Presentation is loading. Please wait.

Presentation is loading. Please wait.

NOVEL APPROACH FOR NETWORK INTRUSION DETECTION

Published byTheodora Little Modified over 6 years ago

Similar presentations

Presentation on theme: "NOVEL APPROACH FOR NETWORK INTRUSION DETECTION"— Presentation transcript:

1 NOVEL APPROACH FOR NETWORK INTRUSION DETECTION
A.B. Babatope N.A. Azeez

2 INTRODUCTION Information that is not properly secured has the tendency of being vulnerable to intrusions and threats. Security measures ensure information maintains its integrity. Intrusion Detection Security (IDS) is one of the methods of securing computer networks and systems as it detects the attacks before gaining access to the system.

3 AIM AND OBJECTIVES The aim of this project is to develop an IDS using Genetic algorithm approach which is better for detecting unusual events and threats within a computer network Objectives include; To analyse the different Artificial Intelligence algorithms used in Intrusion Detection systems To develop an Intrusion Detection System that detects more threats to computer networks and less likely to produce errors.

4 CONTRIBUTIONS Based on the result gotten, it was discovered the intrusive attacks were more frequent on the Class A set of IP addresses. It was also discovered that the probe category of attacks were most frequent across the system.

5 LITERATURE REVIEW According to Scarfone and Mell (2007) “Intrusion detection is the process of monitoring the events occurring in a computer system or network and analysing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies or standard security practices.”

6 LITERATURE REVIEW The following are types of network attacks;
Denial of service Remote to User Attacks (R2L) User to Root Attacks (U2R) Probing

7 RELATED WORKS TITLE APPROACH STRENGTH WEAKNESS
The Design and Implementation of Intrusion Detection System based on Data Mining Technology (Zhou & Zhao, 2013) Data Mining Adaptive ability Not time efficient Implementation of an Intrusion Detection System (Ourida, 2012) Intrusion sensor (Snortt) It takes less time to implement. Security issues

8 RELATED WORKS Chittur (2001) carried out an experiment to analyse the effectiveness of using Genetic algorithm for computer network intrusion detection system. The KDD 99 dataset was used to train the system so as to generate rules that were used during the test phase.

9 RELATED WORKS Li (2004) also reported an IDS using genetic algorithm to detect anomalous network intrusion. Both quantitative and categorical features of network data were used to obtain classification rules for the system. This work was focused on the TCP/IP network protocols.

10 GENETIC ALGORITHM Genetic algorithm is a problem solving method that was coined from the biological gene operators. The decision variables of search problem are encoded as strings of alphabets. The strings are the Chromosomes, the alphabets are the Genes and the value of the gene is called the Allele

11 GENETIC ALGORITHM During the evolution, different operators are used to process the chromosomes during each generation. The operators include; Selection (or Reproduction) Crossover (or Recombination) Mutation

12 GENETIC ALGORITHM Selection – is the phase where population individuals with better fitness are selected, otherwise it gets damaged. Crossover – is a process where each pair of individuals selects randomly participates in exchanging their parents with each other, until a total new population has been generated. Mutation – this involves diversifying the population due to repeated use of crossover operators.

13 GENETIC ALGORITHM Random generation of initial chromosomes Fitness =
Set w1 = 0.2, w2 = 0.8, T = 0.5, Max Generations = 100 If Fitness > T Set N = total number of record in training set Select fitted chromosomes into new selection pool Set generation counter = 0 End if For each chromosome in population For each chromosome in new pool/population Set A = 0, AB = 0 Select chromosome for breeding For each record in dataset set Apply crossover and mutation to new offspring If record matches chromosome Place newly created chromosome into population AB = AB + 1 End for Each End If Kill old pool, new pool now current pool If record matches only condition part Increment generation Counter by 1 A = A + 1 If generation Counter < Max Generation then Goto line v End for Each record End for Each chromosome

14 LINKING GA WITH INTRUSION DETECTION
Genetic algorithm is linked with intrusion detection by using the GA to classify the different network connections that the system comes across. Each network connection is represented as a chromosome by the genetic algorithm. The attributes of each network connection is represented as genes in the chromosome.

15 LINKING GA WITH INTRUSION DETECTION
The system acts on each network connection as a chromosome. Therefore, the GA makes it possible for the intrusion detection system to differentiate the different types of network connections.

16 FITNESS FUNCTION It is defined as a function which scales the value individual relative to the rest of population. It computes the best possible solutions from the amount of candidates located in the population. It is used to determine the most fit set of chromosomes in respect to other chromosomes present, that will be used for recombination in the next generation.

