ABSTRACT After researching the topic, the author has researched and learned the operating principles of components in the IoT environment, the Snort system, how it works, and how to iss
Trang 1RESEARCH AND BUILD ALARM SYSTEMS IN THE IOT ENVIRONMENT
*1Dong Nai Technology University, Dong Nai 76000, Vietnam
ABSTRACT
After researching the topic, the author has researched and learned the operating principles of components in the IoT environment, the Snort system, how it works, and how to issue alerts when an intrusive behavior takes place in this environment Also, understand how to output and alert as well as how to configure snort on Ubuntu 16.04 operating system Besides using the developer's rules, the author also has to learn how to write and build rules for the research environment appropriately
Keywords: IoT environment, Snort system, intrusive behavior
Businesses and countries around the world are being equipped with a lot of IoT-connected devices [1], [2], with the more devices in the IoT environment, the higher the chance of errors [3], [4] Their security mechanism has not improved and the number of threats is still increasing, so detection and prevention of attacks in this environment are essential
The topic is researched towards monitoring the central server controlling IoT devices, knowing the basic characteristics of an IDS system, and being able to apply it in practice [5], [6] Help users to know the sessions from which device
2.1 Research objective
- Snort services and how they work, configuration
- Protocols and packets
- Detection and containment system, Snort Inline
2.2 Research Methods
- Learn about IDS
- Learn about Snort
- Learn about control protocols in IoT systems
- Learn about the packets and ports of the IoT system
- Synthesis of attack methods and signals
- Deploy the system on Snort
Snort is a NIDS/NIPS which is an open-source product [7], [8] In the report, Snort plays the leading role in the system Snort is applied for alarm in the monitoring system and anomaly detection in the IoT environment
To implement the test detection system on Snort we go through the following steps:
- Know the IP addresses in the LAN;
- Choosing the right equipment;
- Installation and Configuration;
- System Test
Trang 2Figure 1: Running Snort
Snort should be placed in front of the control server because all packets must go through snort before reaching the server, and help protect the server against attacks
4.1 Models
Figure 2: Applicable models
4.2 Attack prevention test of SNORT
4.2.1 Attack ping of death (DOS)
First, add a rule with the following content to the local.rules file to detect the attack
Snort will display the Alerts continuously
Then add the following rule to prevent Attacks
Figure 3: Rule detects Attack
Figure 4: Detection test results
Figure 5: Preventive Rules
Trang 3After adding the rule, run snort in inline mode and the result:
Figure 6: Blocking results of Dos
Dos interface on the attacker's side:
Figure 7: Result after being blocked by the attacker
4.2.2 Attack Syn Flood
Prevention: Add the following rules to Snort
Figure 8: Rule used to block Syn Attack
Figure 9: Syn Attack blocking result
5.1 Conclusions
Some results have been achieved:
- Detect anomalous behavior taking place in the IoT environment
- Show alerts through the Base interface
- Store the time, IP address of the intrusion object through the database stored in MySQL
- Prevents attacks like Ping of Death and Syn Flood
Finally, synthesize what has been done into a product displayed on the monitor screen to detect and help prevent system intrusion
5.2 Development orientations
Upgrade the detection system and prevent more types of intrusion into the Server's resources At the same time, develop new rules suitable for the IoT environment
Trang 4VI REFERENCES
[1] P Gokhale, O Bhat, and S Bhat, "Introduction to IOT," International Advanced Research Journal in Science, Engineering and Technology, vol 5, no 1, pp 41-44, 2018
[2] S Madakam, V Lake, V Lake, and V Lake, "Internet of Things (IoT): A literature review," Journal of Computer and Communications, vol 3, no 05, p 164, 2015
[3] T Lin, "Deep Learning for IoT," in 2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC), 2020, pp 1-4: IEEE
[4] R Van Kranenburg and A Bassi, "IoT challenges," Communications in Mobile Computing, vol 1, no 1, pp
1-5, 2012
[5] V Bukac, "IDS system evasion techniques," Master Masarykova Univerzita, 2010
[6] A Kumar and A Rani, "LSTM-Based IDS System for Security of IoT," in Advances in Micro-Electronics, Embedded Systems and IoT: Springer, 2022, pp 377-390
[7] B Caswell and J Beale, Snort 2.1 intrusion detection Elsevier, 2004
[8] M Roesch, "Snort: Lightweight intrusion detection for networks," in Lisa, 1999, vol 99, no 1, pp 229-238