Proceedings of the 4th International Conference on Information Technology, Civil Innovation, Science, and Management, ICITSM 2025, 28-29 April 2025, Tiruchengode, Tamil Nadu, India, Part II

Research Article

Real-Time Threat Detection and Mitigation: Advancing Snort IDPS Capabilities

Download18 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.4108/eai.28-4-2025.2358108,
    author={Leela Priya  Inturu and Karthi Sri  Midde and Lakshmi Chaitanya  Balina and Naga Sruthi  Bavirisetty and Venkata Pavan  Moram},
    title={Real-Time Threat Detection and Mitigation: Advancing Snort IDPS Capabilities},
    proceedings={Proceedings of the 4th International Conference on Information Technology, Civil Innovation, Science, and Management, ICITSM 2025, 28-29 April 2025, Tiruchengode, Tamil Nadu, India, Part II},
    publisher={EAI},
    proceedings_a={ICITSM PART II},
    year={2025},
    month={10},
    keywords={intrusion detection system (ids) snort wireshark network security attack mitigation real-time monitoring},
    doi={10.4108/eai.28-4-2025.2358108}
}
  • Leela Priya Inturu
    Karthi Sri Midde
    Lakshmi Chaitanya Balina
    Naga Sruthi Bavirisetty
    Venkata Pavan Moram
    Year: 2025
    Real-Time Threat Detection and Mitigation: Advancing Snort IDPS Capabilities
    ICITSM PART II
    EAI
    DOI: 10.4108/eai.28-4-2025.2358108
Leela Priya Inturu1,*, Karthi Sri Midde1, Lakshmi Chaitanya Balina1, Naga Sruthi Bavirisetty1, Venkata Pavan Moram1
  • 1: VFSTR, Vadlamudi, Guntur, Andhra Pradesh, India
*Contact email: leelapriya7@gmail.com

Abstract

Facing the increasingly serious problem of cyber security, the project proposed a practical and efficient network defence model based on Snort and Wireshark. Previous studies emphasise the role of IDSes and packet inspection for recognizing real-time attacks. Rule-based detection tools such as Snort, and packet monitoring tools like Wireshark are frequently referred to in academic papers. The test environment includes three VMs: attacker, victim, and monitor to emulate practical scenarios. The attack classes that have been tested include DoS attacks, brute-force login attempts, SQL injection, XSS, and command injections. Snort detection rules, which were hand-crafted, to produce actual time alarms. Wireshark saw use as a sanity check for Snort alerts and deeper packet dissection. A script automation was integrated in Snort for instantly dropping malicious IPs. Dynamic firewall rules were used to counter ongoing attacks applications. The detection-response duality eventually brought about swift containment. This resulted in an identification of all simulated attacks within the virtual lab. It provided monitoring and active defence capabilities by open-source software, and was effective. Results validate the reliability, scalability, and versatility of the approach. The low availability makes it is convenient to be an appropriate and economical choice for both cybersecurity education and research.

Keywords
intrusion detection system (ids), snort, wireshark, network security, attack mitigation, real-time monitoring
Published
2025-10-14
Publisher
EAI
http://dx.doi.org/10.4108/eai.28-4-2025.2358108
Copyright © 2025–2025 EAI
EAI Logo

About EAI

Community

Publish with EAI