some intrusion detection systems. Section V presents thedesign of the intrusion detection system we proposed throughsubsection V-A which describes the functional componentsof the authentiﬁcation process. Subsection V-B describes thefunctional description of the proposed system. Architecturesand possible locations of the proposed network intrusiondetection system are given in subsection V-D. A descriptionof the plateform is given in section V-E while section V-Fdescribes the involved open source tools to realize the network intrusion detection system. Section VI presents the globalarchitecture.II. T
Classes of attack might include passive monitoring of communications, active network attacks, close-in attacks, ex-ploitation by insiders, and attacks through the service provider.Information systems and networks offer attractive targets andshould be resistant to attack from the full range of threatagents, from hackers to nation-states. A system must be ableto limit damage and recover rapidly when attacks occur. Thereare eleven types of attack namely: passive attack, active attack,distributed attack, insider attack, close-in attack, phishingattack, password attack, buffer overﬂow attack, hijack attack,spooﬁng attack, exploit attack.
A. Passive Attack
A passive attack monitors unencrypted trafﬁc and looksfor clear-text passwords and sensitive information that canbe used in other types of attacks. Passive attacks includetrafﬁc analysis, monitoring of unprotected communications,decrypting weakly-encrypted trafﬁc, and turing authentiﬁca-tion information such as passwords. Passive interception of network operations enables adversaries to see upcoming ac-tions. Passive attacks result in the disclosure of information ordata ﬁles to an attacker without the consent or knowledge of the user.
B. Active Attack
In an active attack, the attacker tries to bypass or break intosecured systems. This can be done through stealth, viruses,worms, or Trojan horses. Active attacks include attempts tocircumvent or break protection features, to introduce maliciouscode, and to steal or modify information. These attacks aremounted against a network backbone, exploit informationin transit, electronically penetrate an enclave, or attack anauthorized remote user during an attempt to connect to anenclave. Active attacks result in the disclosure or disseminationof data ﬁles, deny of service, or modiﬁcation of data.
C. Distributed Attack
A distributed attack requires that the adversary introducecode, such as a Trojan horse or back-door program, to a
component or software that will later be distributed to manyother companies and users. Distribution attacks focus on themalicious modiﬁcation of hardware or software at the factoryor during distribution. These attacks introduce malicious codesuch as a back door to a product to gain unauthorized accessto information or to a system function at a later date.
D. Inside Attack
An insider attack involves someone from inside, such as adisgruntled employee, attacking the network. Insider attackscan be malicious or not. Malicious insiders intentionallyeavesdrop, steal, or damage information; use information ina fraudulent manner; or deny access to other authorized users.No malicious attacks typically result from carelessness, lack of knowledge, or intentional circumvention of security for suchreasons as performing a task.
E. Close-In Attack
A close-in attack involves someone attempting to get phys-ically close to network components, data, and systems inorder to learn more about a network. Close-in attacks consistof regular individuals attaining close physical proximity tonetworks, systems, or facilities for the purpose of modifying,gathering, or denying access to information. Close physicalproximity is achieved through surreptitious entry into thenetwork, open access, or both.One popular form of close-in attack is social engineeringin a social engineering attack, the attacker compromises thenetwork or system through social interaction with a person,through an electronic mail or phone. Various tricks can beused by the individual to reveal information about the securityof company. The information that the victim reveals to thehacker would most likely be used in a subsequent attack togain unauthorized access to a system or network.
F. Phishing Attack
In phishing attack the hacker creates a fake web site thatlooks exactly like a popular site. The phishing part of the attack is that the hacker then sends an e-mail message trying to trick the user into clicking a link that leads to the fake site. Whenthe user attempts to log on with their account information, thehacker records the username and password and then tries thatinformation on the real site.
G. Password Attack
In a password attack an attacker tries to crack the passwordsstored in a network account database or a password-protectedﬁle. There are three major types of password attacks: adictionary attack, a brute-force attack, and a hybrid attack.A dictionary attack uses a word list ﬁle, which is a list of potential passwords. A brute-force attack is when the attackertries every possible combination of characters.
H. Buffer Overﬂow Attack
Buffer overﬂow attack is produced when the attacker sendsmore data to an application than is expected. A buffer overﬂowattack usually results in the attacker gaining administrativeaccess to the system in a command prompt or shell.
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 11, November 201134http://sites.google.com/site/ijcsis/ISSN 1947-5500