hybrid intrusion detection system full report
#1

[attachment=3280]


Hybrid Intrusion Detection System (HIDS)
Hybrid Intrusion Detection System

Presented By
K.B.K.KIRAN-670753006
B.CHAITANYA-670753007
C.H.V.TEJASWI-670753010
L.RAMSESHU-670753022
G.V.V.GANESH-670753052
V.PADMAVATHI-670753053

Introduction
In the world of globalization, the data is
being the backbone of IT industries. Every
IT companies competing among them with
Existing technologies to save their data
transmission.
Proposed System has been developed to
overcome the above problem.



Objective

This hybrid system combines the advantages of low false-positive rate of signature-based intrusion detection system (IDS) and the ability of anomaly detection system (ADS) to detect novel unknown attacks.



Literature Survey

Intrusion Detection, which is the art of detecting inappropriate, incorrect, or anomalous activity.
This Project reports the design principles and evaluation results of a new experimental hybrid intrusion detection system
By mining anomalous traffic episodes from Internet connections, we build an ADS that detects anomalies beyond the capabilities of signature-based SNORT system. A weighted signature generation scheme is developed to integrate ADS with SNORT by extracting signatures from anomalies detected.
HIDS extracts signatures from the output of ADS and adds them into the SNORT signature database for fast and accurate intrusion detection



Analysis on Existing Networks:

A signature-based IDS like SNORT employs a priori knowledge of attack signatures. The signatures are manually constructed by security experts analyzing previous attacks. The collected signatures are used to match with incoming traffic to detect intrusions. These are conventional systems that detect known attacks with low false alarms. However, the signature-based IDS cannot detect unknown attacks without any precollected signatures or lack of attack classifiers . Furthermore, signature matching performs well only for single-connection attacks. With the sophistication of attackers, more attacks involve multiple connections. This limits the detection range by signature matching.



Idea on proposed network:

An anomaly-based system uses a different philosophy A network anomaly is detected if the incoming traffic pattern deviates from the normal profiles significantly.
This system combines the positive features of both intrusion detection models to achieve higher detection accuracy, lower false alarms, and, thus, a raised level of cyber trust.
This system combines the positive features of both intrusion detection models to achieve higher detection accuracy, lower false alarms, and, thus, a raised level of cyber trust. Our HIDS is network-based, which should not be confused with the host-based IDS with the same abbreviation by other authors. An adaptive base support threshold is applied on selected axis attributes in mining the Internet episode rules. The episode rules are used to build the HIDS, which detects not only known intrusive attacks but also anomalous connection sequences.


Deficiency in Signature Based:

Conventional systems that detect known attacks with low false alarms. However, the signature-based IDS cannot detect unknown attacks without any recollected signatures.
Furthermore, signature matching performs well only for single-connection attacks. With the sophistication of attackers, more attacks involve multiple connections. This limits the detection range by signature matching.




Architecture of Network Anomaly System:

Implementation Plan:
The implementation can be preceded through Socket in java but it will be considered as peer to peer communication .For proactive routing we need dynamic routing. So java will be more suitable for platform independence and networking concepts. For maintaining route information we go for MY-SQL as database back end.


Function -

This is a challenging question because todayâ„¢s Internet is unique in the
following respects. First, topologies and traffic demands of the Internet are not arbitrary but have certain structures. The worst-case results may not be applicable to realistic topologies and traffic demands. A general open question is whether selfish routing results in poor performance in Internet-like environments (i.e., under realistic network topologies and traffic demands). Second, users in overlay networks do not have full flexibility in specifying their end-to-end paths. Due to limited availability of source routing support in the routers, the path between any two network nodes is dictated by the Internet routing protocols, such as OSPF, MPLS, or BGP. While overlay networks provide another mechanism to enable users to control their routes by relaying through overlay nodes, the route between two overlay nodes is still governed by the underlying routing protocol. A natural question is how to model such selfish overlay routing and Whether selfish overlay routing results in poor performance.
Third, even if selfish overlays (i.e., overlays consisting of selfish traffic) yield good performance, they can be deployed only incrementally. As a result, background traffic and overlay traffic will interact with each other. We call such interactions horizontal interactions. An important question is how such selfish traffic affects the remaining traffic routed using the traditional routing protocols. A related question is whether multiple overlays result in poor performance. Fourth, the way in which selfish users choose their routes can interact with traffic engineering. We call such interactions vertical interactions, which can be viewed as the following iterative process. First, Internet Service Providers (ISPs) adjust network-level routing according to traffic demands, using schemes in, to minimize network cost. Then selfish users adapt to changes in the underlying default routes by choosing different overlay paths to optimize their end-to-end performance. Such adaptation changes traffic demands and triggers traffic engineering to readjust the default routes, which in turn makes selfish users adapt to new routes.
Given the mismatch between the objectives of selfish routing and traffic engineering, an interesting question is whether selfish routing interacts poorly with traffic engineering.
In this paper, we seek to answer the above questions through extensive simulations. We take a game-theoretic approach to compute the traffic equilibrium of various routing schemes and then evaluate their performance. We focus on intra-domain network environments because recent advances in topology mapping and traffic estimation allow us to use realistic network topologies and traffic demands for such scenarios. Understanding selfish routing in inter-domain environments is also of great interest but is more challenging. First, we do not have realistic models for inter-domain traffic demands. Second, despite some recent progress towards understanding autonomous
System relationships more research efforts are needed to develop realistic models for inter-domain routing policies. Finally, the large size of inter-domain topologies makes it computationally prohibitive to derive traffic equilibrium.



