e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science ( Peer-Reviewed, Open Access, Fully Refereed International Journal ) Volume:04/Issue:05/May-2022 Impact Factor- 6.752 www.irjmets.com RESEARCH AND BUILD ALARM SYSTEMS IN THE IOT ENVIRONMENT Nguyen Thi Lieu*1 *1Dong Nai Technology University, Dong Nai 76000, Vietnam ABSTRACT After researching the topic, the author has researched and learned the operating principles of components in the IoT environment, the Snort system, how it works, and how to issue alerts when an intrusive behavior takes place in this environment Also, understand how to output and alert as well as how to configure snort on Ubuntu 16.04 operating system Besides using the developer's rules, the author also has to learn how to write and build rules for the research environment appropriately Keywords: IoT environment, Snort system, intrusive behavior I INTRODUCTION Businesses and countries around the world are being equipped with a lot of IoT-connected devices [1], [2], with the more devices in the IoT environment, the higher the chance of errors [3], [4] Their security mechanism has not improved and the number of threats is still increasing, so detection and prevention of attacks in this environment are essential The topic is researched towards monitoring the central server controlling IoT devices, knowing the basic characteristics of an IDS system, and being able to apply it in practice [5], [6] Help users to know the sessions from which device II RESEARCH CONTENT 2.1 Research objective - Snort services and how they work, configuration - Protocols and packets - Detection and containment system, Snort Inline 2.2 Research Methods - Learn about IDS - Learn about Snort - Learn about control protocols in IoT systems - Learn about the packets and ports of the IoT system - Synthesis of attack methods and signals - Deploy the system on Snort III DEPLOY AN INTRUSION DETECTION SYSTEM Snort is a NIDS/NIPS which is an open-source product [7], [8] In the report, Snort plays the leading role in the system Snort is applied for alarm in the monitoring system and anomaly detection in the IoT environment To implement the test detection system on Snort we go through the following steps: - Know the IP addresses in the LAN; - Choosing the right equipment; - Installation and Configuration; - System Test www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science [927] e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science ( Peer-Reviewed, Open Access, Fully Refereed International Journal ) Volume:04/Issue:05/May-2022 Impact Factor- 6.752 www.irjmets.com Figure 1: Running Snort Snort should be placed in front of the control server because all packets must go through snort before reaching the server, and help protect the server against attacks IV TESTING AGAINST ATTACKS WITH SNORT 4.1 Models Figure 2: Applicable models 4.2 Attack prevention test of SNORT 4.2.1 Attack ping of death (DOS) First, add a rule with the following content to the local.rules file to detect the attack Snort will display the Alerts continuously Then add the following rule to prevent Attacks Figure 3: Rule detects Attack Figure 4: Detection test results Figure 5: Preventive Rules www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science [928] e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science ( Peer-Reviewed, Open Access, Fully Refereed International Journal ) Volume:04/Issue:05/May-2022 Impact Factor- 6.752 www.irjmets.com After adding the rule, run snort in inline mode and the result: Figure 6: Blocking results of Dos Dos interface on the attacker's side: Figure 7: Result after being blocked by the attacker 4.2.2 Attack Syn Flood Prevention: Add the following rules to Snort Figure 8: Rule used to block Syn Attack Figure 9: Syn Attack blocking result V CONCLUSIONS AND DEVELOPMENT ORIENTATIONS 5.1 Conclusions Some results have been achieved: - Detect anomalous behavior taking place in the IoT environment - Show alerts through the Base interface - Store the time, IP address of the intrusion object through the database stored in MySQL - Prevents attacks like Ping of Death and Syn Flood Finally, synthesize what has been done into a product displayed on the monitor screen to detect and help prevent system intrusion 5.2 Development orientations Upgrade the detection system and prevent more types of intrusion into the Server's resources At the same time, develop new rules suitable for the IoT environment www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science [929] e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and Science ( Peer-Reviewed, Open Access, Fully Refereed International Journal ) Volume:04/Issue:05/May-2022 Impact Factor- 6.752 www.irjmets.com VI REFERENCES [1] P Gokhale, O Bhat, and S Bhat, "Introduction to IOT," International Advanced Research Journal in Science, Engineering and Technology, vol 5, no 1, pp 41-44, 2018 [2] S Madakam, V Lake, V Lake, and V Lake, "Internet of Things (IoT): A literature review," Journal of Computer and Communications, vol 3, no 05, p 164, 2015 [3] T Lin, "Deep Learning for IoT," in 2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC), 2020, pp 1-4: IEEE [4] R Van Kranenburg and A Bassi, "IoT challenges," Communications in Mobile Computing, vol 1, no 1, pp 15, 2012 [5] V Bukac, "IDS system evasion techniques," Master Masarykova Univerzita, 2010 [6] A Kumar and A Rani, "LSTM-Based IDS System for Security of IoT," in Advances in Micro-Electronics, Embedded Systems and IoT: Springer, 2022, pp 377-390 [7] B Caswell and J Beale, Snort 2.1 intrusion detection Elsevier, 2004 [8] M Roesch, "Snort: Lightweight intrusion detection for networks," in Lisa, 1999, vol 99, no 1, pp 229-238 www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science [930] ... www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science [928] e-ISSN: 2582-5208 International Research Journal of Modernization in Engineering Technology and. .. Bhat, and S Bhat, "Introduction to IOT, " International Advanced Research Journal in Science, Engineering and Technology, vol 5, no 1, pp 41-44, 2018 [2] S Madakam, V Lake, V Lake, and V Lake, "Internet... Things (IoT) : A literature review," Journal of Computer and Communications, vol 3, no 05, p 164, 2015 [3] T Lin, "Deep Learning for IoT, " in 2020 IEEE 39th International Performance Computing and