 |
 |
The “Development of an application framework to test intrusion detection systems” was the subject of my internship (3rd year Industrial Engineering in Applied Computer Sciences, University of Luxembourg1) from february 2005 till june 2005 at the Royal Military Academy (RMA)2 in Brussels, Belgium.
The main goal was to develop an application (called stressnet) and the scripts that go with it, on a x86-compatible computer with Linux 2.6. The application has be able to read packets from tcpdump-formatted files and to send them with a reliable bitrate over the network.
Stressnet is a general purpose packet generator, which should achieve to reach high bitrates reliably (this means if a user asks to send packets with 150Mbit/s, it should be close to this value, not for example 100Mbit/s or 200 Mbit/s). Actually, the relative bitrate error rises till 0.001 for bitrates to 100Mbit/s and till 0.01 for bitrates around 150Mbit/s, which is a quite good result.
Once this application was developed, some tests were done to show how to use this framework and to show how to interpret the results.
The IDS which we tested was the Open Source software IDS Snort3. Of course one can test other intrusion detection systems, Snort’s only been chosen because it’s popular and because there was another research concerning Snort at the RMA2.
- University of Luxembourg: http://www.uni.lu
- Royal Military Academy of Belgium: http://www.rma.ac.be
- Snort: http://www.snort.org