17 FITNESS FUNCTION Algorithm I: Fitness Function Algorithm

18 Figure 1: Genetic Algorithm architecture
SYSTEM DESIGN Figure 1: Genetic Algorithm architecture

19 Table 1: Chromosome representation
SYSTEM DESIGN Table 1: Chromosome representation Attribute Name Number of Genes Format Duration 3 H:M:S Protocol 1 Numeric Source port Destination port Source IP 4 a.b.c.d Destination IP Attack name String

20 IMPLEMENTATION The software was developed using the Microsoft Visual studio; an integrated Development Environment (IDE) with the in-built programming language C#. The system was developed as a console program On initialisation of the software, random chromosomes are generated and the system locates the dataset file and reads the file. The system continues to iterate the results for each generation until the number of generation is reached.

21 Figure 2: Initialisation of the program
IMPLEMENTATION Figure 2: Initialisation of the program

22 Table 2: The result of the intrusion detection system
IMPLEMENTATION DURATION PROTOCOL SOURCE PORT DESTINATION PORT SOURCE IP DESTINATION IP ATTACK NAME 0:0:53 ftp-data 38127 1985 rcp -1:1:0 Auth 26586 55979 rsh 0:0:-1 Rsh 62512 26370 Phf -1 Guess 62728 http 12106 Port-scan 0:0:39 Table 2: The result of the intrusion detection system

23 DARPA DATASET The Defense Advanced Research Projects Agency (DARPA) dataset was created in 1998 out of the need to evaluate intrusion detection systems by the Lincoln Laboratory of MIT. It was first made to the public in February 1998. There are three classes of attacks are present in the dataset namely; Probe (Portscan) R2L (phf, guess) U2R (rlogin, rsh, rcp)

24 Table 3: Distribution of the intrusive connections in the dataset
DARPA DATASET The following show the distribution of the types of network connections present in the dataset file; Table 3: Distribution of the intrusive connections in the dataset Probe R2L U2R Portscan – 30 Phf – 1 Guess – 4 rlogin – 1 rsh – 2 rcp – 1 30 5 4

25 Figure 3: Graphical distribution of the network connections
DARPA DATASET Figure 3: Graphical distribution of the network connections

26 ANALYSIS OF RESULTS Three set of results were selected to be analysed for findings and notes. Each set of result consists of 50 records. The first analysis was the classification of the source and destination IP addresses. The second analysis is the relationship between the protocol and the type of intrusion

27 Table 4: Classification of IP addresses of the first set of results
ANALYSIS OF RESULTS First run Table 4: Classification of IP addresses of the first set of results Source IP Destination IP Class A 20 50 Class B 30 Class C Class D Class E

28 ANALYSIS OF RESULTS Figure 4: Graphical classification of the IP addresses of the first set of results

29 ANALYSIS OF RESULTS Protocols Attack names Phf Port Scan Rcp rlogin
Table 5: Distribution of intrusion attacks to the Protocols for the first set of results Protocols Attack names Phf Port Scan Rcp rlogin rsh ftp ftp-data 2 3 1 6 http 4 14 20 Rsh 8 Smtp 5 12 telnet 26

30 ANALYSIS OF RESULTS Figure 5: Graphical representation of the distribution of attacks to protocols for the first set of results

31 Table 6: Classification of IP addresses of the second set of results
ANALYSIS OF RESULTS Second run Table 6: Classification of IP addresses of the second set of results Source IP Destination IP Class A 19 39 Class B 11 Class C Class D Class E 31

32 ANALYSIS OF RESULTS Figure 6: Graphical classification of the IP addresses of the second set of results

33 ANALYSIS OF RESULTS Protocols Attack names Phf Port Scan Rcp rlogin
Table 7: Distribution of intrusion attacks to the Protocols for the second set of results Protocols Attack names Phf Port Scan Rcp rlogin rsh ftp 2 4 6 ftp-data 11 21 32 http Rsh 8 12 Smtp telnet 29

34 ANALYSIS OF RESULTS Figure 7: Graphical representation of the distribution of attacks to protocols for the second set of results

35 Table 8: Classification of IP addresses of the third set of results
ANALYSIS OF RESULTS Third run Table 8: Classification of IP addresses of the third set of results Source IP Destination IP Class A 21 50 Class B 8 Class C Class D Class E

36 ANALYSIS OF RESULTS Figure 8: Graphical classification of the IP addresses of the third set of results

37 ANALYSIS OF RESULTS Protocols Attack names Phf Port Scan Rcp rlogin
Table 9: Distribution of intrusion attacks to the Protocols for the third set of results Protocols Attack names Phf Port Scan Rcp rlogin rsh ftp ftp-data http Rsh 1 8 16 25 Smtp telnet 9 15 2 17 31

38 ANALYSIS OF RESULTS Figure 9: Graphical representation of the distribution of attacks to protocols for the third set of results

39 Table 10: Classification of IP addresses of the fourth set of results
ANALYSIS OF RESULTS Four run Table 10: Classification of IP addresses of the fourth set of results Source IP Destination IP Class A 46 44 Class B 4 Class C Class D Class E 6

