Preventing Network From Intrusive Attack Using Artificial Neural Networks
نویسندگان
چکیده
With the growth of computer networking, electronic commerce, and web services, security of networking systems has become very important. Many companies now rely on web services as a major source of revenue. Computer hacking poses significant problems to these companies, as distributed attacks can render their cyberstorefront inoperable for long periods of time. This happens so often, that an entire area of research, called Intrusion Detection, is devoted to detecting this activity. We show that evidence of many of these attacks can be found by a careful analysis of network data. We also illustrate that neural networks can efficiently detect this activity. We test our systems against denial of service attacks, distributed denial of service attacks, and port scans. In this work, we explore network based intrusion detection using classifying, self-organizing maps for data clustering and MLP neural networks for detection. Keywords— NIDS,HIDS,Information Gain. I.INTRODUCTION Intrusion Detection attempts to detect computer attacks by examining data records observed by processes on the same network. These attacks are typically split into two categories, host-based attacks and network-based attacks. Host-based attack detection routines normally use system call data from an audit-process that tracks all system calls made on behalf of each user on a particular machine. These audit processes usually run on each monitored machine. Network-based attack detection routines typically use network traffic data from a network packet sniffer (e.g., tcpdump). Many computer networks, including the widely accepted Ethernet (IEEE 802.3) network, use a shared medium for communication. Therefore, the packet sniffer only needs to be on the same shared subnet as the monitored machines. We believe that denial of service and other network-based attacks leave a faint trace of their presence in the network traffic data. Ours is an anomaly detection system that detects network-based attacks by carefully analyzing this network traffic data and alerting administrators to abnormal traffic trends. It has been shown that network traffic can be efficiently modeled using artificial neural networks. Intrusion detection is the first step for defending against attacks. Attack alarms from IDSs are usually reported to auto-response systems or security staff for automatic or manual appropriate response actions according to the specific attacks. Identifying attacks in real-time is therefore crucial for taking appropriate response actions as soon as possible before substantial damage is done. However, nearly all the current anomaly detection methods can only detect network behavior as normal or abnormal but cannot identify the type of attack. Relying on current anomaly detection systems, therefore, is not adequate for real-time effective intrusion prevention. On the other hand, most current intrusion detection methods lack the capacity of real-time processing large amounts of typically high dimensional audit data produced during daily operation in a computer system. In experiments carried out by MIT Lincoln Lab for the 1998 DARPA evaluation , for example, network traffic over 7 weeks contains four gigabytes of compressed binary tcpdump data which were processed into about five million connection records. Processing a large amount of audit data in real-time is therefore essential for a practical IDS so that actions for response can be taken as soon as possible. II.EXISTING SYSTEM A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions. V.Sivakumar, T.Yoganandh, R.Mohan Das / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 2,Mar-Apr 2012, pp.370-373 371 | P a g e 1. Firewalls evolve due to cracker's ability to circumvent those increases. 2. "Always on" connections created by Cable and DSL connections create major problems for firewalls. This can be compared to leaving your car running with the keys in it and the doors unlocked which a thief may interpret as an invitation to "Please steal me". 3. Firewalls cannot protect you from internal sabotage within a network or from allowing other user’s access to your PC. 4. Firewalls cannot edit indecent material like pornography, violence, drugs and bad language. This would require you to adjust your browser security options or purchase special software to monitor your children's Internet activity. 5. Firewalls offer weak defense from viruses so antiviral software and an IDS (intrusion detection system) which protects against Trojans and port scans should also complement your firewall in the layering defense. 6. Some firewalls claim full firewall capability when it's not the case. Not all firewalls are created equally or offer the same protection so it's up to the user to do their homework. 7. Cost varies. There are some great free firewalls available to the PC User but there are also a few highly recommended products, which can only be purchased. The difference may be just the amount of support or features that a User can get from a free product as opposed to a paid one and how much support that user thinks he or she will require. 8. A firewall protection is limited once you have an allowable connection open. This is where another program should be in place to catch Trojan horse viruses trying to enter your computer as unassuming normal traffic. 9. There have been claims made by IDS (Intrusion Detection System) companies where Trojan's were detected such as the RuX FireCracker v 2.0 which disabled certain Firewalls programs thus leaving the PC vulnerable to malicious actions. III.PROPOSED SYSTEM An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IPSec for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IPSec have become a necessary addition to the security infrastructure of nearly every organization. For the purpose of dealing with IT, there are two main types of IDS: Network intrusion detection system (NIDS) Is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Network intrusion detection systems gain access to network traffic by connecting to a network hub, network switch configured for port mirroring, or network tap. In a NIDS, sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. Sensors capture all network traffic and analyze the content of individual packets for malicious traffic. Host-based intrusion detection system (HIDS) It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, filesystem modifications (binaries, password files, capability databases, Access control lists, etc.) and other host activities and state. In a HIDS, sensors usually consist of a software agent. Some application-based IDS are also part of this
منابع مشابه
Prediction the Return Fluctuations with Artificial Neural Networks' Approach
Time changes of return, inefficiency studies performed and presence of effective factors on share return rate are caused development modern and intelligent methods in estimation and evaluation of share return in stock companies. Aim of this research is prediction of return using financial variables with artificial neural network approach. Therefore, the statistical population of this study incl...
متن کاملPrediction of Permanent Earthquake-Induced Deformation in Earth Dams and Embankments Using Artificial Neural Networks
This research intends to develop a method based on the Artificial Neural Network (ANN) to predict permanent earthquake-induced deformation of the earth dams and embankments. For this purpose, data sets of observations from 152 published case histories on the performance of the earth dams and embankments, during the past earthquakes, was used. In order to predict earthquake-induced deformation o...
متن کاملOptimization of Oleuropein Extraction from Olive Leaves using Artificial Neural Network
In this work, the artificial neural networks (ANN) technology was applied to the simulation of oleuropein extraction process. For this technology, a 3-layer network structure is applied, and the operation factors such as amount of flow intensity ratio, temperature, residence time, and pH are used as input variables of the network, whereas the extraction yield is considere...
متن کاملPrediction of monthly rainfall using artificial neural network mixture approach, Case Study: Torbat-e Heydariyeh
Rainfall is one of the most important elements of water cycle used in evaluating climate conditions of each region. Long-term forecast of rainfall for arid and semi-arid regions is very important for managing and planning of water resources. To forecast appropriately, accurate data regarding humidity, temperature, pressure, wind speed etc. is required.This article is analytical and its database...
متن کامل"Technical Report" Performance Comparison of IHACRES Model and Artificial Neural Network to Predict the Flow of Sivand River
The accurate determination of river flow in watersheds without sufficient data is one of the major challenges in hydrology. In this regard, given the diversity of existing hydrological models, selection of an appropriate model requires evaluation of the performance of the hydrological models in each region. The objective of this study was to compare the performance of artificial neural network ...
متن کاملUsing Artificial Neural Networks to Predict Rolling Force and Real Exit Thickness of Steel Strips
There is a complicated relation between cold flat rolling parameters such as effective input parameters of cold rolling, output cold rolling force and exit thickness of strips. In many mathematical models, the effect of some cold rolling parameters has been ignored and the outputs have not a desirable accuracy. In the other hand, there is a special relation among input thickness of strips, the ...
متن کامل