Layered Approach using Conditional Random Fields For Intrusion

Download Report

Transcript Layered Approach using Conditional Random Fields For Intrusion

Layered Approach using
Conditional Random Fields
For Intrusion Detection
ABSTRACT:
Intrusion detection faces a number of challenges; an intrusion
detection system must reliably detect malicious activities in a
network and must perform efficiently to cope with the large amount
of network traffic. In this paper, we address these two issues of
Accuracy and Efficiency using Conditional Random Fields and
Layered Approach. We demonstrate that high attack detection
accuracy can be achieved by using Conditional Random Fields and
high efficiency by implementing the Layered Approach. Intrusion
detection is one of the high priority and challenging tasks for network
administrators and security professionals. More sophisticated
security tools mean that the attackers come up with newer and more
advanced penetration methods to defeat the installed security
systems. Finally, our system has the advantage that the number of
layers can be increased or decreased depending upon the
environment in which the system is deployed, giving flexibility to the
network administrators. The areas for future research include the
use of our method for extracting features that can aid in the
development of signatures for signature-based systems. The
signature-based systems can be deployed at the periphery of a
network to filter out attacks that are frequent and previously known,
leaving the detection of new unknown attacks for anomaly and
hybrid systems.
EXISTING SYSTEM
Intrusion detection in Wireless Sensor Network (WSN) is
of practical interest in many applications such as
detecting an intruder in a battlefield. The intrusion
detection is defined as a mechanism for a WSN to detect
the existence of inappropriate, incorrect, or anomalous
moving attackers. It is a fundamental issue to
characterize the WSN parameters such as node density
and sensing range in terms of a desirable detection
probability. In addition, we discuss the network
connectivity and broadcast reach ability, which are
necessary conditions to ensure the corresponding
detection probability in a WSN.
In analyzes the intrusion detection problem in
both homogeneous and heterogeneous WSNs
by characterizing intrusion detection probability
with respect to the intrusion distance and the
network parameters. Intrusion detection model
includes a network model, a detection model,
and an intrusion strategy model. The network
model specifies the WSN environment.
PROPOSED SYSTEM
In this paper, we have addressed the dual
problem of Accuracy and Efficiency for building
robust and efficient intrusion detection systems.
Our experimental results in Section 6 show that
CRFs are very effective in improving the attack
detection rate and decreasing the FAR.
Having a low FAR is very important for any
intrusion detection system. Further, feature
selection and implementing the Layered
Approach significantly reduce the time required
to train and test the model.
The areas for future research include the use of
our method for extracting features that can aid in
the development of signatures for signaturebased systems. The signature-based systems
can be deployed at the periphery of a network to
filter out attacks that are frequent and previously
known, leaving the detection of new unknown
attacks for anomaly and hybrid systems.
Finally, our system has the advantage that the
number of layers can be increased or decreased
depending upon the environment in which the
system is deployed, giving flexibility to the
network administrators.
ADVANTAGES & DISADVANTAGES
Disadvantage:
•The sensed information provided by a single sensor
might be inadequate for recognizing the intruder.
•So that there is no guarantee for our information has
been sent securely.
Advantage:
•Through sensing the network we able to find
possible node in the wireless Sensor network.
•By finding the intruders we can send our information
in a secured manner.
Hardware Requirements:
Processor
RAM
Hard Disk
Input device
Mouse.
Output device
Resolution Monitor.
:
:
:
:
Pentium IV 2.8GHz.
512 MB RAM.
40 GB.
Standard Keyboard and
:
VGA and High
Software Requirements:
Operating System
Language
:
:
Windows XP
JDK 1.5.
Modules
CONSTRUCTING NETWORK SECURITY
RANDOMIZED FIELD DETCTION
CONSTRUCTING NETWORK SECURITY
 In this module, we are going to connect the network
each node is connected the neighboring node and it is
independently deployed in network area. And also
deploy the each port no is authorized in a node. Intrusion
detection as defined by the Sys Admin, Audit,
Networking, and Security (SANS) Institute is the art of
detecting inappropriate, inaccurate, or anomalous
activity. Today, intrusion detection is one of the high
priority and challenging tasks for network administrators
and security professionals.
RANDOMIZED FIELD DETCTION
In this module, browse and select the source file. And
selected data is converted into fixed size of packets. And
the packet is send from source to detector. Conditional
models are probabilistic systems that are used to model
the conditional distribution over a set of random
variables. Such models have been extensively used in
the natural language processing tasks. Conditional
models offer a better framework as they do not make
any unwarranted assumptions on the observations and
can be used to model rich overlapping features among
the visible observations.
DATA FLOW DIAGRAM
In proposed system, we address these two issues of
Accuracy and Efficiency using Conditional Random
Fields and Layered Approach.
High attack detection accuracy can be achieved by using
Conditional Random Fields and high efficiency by
implementing the Layered Approach.
Experimental results show that our proposed system
based on Layered Conditional Random Fields
outperforms other well-known methods such as the
decision trees and the naive Bayes.
Detect1
Spec Trans
Detect2
Probe
Dest
Dos
Dest
R2L
Dest
Spec Trans
Detect3
MODULE DIAGRAM
Source
Source
Dest
Detector
File Dialog
Select The
Source File
Fixed Size
of Packet
Detector
REFERENCES:
[1] Autonomous Agents for
purdue.edu/research/aafid/, 2010.
Intrusion
Detection,
http://www.cerias.
[2] CRF++: Yet Another CRF Toolkit, http://crfpp.sourceforge.net/, 2010.
[3] KDD Cup 1999 Intrusion Detection
databases/kddcup99/kddcup99.html, 2010.
Data,
http://kdd.ics.uci.edu/
[4] Overview of Attack Trends, http://www.cert.org/archive/pdf/ attack_trends.pdf,
2002.
[5] Probabilistic Agent Based Intrusion
edu/research/isl/agentIDS.shtml, 2010.
Detection,
http://www.cse.sc.