. Performance- Problem & Solving Technologies:

An anomaly is observed at the network connection level. Both attack types may compromise valuable hosts, disclose sensitive data, deny services to legitimate users, and pull down network based computing resources. The intrusion detection system (IDS) offers intelligent protection of networked computers or distributed resources much better than using fixed-rule firewalls. Existing IDSs are built with either signature-based or anomaly-based systems. Signature matching is based on a misuse model, whereas anomaly detection is based on a normal use model.
The design philosophies of these two models are quite different, and they were rarely mixed up in existing IDS products from the security industry. A signature-based IDS like SNORT employs a priori knowledge of attack signatures. The signatures are manually constructed by security experts analyzing previous attacks. The collected signatures are used to match with incoming traffic to detect intrusions. These are conventional systems that detect known attacks with low false alarms. However, the signature-based IDS cannot detect unknown attacks without any precollected signatures or lack of attack classifiers. Furthermore, signature matching performs well only for single-connection attacks. With the sophistication of attackers, more attacks involve multiple connections. This limits the detection range by signature matching.
On the other hand, an anomaly-based system uses a different philosophy. It treats any network connection violating the normal profile as an anomaly. A network anomaly is revealed if the incoming traffic pattern deviates from the normal profiles significantly.
Through a data mining approach, anomaly detection discovers temporal characteristics of network traffic. This system can detect unknown attacks and handles multiconnection attacks well. However, anomaly detection may result in higher false alarms. The newly proposed HIDS is designed to solve these problems with much enhanced performance.


Future Plan on Project:

Our HIDS results in a detection rate of 60 percent, which doubles the 30 percent in using SNORT and almost triples the 22 percent in using Bro alone. To achieve an even higher detection rate, the false alarms must be maintained below 3 percent. Alerts from intrusions and anomalies detected can be correlated to result in an even smaller overhead in the detection process. For further research, we suggest the two following issues for continued research and development effort. Both issues demand prototyping and benchmark experiments.



Existing System

Conventional systems that detect known attacks with low false alarms. However, the signature-based IDS cannot detect unknown attacks without any recollected signatures.
Furthermore, signature matching performs well only
for single-connection attacks. With the sophistication of attackers, more attacks involve multiple connections. This limits the detection range by signature matching.



Proposed System

An anomaly-based system uses a different philosophy
A network anomaly is detected if the incoming traffic
pattern deviates from the normal profiles significantly.
This system combines the positive features of both intrusion detection models to achieve higher detection accuracy, lower false alarms, and, thus, a raised
level of cyber trust.
Process Involved
we introduce the data mining concept for hybrid intrusion and anomaly detection.
We are to develop a new weighted signature generation algorithm to characterize anomalous attacks and extract their signatures.
The new signatures are generated from anomalies detected by ADS.
Advantages
First, they can detect insider attacks or account theft very easily. If a real user or someone using a stolen account starts performing actions that are outside the normal user-profile, it generates an alarm.
Second, because the system is based on customized profiles, it is very difficult for an attacker to know with certainty what activity he can do without setting off an alarm.
An anomaly detection system can potentially detect an attack the first time it is used. The intrusive activity generates an alarm because it deviates from normal activity, not because someone configured the system to look for a specific stream of traffic.



Modules

Application Development
Feature Extraction (Analyzing connection services using log report)
Generation of FER
Anomaly detection
Weighted signature generation
Application Development
File upload and download,
online shopping



Definition:

In this first module, we upload the file and download the file and here, we add the new event online shopping.
Feature Extraction (Analyzing connection services using log report)
1. source IP
2.Destination IP
3.Source sent Bytes
4.Dest sent Bytes
5.Services (Http,Ftp)
6.duration
Definition:
In this module, we store the ip address for server and client and also store how many bytes are send and received. We also add what type of services to be used for send the information and duration of the transaction.



