The university course’s campus network already has an Intrusion Detection System in place. The intrusion detection system’s current status is that it is not functioning properly in some regards. The system produces “false positives”, or alerts that are triggered by harmless sources on the network at an aggressive level.  The system could also be improved by implementing a host-based IDS.  This would operating along side the already existing network-based IDS.

It is possible that the IDS is missing actual threats, in which case testing will need to be done to see if any malicious activity goes unnoticed by the IDS on the campus network.  If there are any threats not detected by the IDS during testing; rules will need to be implemented to combat these threats. In order to conduct these tests, a large amount of research needs to be done to find tools, techniques, and processes that can efficiently trigger the IDS.  Research also needs to be done on how to properly configure the IDS to produce more accurate alerts.

Project Team: Jacob Day & Connor Piper

Author