40 ANALYSIS OF RESULTS Figure 10: Graphical classification of the IP addresses of the fourth set of results

41 ANALYSIS OF RESULTS Protocols Attack names Phf Port Scan Rcp rlogin
Table 11: Distribution of intrusion attacks to the Protocols for the fourth set of results Protocols Attack names Phf Port Scan Rcp rlogin rsh ftp ftp-data http 4 5 9 Rsh 1 2 Smtp 30 39 telnet 14 36

42 ANALYSIS OF RESULTS Figure 11: Graphical representation of the distribution of attacks to protocols for the fourth set of results

43 FUTURE WORK Genetic algorithm as an approach towards Intrusion Detection system needs to continually improved on, and the classification rules continually need to be enhanced in order for the system to classify connections correctly.

44 CONCLUSION Securing information against attacks is a process that continuous research needs to be made on as new threats come up in order to be up to date and minimise risk and cost.

45 REFERENCES Chittur, A., Model Generation for an Intrusion Detection System Using Genetic Algorithms. Hoque, M.S., Mukit, A. & Bikas, A.N., An Implementation of Intrusion Detection System using Genetic Algorithm. International Journal of Network Security & Its Applications (IJNSA), Vol. 4, No. 2, March Li, W., Using Genetic Algorithm for Network Intrusion Detection. Mississippi State University, Mississippi State, MS Sastry, K., Goldberg, D., Kendall, G., Genetic Algorithms. Scarfone, K. & Mell, P., Guide to Intrusion Detection and Prevention Systems (IDPS). National Institute of Standards and Technology NIST special publication

46 THANK YOU

Download ppt "NOVEL APPROACH FOR NETWORK INTRUSION DETECTION"

Similar presentations

CS6800 Advanced Theory of Computation

CS6800 Advanced Theory of Computation
Using Parallel Genetic Algorithm in a Predictive Job Scheduling

Using Parallel Genetic Algorithm in a Predictive Job Scheduling
Performance Evaluation of the Fuzzy ARTMAP for Network Intrusion Detection Nelcileno Araújo Ruy de Oliveira Ed’Wilson Tavares Ferreira Valtemir Nascimento.

Performance Evaluation of the Fuzzy ARTMAP for Network Intrusion Detection Nelcileno Araújo Ruy de Oliveira Ed’Wilson Tavares Ferreira Valtemir Nascimento.
Biologically Inspired AI (mostly GAs). Some Examples of Biologically Inspired Computation Neural networks Evolutionary computation (e.g., genetic algorithms)

Biologically Inspired AI (mostly GAs). Some Examples of Biologically Inspired Computation Neural networks Evolutionary computation (e.g., genetic algorithms)
Network Intrusion Detection Systems Presented by Keith Elliott.

Network Intrusion Detection Systems Presented by Keith Elliott.
COMP305. Part II. Genetic Algorithms. Genetic Algorithms.

COMP305. Part II. Genetic Algorithms. Genetic Algorithms.
Data Mining CS 341, Spring 2007 Genetic Algorithm.

Data Mining CS 341, Spring 2007 Genetic Algorithm.
Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.

Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.

Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.
Learning to Advertise. Introduction Advertising on the Internet = $$$ –Especially search advertising and web page advertising Problem: –Selecting ads.

Learning to Advertise. Introduction Advertising on the Internet = $$$ –Especially search advertising and web page advertising Problem: –Selecting ads.
Genetic Algorithms Learning Machines for knowledge discovery.

Genetic Algorithms Learning Machines for knowledge discovery.
Basic concepts of Data Mining, Clustering and Genetic Algorithms Tsai-Yang Jea Department of Computer Science and Engineering SUNY at Buffalo.

Basic concepts of Data Mining, Clustering and Genetic Algorithms Tsai-Yang Jea Department of Computer Science and Engineering SUNY at Buffalo.
16 November, 2005 Statistics in HEP, Manchester 1.

16 November, 2005 Statistics in HEP, Manchester 1.
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.

Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Genetic Programming.

Genetic Programming.
Where Are the Nuggets in System Audit Data? Wenke Lee College of Computing Georgia Institute of Technology.

Where Are the Nuggets in System Audit Data? Wenke Lee College of Computing Georgia Institute of Technology.
Alert Correlation for Extracting Attack Strategies Authors: B. Zhu and A. A. Ghorbani Source: IJNS review paper Reporter: Chun-Ta Li ( 李俊達 )

Alert Correlation for Extracting Attack Strategies Authors: B. Zhu and A. A. Ghorbani Source: IJNS review paper Reporter: Chun-Ta Li ( 李俊達 )
Genetic Algorithm.

Genetic Algorithm.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System

Similar presentations

Ads by Google