Intrusion Detection System (IDS)

Abstract

As cyberattacks become stealthier and more sophisticated, detecting them becomes a major challenge for security systems. This project examines major cyber threats such as phishing, DDoS, and DNS tunneling, and then looks at the strengths and weaknesses of different types of IDS. The focus is on DNS tunneling - a covert method of data exfiltration. To address this problem, we developed a custom IDS in Python using Scapy. It monitors DNS traffic in real time, detects anomalies using whitelists, and notifies administrators of suspicious activity. The system was tested in a virtual lab using the Iodine tool and was proven to be effective in identifying DNS tunneling with a very low false positive rate. This work highlights the value of custom IDS solutions in combating modern cybersecurity threats.