Download presentation
Presentation is loading. Please wait.
1
Analysis Console for Intrusion Databases Roy
2
Description ACID
3
Objective n Setup ACID, MySQL, Snort n Super alert Analyzer n Performance Benchmarking of ACID
4
About ACID Query-builder and search interface Packet viewer (decoder) Alert management Chart and statistics generation Centralize control
5
System overview n ACID+Snort+MySQL ACID
6
Distributed IDS centralize control ACIDDB
7
Prerequisites n A database -Package: MySQL Version: 3.23.x+Version: 3.23.x+ Homepage: http://www.mysql.com/Homepage: http://www.mysql.com/http://www.mysql.com/ n A mechanism -Package: Snort Version: 1.7+Version: 1.7+ Homepage: http://www.snort.org/Homepage: http://www.snort.org/http://www.snort.org/ -Package: PHP Version: 4.0.4+Version: 4.0.4+ Homepage: http://www.php.net/Homepage: http://www.php.net/http://www.php.net/ n A web server -Package: Apache Server -Version: 1.3.*+ -Homepage: http://www.apache.org/ http://www.apache.org/ n PHP access database API -Package: ADODB Homepage: http://php.weblogs.com/adodb/Homepage: http://php.weblogs.com/adodb/http://php.weblogs.com/adodb/ -Package: PHPlot Homepage: http://www.phplot.comHomepage: http://www.phplot.comhttp://www.phplot.com -Package: JPGraph Homepage: http://www.aditus.nu/jpgraph/Homepage: http://www.aditus.nu/jpgraph/http://www.aditus.nu/jpgraph/ -Package: GD Homepage: http://www.boutell.com/gd/Homepage: http://www.boutell.com/gd/http://www.boutell.com/gd/
8
Install ACID and snort n Download ACID -http://www.andrew.cmu.edu/user/rdanyliw/ snort/snortacid.html n Decompress acid-0.9.6b23.tar.gz n Move ACID to your web directory
9
Setting up the database in MySQL n Create database n Create user and assign privilege n Create snort tables
10
Modify ACID config files n Edit acid_conf.php
11
Connect to sensor manager n Open http://192.168.1.101/acid/acid_conf.php
12
Setup snort output module n Edit /etc/snort/snort.conf
13
Test environment 三暝三日 …
14
Enjoy the results n Open http://192.168.1.101/acid/
15
More analysis n 5 most frequent alerts (alert listing) n 15 most frequent alerts (unique source) n Time profile of alerts n Last 24 hours n Last 72 hours
16
Performance Benchmarking of ACID (Page loading time) n Host: Intel Mobile 800Mhz, 256 MB RAM n OS: Linux 2.2.16-22 n Apache: 1.3.19 n PHP: 4.0.5 n MySQL: 3.23.32 n PostgreSQL:7.1.2 n DB schema: v102 n ACID: 0.9.6b10 - 0.9.6b13
17
I. Unique Alert Listing (acid_stat_alerts.php)
18
II. ACID Main page (acid_main.php)
19
Summary
20
Reference n Performance Benchmarking of ACID -http://www.andrew.cmu.edu/user/rdanyliw/ snort/perf/acid_perf.html n NIST Intrusion Detection System
21
Appendix A n Passive Ethernet Tap Traffic in Traffic out IDS http://www.snort.org/docs/tap/
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.