DESIGNING RULES TO IMPLEMENT RECONNAISSANCE AND UNAUTHORIZED ACCESS ATTACKS FOR INTRUSION DETECTION SYSTEM

Abstract

Network attacks are classified according to their objective into three types: Denial of Services (DOS),reconnaissance and unauthorized access. A base signature Intrusion Detection System (IDS) which gives an alarmwhen the monitor network traffic meets a previously specified set of criteria of attack traffic. This paper will focuson design, compose, and process IDS rules, and then to decide whether that packet is intrusive or not, by examiningthe signatures of the attacks in both incoming packets headers and payload to networks. Packet sniffer is performscapturing, decoding and reassembling of the network packet traffic, then passes it to the programmed rules. Linuxbacktrack tools was used to implement an IDS scenario for two types of attacks (Reconnaissance