WoodPecker Network-based Intrusion Detection System for Distributed Denial of Service (DDoS) Attacks using Rule-based Approach

Abstract

Network-based Intrusion Detection Systems (NIDS) are intelligent systems that passively monitor network traffic to identify potential security threats, including intrusions and attacks on critical services such as Hypertext Transfer Protocol (HTTP), Server Message Block (SMB), and Secure Shell (SSH). This paper introduces WoodPecker, a NIDS designed to address inherent limitations in existing systems, with a specific focus on the common issue of high false alarm rates. WoodPecker aims to develop a rule-based NIDS capable of effectively detecting and preventing Distributed Denial-of-Service (DDoS) attacks and malicious activities. The system operates by examining incoming Internet packets and matching them with predefined rules in the WoodPecker setup. If DDoS attacks are identified in the packets, they are labelled as infected. The WoodPecker system is developed using the Python programming language, adopting a prototype model methodology. The outcome of this project is the development of an effective NIDS that can accurately detect DDoS attacks while minimizing false alarms. The percentage of passed test cases is 93% while the false error test case is 7%. The anticipated result of WoodPecker is to significantly enhance the effectiveness of network security measures.