System shall allow administrator define rules like port blocking or
particular type of port filtering.
System shall connect to NoSql database to store every file.
System shall provide routines to analyze log files
System shall be tested using JUnit tool.
System shall have honeypot implementation with IDS
[Note: represents the functionality included in working prototype]
6. 6 | P a g e
CHAPTER 4 WORK DONE TILL DATE
5.1 Work Accomplished
To date, the majority of the work is done on both research and developing
prototype. The work that has done till to date can be categorized as follows.
1. Research on IDS and Honeypot.
2. Learning how to use third party java libraries with project.
3. Making user interaction GUI for the software prototype using standard
java library.
4. Prototype can able to list the available network interfaces on the host
machine, using a java class NetworkInterface in jpcap library.
5. Prototype can able to select the network interface for capturing packet.
6. Prototype can able to capture the packets from the live stream, using
jpcap.JpcapCaprot class in jpcap library.
7. Prototype can able to scan the open ports on the selected interface.
8. Prototype can able store the capture packet in to file.
5.2 Screen Shots
7. 7 | P a g e
CHAPTER 4 REFERENCES
https://www.youtube.com/watch?v=Uump9bPIER8
http://www.cs.wustl.edu/~jain/cse571-09/ftp/honey/#sec1.1
http://www.techopedia.com/definition/10278/honeypot
http://www.academia.edu/1275290/JPCAP_WINPCAP_USED_FOR_NETWORK_INTR
USION_DETECTION_SYSTEM
http://jnetpcap.com/