IDS Using Mitigation Rules Approach to Mitigate ICMP Attacks

The Internet Control Message Protocol (ICMP) attack is an example of a DDoS attack and regarded as an Internet menace that aims to deny service to legitimate users by violating the availability of resource in a system. A number of researches have been conducted to propose different methods of mitigating the attack but yet, the problem still arises. Thus, to improve the current mitigation solution, this study intents to proposethe Intrusion Detection System (IDS) with the mitigation rules approach to mitigate the ICMP attack. The mitigation rules are developed specifically to mitigate the ICMP attack and to suppress the number of false alarms. Project implementation is done using Snort, which is installed in the Linux platform. For evaluation purpose, testing is carried out with live private data in identical environment, with the default rules and the proposed mitigation rules enabled in the same LAN. Experimental result shows that deployment of mitigation rules is 63.95% efficient to mitigate the ICMP attack compared to the original Snort rules.