s2ipt: A Lightweight Network Intrusion Detection/Prevention System based on IPtables

Gerardo Canfora, Antonio Pirozzi, Aaron Visaggio

2017

Abstract

Since each organization has its own security culture and background, there is not an out-of-the-box solution that fits all the possible security requirements. There may be some contexts in which it is necessary to monitor and prevent certain application-level attacks with less impact on pre-existent configuration. For example, there may be some constraints on processing resources of some embedded devices. Starting from this consideration, we developed s2ipt, a python-powered tool which aims to implement a lightweight Netfilter-based network intrusion detection and prevention system (IDS/IPS) by translating Snort community rules into iptables rulesset. s2ipt utilizes the netfilter string matching module to detect application-level attacks. Netfilter reduces the impact on a system, has less memory and CPU footprint, which makes it suitable to run even on low-cost devices than a solution like Snort. s2ipt allows iptables to detect application layer attacks in a transparent way, in fact it only adds new application layer ruleset leaving the existing ones unchanged.

Download


Paper Citation


in Harvard Style

Canfora G., Pirozzi A. and Visaggio A. (2017). s2ipt: A Lightweight Network Intrusion Detection/Prevention System based on IPtables . In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017) ISBN 978-989-758-259-2, pages 462-467. DOI: 10.5220/0006431904620467


in Bibtex Style

@conference{secrypt17,
author={Gerardo Canfora and Antonio Pirozzi and Aaron Visaggio},
title={s2ipt: A Lightweight Network Intrusion Detection/Prevention System based on IPtables},
booktitle={Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)},
year={2017},
pages={462-467},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006431904620467},
isbn={978-989-758-259-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)
TI - s2ipt: A Lightweight Network Intrusion Detection/Prevention System based on IPtables
SN - 978-989-758-259-2
AU - Canfora G.
AU - Pirozzi A.
AU - Visaggio A.
PY - 2017
SP - 462
EP - 467
DO - 10.5220/0006431904620467