REMOTE INTRUSION RESPONSE SYSTEM USING TELEGRAM BOT

Authors

  • Shahadan Saad
  • Muhammad Syahid Farhan Mohd Jeman
  • Adib Farhan Azzemi
  • Ahmad Firdaus Ahmad Fadzil
  • Albin Lemuel Kushan
  • Raihana Md Saidi

Abstract

Nowadays, network security became a vital part element in building network infrastructure. To fulfil that, a network administrator needs to deploy a monitoring system such as Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) to alert them whenever an intrusion takes place. However, the implementation of IDS is so passive that it does not provide a platform for the network administrator to respond and managed remotely. Meanwhile, IPS would blindly block all suspicious alerts despite the legitimacy of the alert. A system has to be developed to give more options for the network administrator in deciding the response to incoming threats and flexibility for the network administrator to monitor and respond at the same time. Therefore, this project proposes the development of Intrusion Response System (IRS) that can be managed remotely using Python and Telegram Bot, and evaluation of the network performances via Remote Intrusion Response System (RIRS). The configuration and development of the project involve a network environment that is created for an experimental testing purpose that consisted of a switch, IRS host, and FTP host, and web server host. A Python script is developed using Snort and Iptables to generate the alert and blocking the intrusion via Telegram Bot. Several common intrusions were emulated to the targeted host to test the effectiveness of the system. Multiple network parameters such as delay, network, bandwidth, and jitter corresponding to the implementation of RIRS and SYN Flood attack were recorded and showed there are no backlashes detected on the network performances and SYN flood did not limit the main function of RIRS. In addition, RIRS only required minimal milliseconds in responding to the attacks while notifying the admin in a matter of second. This indicated that RIRS can be considered a very attractive alternative for network administrator or SOHO environment network user that wants to secure their networking infrastructure.

Downloads

Published

2021-05-31

Issue

Vol. 6 No. 36 (2021): Volume: 6 Issues: 36 [May, 2021]

Section

Articles