Design and Implementation of Router Intrusion Detection and Protection Systems

- Attackers most of the time attack the gateway routers software and make the router to behave in a malicious way. This Paper focuses on various attacks and how these attacks will be detected successfully by router log analysis. This paper also illustrates the proposed software architecture, its data structure and algorithms for the detection and protection of the router intrusions. So in this way in proposed system, logs are used to detect attack and also give defense mechanism for the detected attacks. The main aim of the work is to give details about how to communicate with the router from the program to turn ON only needed debugging, Collect router logs in a separate Syslog server, Segregate log files based on protocols, Analyze the log files to detect malicious attacks or misconfiguration, Communicate with the router again to apply appropriate access lists as defense mechanism and Save the logs report. Due to space constraints, some of the screen shots are shown. This work looks at some of the techniques to improve the accuracy of automated log analysis and make it a cost-effective tool for network management and improving network reliability.