INTERNATIONALComputer EngineeringCOMPUTER ENGINEERING  International Journal of JOURNAL OF and Technology (IJCET), ISSN 09...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volu...
Upcoming SlideShare
Loading in...5
×

Secure masid secure multi agent system for intrusion detection-2

109

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
109
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Secure masid secure multi agent system for intrusion detection-2

  1. 1. INTERNATIONALComputer EngineeringCOMPUTER ENGINEERING International Journal of JOURNAL OF and Technology (IJCET), ISSN 0976- 6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 1, January- February (2013), © IAEME & TECHNOLOGY (IJCET)ISSN 0976 – 6367(Print)ISSN 0976 – 6375(Online)Volume 4, Issue 1, January- February (2013), pp. 392-397 IJCET© IAEME:www.iaeme.com/ijcet.aspJournal Impact Factor (2012): 3.9580 (Calculated by GISI) ©IAEMEwww.jifactor.com SECURE MASID: SECURE MULTI-AGENT SYSTEM FOR INTRUSION DETECTION Shraddha Chaurasia Lalit Dole P.G. Student, MTech. (CSE), Assistant professor, Department of Computer Science & Engineering, Department of Computer Science & Engineering, G.H. Raisoni College of Engineering, G.H. Raisoni College of Engineering, Nagpur, India Nagpur, India ABSTRACT In this paper, we will modify existing work of multi-agent system for intrusion detection by providing more security to the agents in this system. Firstly, we present a review on existing intrusion detection systems, and then propose a strategy for securing the agents in MASID. Previously intrusion detection was done at different levels whether it is host based intrusion detection, but the most recent advancement is multi-agent system for intrusion detection. At last, we will discuss the implementation of secure-MASID. Thus we will show how the agents in MASID could be secured using AES algorithm. Keywords: MANET, intrusion, multi-agent, distributed, AES. I. INTRODUCTION One of the most important issues in computer network is security of the data that is being transferred between the computers. Since the use of internet has been increased there are many ways through which the computer may be attacked. Some of the ways may include hacking, intrusion etc. Any activity that tries to harm your computer is known as intrusion. This activity deteriorates computer’s performance. Compared to wired network, Wireless network are more susceptible to attack as most of the parameter in this type of network is dynamic these parameters may include infrastructure, topology etc. There are various measures of providing security to wireless network. Such measures could be authentication, firewalls etc. When there is intrusion, intrusion detection and prevention becomes necessary. 392
  2. 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 1, January- February (2013), © IAEME The process of detecting suspicious activities in the computer it is known as intrusiondetection. Misuse, Anomaly and specification based detection are some of the techniques fordetecting intrusion. Misuse detection and anomaly detection are similar in techniques fordetecting intrusion i.e. they both compare available data, but misuse detection compare thedata with known attack pattern and anomaly detection compare the data with the normalpattern of data. The data that is available with these techniques is through host or network. There are various intrusion detection systems available. The most recent advancementin IDS is agent based system. An agent is any process, module or host that is capable ofperforming independent activities in its environment. In agent based system there is singleagent used for detecting intrusion. In multi-agent system, multiple agents is being used,through the use of multiple agents intrusion detection process gets distributed. Thus thissystem may also be called as distributive and cooperative intrusion detection system. Inmulti-agent system, agents transfer intrusion detection related information between them. Butit may happen that the information transferred between the agents could be attacked thereforea need arises for providing security to the information being transferred between the agents. Thus the main focus of our paper is to provide security to the information exchangebetween the agents. The rest of the paper is organized as follows: The following sectionprovides a literature review of the intrusion detection systems. Section 3 describes theproposed system i.e. secure MASID. Section 4 provides the implementation of secureMASID. Section 5 finally concludes the paper by providing a brief summary of the proposedwork and lastly it provides some future work that could be done.II. RELATED WORKDepending upon the techniques and architectures intrusion detection system for MANET canbe broadly classified intoi) Standalone IDS: Standalone means individual, independent. Thus in this type of IDSthe detection process is carried individually. No information is being transferred between thenodes. Decisions are made individually by each node and there is no cooperation between thenodes.ii) Distributed and cooperative IDS: In this type of IDS, nodes cooperate with each otherby exchanging information regarding intrusion. Nodes are distributed and IDS are installedon each host.iii) Hierarchical IDS: In this type, IDS is divided into multiple layers or clusters. Eachcluster have a head or leader known as clusterhead who has more responsibilities than othermembers in clusters for ex. Routing packets from one cluster to another.iv) Agent Based System: Here intrusion detection process is divided into number ofagents. Each agent performs only one specific task and these agents are distributed into eachnode. Not every agent is assigned with functions as it helps to reduce power consumption. 393
