Sachet - A Distributed Real-time Network-based Intrusion Detection System

Sachine Goel, Roll Number: Y211125, June 2004

Supervisors: Dr. Dheeraj Sanghi and Dr. Deepak Gupta

While the increased inter-connectivity of the computer networks has brought a lot of benefits to the people, it also rendered networked systems vulnerable to malicious attacks from the headers. The failure of intrusion prevention techniques to adequately secure computer systems has led to the growth of the Intrusion Detection System. In this thesis, we have designed and implemented a distributed, network-based intrusion detection system - Sachet. The Sachet word is a Hindi word which means - Alert. The system uses an existing open source network based misuse detection system - snort. We have built upon snort to develop a heterogenous, scalable, distributed IDS that is completely controllable from a central location. Sachet comprises of multiple agents that use snort for misuse detection, a central server that stores all alerts and controls the agents, and a console for monitoring and viewing the activities of entire Sachet system by the system administrator. The agents and server communicates using a Sachet protocol that ensures reliability, mutual authentication, confidentiality, integrity and provides tolerance from agent and server crashes.

Download Thesis in PDF

Back to the list of MTech theses

Sachin Goel can be reached at