Thoshna22/CodeAlpha_Network_Intrusion_Detection_System

# CodeAlpha 网络入侵检测系统 ## 项目概述 本项目是作为 CodeAlpha 网络安全实习的一部分完成的。 该任务的目标是使用 Suricata 搭建一个基于网络的入侵检测系统，配置规则和警报，监控网络流量，并检测可疑活动。 ## 任务目标 - 搭建基于网络的入侵检测系统 - 配置自定义规则和警报 - 监控网络流量以发现潜在威胁 - 针对检测到的入侵实施响应机制 - 记录设置过程和警报结果 ## 使用的工具 - Suricata IDS - Npcap - Windows 命令提示符 - 自定义 Suricata 规则 ## 环境 - 操作系统：Windows - IDS 工具：Suricata 8.0.5 - 网络适配器：Wi-Fi - 本地 IPv4 地址：10.194.229.131 - 默认网关：10.194.229.240 ## 自定义检测规则 在 `custom.rules` 文件中创建了一个自定义的 Suricata 规则。 ``` alert icmp any any -> any any (msg:"CodeAlpha ICMP Ping Detected"; sid:1000001; rev:1;) This rule detects ICMP traffic, which is commonly generated by the ping command. Running Suricata Suricata was started using the following command: "C:\Program Files\Suricata\suricata.exe" -c "C:\Program Files\Suricata\suricata.yaml" -s custom.rules -l logs -i 10.194.229.131 Test Traffic To test the IDS rule safely, ICMP traffic was generated by pinging the local default gateway: ping 10.194.229.240 Alert Result Suricata successfully generated alerts in the fast.log file. Sample alert message: CodeAlpha ICMP Ping Detected This confirms that the IDS rule worked correctly and detected ICMP ping traffic. Project Structure CodeAlpha_Network_Intrusion_Detection_System/ │ ├── custom.rules ├── sample_alerts.txt ├── ids_setup_notes.md ├── README.md ├── logs/ └── screenshots/ ├── 1_suricata_version_check.png ├── 2_ipconfig_wifi_adapter.png ├── 3_suricata_engine_started.png ├── 4_ping_test_to_gateway.png └── 5_suricata_alert_log.png Screenshots Suricata Version Check Wi-Fi Adapter and IP Address Suricata Engine Started Ping Test to Gateway Suricata Alert Log Setup Notes Full IDS setup notes are available here: IDS Setup Notes Sample Alerts Sample generated alerts are available here: Sample Alerts Response Mechanism When Suricata detected ICMP traffic, it generated an alert in the log file. In a real-world environment, response mechanisms can include: Investigating the source and destination IP addresses Blocking suspicious IP addresses using firewall rules Sending alerts to a SIEM or monitoring dashboard Notifying security administrators Reviewing logs for repeated suspicious activity Learning Outcome Through this task, I learned how to install and configure Suricata IDS, create a custom detection rule, monitor network traffic, generate test traffic, and verify intrusion alerts using log files. Ethical Note This project was tested only on my own system and local network gateway for educational purposes. ```

标签：Metaprompt, Suricata, 安全运营, 扫描框架, 流量监控, 现代安全运营, 网络安全, 防御绕过, 隐私保护