Generation of FER

Definition: (Base Support Algorithm)
Log the events which occurs most frequently (it should be reached minimal things) At least it should be happened minimum (3) times.
Terminology used
An Anomaly-Based IDS, (Profile based)is a system for detecting computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous.
A signature-based IDS like SNORT employs a priori knowledge of attack signatures. The signatures are manually constructed by security experts analyzing previous attacks. The collected signatures are used to match with incoming traffic to detect intrusions.


Anomaly detection

Definition:
(compare with db and if it is deviate from knowledge base or exceeding the threshold value) or if events exceeds the threshold value of already fixed
Weighted signature generation
Definition: (these are the events which represents no intruder)
If there is any anomaly detected it will generate the signature based on anomaly detection



Conclusion:

A new base-support data mining scheme for generating frequent episode rules. We proposed a base-support data mining scheme to facilitate episode rule generation. Combining SNORT and our ADS, the HIDS outperforms the SNORT and Bro systems by 100 percent and 173 percent, respectively. The HIDS advantages come from using dynamic data mining threshold and automated signature generation.


H/W & S/W Specification

Software Specification
Operating System : Windows
Front End : HTML
Middle Ware : Java Servlets,Jsp
Back End : SQL Server
Hardware Specification:
Processor : Intel Pentium IV
Clock Speed : 700 MHZ
RAM : 128 MB
Monitor : 14 SVGA Digital Color Monitor
Keyboard : 107 Keys Keyboard
Floppy Drive : 1.44MB
Compact Disk Drive : 700MB
Hard Disk : 20GB
Printer : Canon BJC 2100 SP
Mouse : Logitech Mouse


References

U.M. Fayyad and K.B. Irani, Multi-Interval Discretization of Continuous-Valued Attributes from Classification Learning, Proc. Intâ„¢l Joint Conf. Artificial Intelligence (IJCAI â„¢93), pp. 1022- 1027, 1993.
S. Floyd and V. Paxson, Difficulties in Simulating the Internet, IEEE/ACM Trans. Networking, vol. 9, no. 4, pp. 392-403, Aug. 2001.
K. Hwang, Y. Chen, and H. Liu, Defending Distributed Computing Systems from Malicious Intrusions and Network Anomalies, Proc. IEEE Workshop Security in Systems and Networks (SSN â„¢05) held with the IEEE Intâ„¢l Parallel & Distributed Processing Symp., 2005.
Reply
#2
thank u so much.... for ur timely help for my project preparation.....
Reply
#3
Great to hear that we have been of help to you. Keep visiting this site for even more seminar and project topics. Share this site with your friends too.
Reply
#4
pls send the report & ppt for the seminar topic-"Research on the Intrusion Detection Technology with Hybrid Model".
Reply
#5
To get more information about the topic "Research on the Intrusion Detection Technology with Hybrid Model" please refer the page link below

http://studentbank.in/report-hybrid-intr...9#pid53949
Reply
#6


to get information about the topic Hybrid Intrusion Detection with Weighted Signature Generation over full report ppt and related topic refer the page link bellow

http://studentbank.in/report-hybrid-intr...rnet--5874

http://studentbank.in/report-hybrid-intr...ull-report

http://studentbank.in/report-intruder-de...t-sequence
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: use of hybrid intrusion detection pdf, hybrid intrusion detection system ieee project in java, hybrid car full seminar**tual notice board, valamma episode 55, www velmma com episode**geration seminar, hybrid intrusion detection with source code, hybrid intrusion detection system pdf,

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  SAMBA SERVER ADMINISTRATION full report project report tiger 3 4,719 17-01-2018, 05:40 PM
Last Post: AustinnuAke
  air ticket reservation system full report project report tiger 16 46,803 08-01-2018, 02:33 PM
Last Post: RaymondGom
  An Efficient Algorithm for Mining Frequent Patterns full report project topics 3 4,714 01-10-2016, 10:02 AM
Last Post: Guest
  online examination full report project report tiger 14 42,735 03-09-2016, 11:20 AM
Last Post: jaseela123d
  SUSPICIOUS EMAIL DETECTION seminar class 11 7,774 21-04-2016, 11:16 AM
Last Post: dhanabhagya
  Employee Cubicle Management System full report computer science technology 4 5,081 07-04-2016, 11:37 AM
Last Post: dhanabhagya
  e-Post Office System full report computer science technology 27 25,744 30-03-2016, 02:56 PM
Last Post: dhanabhagya
  college website project full report project report tiger 28 67,020 29-11-2015, 02:37 PM
Last Post: Guest
  DATA LEAKAGE DETECTION project topics 16 13,002 31-07-2015, 02:59 PM
Last Post: seminar report asees
  steganography full report project report tiger 31 33,550 07-07-2015, 02:57 PM
Last Post: seminar report asees

Forum Jump: