Download presentation
Presentation is loading. Please wait.
Published byBrendan Weaver Modified over 9 years ago
1
Using CLIPS to Detect Network Intrusions - (CLIPNIDS) Phase I MSE Project Sripriya Marry Committee Members Dr. David Gustafson (Major Professor) Dr. Rodney Howell Dr. Mitchell Nielsen
2
Overview Problem Statement Purpose and Motivation Background Project phases Project Requirements User Interface Cost Estimation Effort Distribution
3
Problem Statement Objective To update Clipnids with the signatures of latest network attacks so as to detect and notify network administrators about any unauthorized access to the network resources by intruders
4
Purpose and Motivation To excel in the Linux, C and GNU Programming. Inspired by SNORT.
5
Background Intrusion detection: Process of monitoring the events occurring in a computer system or network and analyzing them for signs of intrusion. Types of Intrusion Detection Systems: Network-based IDS Host-based IDS Application-Based IDS
6
Types of Analysis: Misuse Detection Anomaly Detection Types of Response: Passive measure Active measure Conclusion: CLIPNIDS is Network-based IDS, that uses “Misuse Detection” analysis technique for detecting intrusions and uses “Passive Measure” to Respond to intrusions.
7
Project phases Inception Phase. Elaboration Phase. Production Phase
8
Inception Phase Vision Document 1.0 Project Plan 1.0 Software Quality Assurance Plan Prototype
9
Project Requirements Actors identified for Clipnids. Use-Case diagram. Tasks required to achieve the objective of the project.
10
Actors identified for Clipnids. Network Clipnids System Administrator
11
Use-Case diagram.
12
Tasks required to achieve the objective of the project. Strong knowledge of Linux, C, GNU Programming and Bash scripting language. Strong knowledge of GDB tool for debugging. Migration of source code of CLIPNIDS from PCAP to DAQ to capture packets.
13
Integrating of latest versions of decoders and pre-processors from SNORT into CLIPNIDS Identifying the version of SNORT using which CLIPNIDS decoder and pre-processors were built. Possessing the latest version of SNORT. Good understanding of working of expert-system CLIPS. Good understanding of working of CLIPNIDS and its architecture. Good understanding of working of SNORT and its architecture.
14
Modifying of “conf.clp” file to alter configuration settings for CLIPNIDS based on the latest pre-processors. Adding new CLIPS files to incorporate the latest signatures of intrusions into pattern database of CLIPNIDS.
15
User Interface
17
Cost Estimation COCOMO Model is used as cost estimation for CLIPNIDS Effort = C1 * EAF * (Size) P1 Time = C2 * (Effort) P2 Organic Mode C1= 3.2 C2= 2.5 P1= 1.05 P2= 0.38
18
ParameterValueLevel RELY1.00Nominal DATA1.08High CPLX1.15High TIME1.11High STOR1.06High VIRT0.87Low TURN1.00Nominal ACAP0.86High AEXP1.00Nominal PCAP0.86High VEXP1.10Low LEXP0.95High MODP1.00Nominal TOOL1.00Nominal SCED1.00Nominal Parameter NameEffort Adjustment FactorValue Range RELYRequired Reliability0.75-1.40 DATADatabase Size0.94-1.16 CPLXProduct Complexity0.70-1.65 TIMEExecution Time Constraint1.00-1.66 STORMain Storage Constraint1.00-1.56 VIRTVirtual Machine Volatility0.87-1.30 TURNComputer Turnaround Time0.87-1.15 ACAPAnalyst Capability0.71-1.46 AEXPApplications Experience0.82-1.29 PCAPProgrammer Capability0.70-1.42 VEXPVirtual Machine Experience0.90-1.21 LEXPLanguage Experience0.95-1.14 MODPUse of Modern Practices0.82-1.24 TOOLUse of Software Tools0.83-1.24 SCEDRequired Development schedule1.10-1.23
19
Effort Estimation – Gantt chart
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.