I’m working on a C Programming question and need guidance to help me study.
Project Description: Create an intrusion detection system by: o Detecting an attack. o Creating the rules for monitoring intrusions. o Your approach would be to minimize false alarms, and to assure that your performance overhead is “acceptable” Identify some research issues related to the IDPS. Some of the rules that you need to create are: o Detect each visit to www.google.com that is made by the machine. o Send an alert when an activity relating to network chat is detected. o Send an alert when an attempt is made for DNS Zone transfer. o Generate an alert when network traffic that indicates Viber, is being used. o Alert for any packet of size > 100 bytes from the network 172.20.0.0 with SNM 255.240.0.0 designated to port 80. o Alert for any packet that contains the following string “Hello”. o Generate an Alert when there is an access to unauthorized sites. (You select the web sites!) After the following attacks are performed in the Lab VM: SYN flood and MiTM attack, you should be able to react to those attacks writing the subsequent rules: o Generate an alert when SYN flood happens, record the logs. o Block the traffic. o Generate an alert which detects the MiTM attack.