It is utmost importance the high level of security while ensuring safety and trusted communications between organizations. Network security always was suffering from lack of resources, while intruder’s knowledge is one step ahead. It seems that we are developing code by testing which is neither wrong nor right rather than testing by development. Based on this fact an IDS system would achieve better efficiency and effectiveness if it was designed by a hacker. APT threats are not new threats, instead are old threats that redeployed with advance knowledge on protocols. APT threats does not pose intelligence on the code itself, rather than on the methodologies they use to keep their appearance almost unknown through a system and their persistency to identify a system or application vulnerability.
Present thesis acts as guidance in order to setup an IDS and evaluate its results. Part of this guidance is to investigate existing IDS systems behavior. We analyze both the types of intrusion detection systems HIDS – NIDS and identify main fundamental components of APT/AVT threats. This thesis aims in transforming already documented security policy into Zeek rules against live network traffic.
Collections
Show Collections