A Graphical User Interface Framework for detecting Intrusions using Bro IDS

Abstract

Internet has transformed and greatly improved the way we do business, the network and its associated technologies have opened the door to an increasing number of threats from which corporations must protect them. To protect the network, Network Security is needed. To make network secure, an Intrusion Detection System is needed. An intrusion is used to monitor network traffic, check for suspicious activities and notifies the system or network administrator. Many open source tools are available for detecting intrusions in a network. Most common of these are Snort and Bro .In this paper, the main emphasis will be to explore Bro. However, based upon CPU utilization and memory constraints, performance analysis of Bro and Snort is done. Taking a closer look at open source Network Intrusion Detection System, there is a very powerful open source system that is termed as Bro. It passively monitors network traffic and looks for suspicious activity by comparing network traffic against scripts. In this paper, various policy scripts written in Bro language to filter out the network traffic will be discussed. Also, a Graphical Interface called Bro GUI Framework is designed to automate the creation and run of the policy scripts.