• Umer Farooq
• Dr. Bhawna Sharma
• Er. Sheetal Gandotra

Abstract: The Intrusion Detection System (IDS) was initially developed to identify potential attacks on specific programs or computers, acting as a vigilant observer within the network. Unlike the more proactive Intrusion Prevention System (IPS), an IDS serves as a watchful sentinel, detecting suspicious activity and alerting administrators without the ability to intervene automatically. An IPS, on the other hand, takes a more proactive approach by continuously scanning network traffic for potential threats and swiftly taking action to stop any suspicious activity. This could involve notifying the security team, severing dangerous connections, removing offensive content, or initiating further security measures. IPSs, evolved from IDSs, now offer enhanced capabilities, sometimes referred to as "Intrusion Detection and Prevention Systems" (IDPS). The implementation of an IPS can significantly reduce the workload for security teams and Security Operations Centers (SOCs) by automatically blocking malicious traffic, allowing them to focus on more complex threats. Additionally, IPSs play a crucial role in maintaining network security regulations and aiding compliance efforts, such as meeting standards like the Payment Card Industry Data Security Standard (PCI-DSS) for intrusion detection. In the realm of software-defined networking architecture, there exists a clear division between control and data forwarding functions. This separation allows for greater flexibility and adaptability in network administration, as control decisions can be made independently of the physical data forwarding processes. However, a drawback of traditional IPS deployment is the fixed duration for blocking malicious activity, regardless of attack frequency. To address this limitation, the writer proposes the development of an adaptive IPS and IDS utilizing ambiguous logic. This adaptive IPS would analyze the frequency and type of attacks to determine the appropriate duration for blocking attacker hosts. Test results indicate that an SDN network equipped with this adaptive IPS has the capability to detect and block attacks with durations tailored to the specific threat landscape. In summary, while IDSs serve as essential watchdogs in network security, their passive nature necessitates the use of complementary tools like IPSs and IDSs to actively prevent and mitigate threats. The proposed adaptive IPS presents a promising solution for enhancing network security in the dynamic landscape of cybersecurity.

Intrusion Detection System (IDS), SDN, Intrusion Detection and Prevention Systems" (IDPS), Snort, 3 Zero day Attacks.

"To Implement IDPS in SDN using Snort ", International Journal of Emerging Technologies and Innovative Research (www.jetir.org), ISSN:2349-5162, Vol.11, Issue 7, page no.h465-h475, July-2024, Available :http://www.jetir.org/papers/JETIR2407759.pdf

"To Implement IDPS in SDN using Snort ", International Journal of Emerging Technologies and Innovative Research (www.jetir.org | UGC and issn Approved), ISSN:2349-5162, Vol.11, Issue 7, page no. pph465-h475, July-2024, Available at : http://www.jetir.org/papers/JETIR2407759.pdf