  3. 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 1, January- February (2013), © IAEMEAs described in [1], Jai Sundar Balasubramaniyan, Jose Omar Garcia-Fernandez,David Isacoff, Eugene Spafford, Diego Zamboni first introduced the concept of autonomousagent in an architecture for intrusion detection using autonomous agent is a software agentthat performs some security monitoring function at a host.B.C cheng and R.Y tseng proposed an intrusion detection system known as context adaptiveintrusion detection system [10]. Every system has some factors for performing its executionthis system considers energy for performing intrusion. First IDS is installed on each systemthe intrusion detection process is carried by checking the energy factor. The nodes performthe task only if it has enough energy to perform it. But while considering IDS in MANETS, the nodes must be cooperative the nodes inthis system are not cooperative. Distributive and cooperative IDS, overcomes the limitations of CAIDS. This systemis designed using region based framework. There are two categories of nodes region membernodes and gateway nodes. A gateway node is one which has a connection to node inneighboring region otherwise it is called as region node. It contains two major components gateway intrusion detection and local intrusiondetection. First each node runs a LID and only subset of nodes will run GID.N. Marchang and R. Datta proposed hierarchical IDS which contain two algorithms ADCLIand ADCLU.ADCLI means algorithm for detection in clique and ADCLU is algorithm fordetection in cluster. Clique means set of nodes. In both algorithm during intrusion detection,the set of nodes transfers messages between them. If a particular node is suspicious, it willsend wrong messages to other nodes this is an assumption. If a node is malicious nodes theother nodes may choose to isolate the malicious nodes. C. Ramachandran, S. Misra, and M. S. Obaidat [9] proposed FORK a two waystrategy for intrusion detection here nodes get into a bidding process for performingintrusion detection. The nodes are allowed to get into bidding process only if they haveenough resources with them. The nodes which win get into detection process. Next strategy isto build ant colony algorithm based on anomaly detection technique.III. PROPOSED WORK In this section we present secure MASID. The proposed work contains a smallextension to MASID i.e. multi agent system for intrusion detection which has been developedby Leila Mechtri, Fatiha Djemili Tolba, Salim Ghanemi. This system contained number ofagents for performing detection process. Mainly there are three agents i.e. detection agent,collaboration agent and response agent. Detection agent used both techniques for detection purposes i.e. misuse detection andanomaly detection. It is responsible only for detection process. Next is response agent whichprovides appropriate response when an intrusion occurs. Third agent is collaboration agent which is responsible for exchanging messagesbetween these two agents. However it may happen that an attacker may attack this agent so inorder to secure detection related information we will apply AES algorithm to collaborationagent i.e. whatever information is transferred between both agents, it will be encrypted anddecrypted by AES algorithm. 394
  4. 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 1, January- February (2013), © IAEME Detection AES algorithm Response agent Collaboration agent agent Fig 1. Secure MASID architecture Fig shows three agents as it was mentioned in [13] three agent have been shown. Atthe collaboration agent, AES algorithm is being applied because it is the main point ofcommunication for both detection agent and response agent. The information that is beingtransferred between the two agents is encrypted at detection agent who is then decrypted atresponse agent. AES is a block cipher with a block length of 128 bits. AES allows for three differentkey lengths: 128, 192, or 256 bits. Most of our discussion will assume that the key length is128 bits. Encryption consists of 10 rounds of processing for 128-bit keys,12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. Except for the last round in each case, all otherrounds are identical. Each round of processing includes one single-byte based substitutionstep, a row-wise permutation step, a column-wise mixing step, and the addition of the roundkey. 395
  5. 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 1, January- February (2013), © IAEMEIV. IMPLEMENTATION In order to implement secure MASID we have chosen java platform. Firstly we willimplement all three agents then apply AES to it. We have taken kdd cup database as input forimplementing this system. This database contains packet format which is used for detectingintrusion. In detection agent, we will first specify what will be the initial values of the parameterscontained in the packet format. After taking the packet format as input we will apply K-meansalgorithm for clustering. There will be two clusters first will be of intrusion or attackers clusterand other will be of normal data’s cluster. Clustering is done on the basis of trusted ports i.e. wehave set some ports as trusted ports from the database. If the port is not trusted we will put it intoattacking cluster otherwise classify as normal. Along with clustering we will also classify unknown and known attack. This is based on acondition i.e. if cluster size is greater than max intrusion (this is a variable type) then it isunknown attack, otherwise it is known attack. Here we have set the value of max intrusion as1000 as it is the optimum value. Packet format from Kdd cup database Apply K-means algorithm Check if it Put it into attack cluster Inform other nodes is attack Put into normal cluster STOP Fig 2. DETECTION AGENTResponse Agent provides response to known and unknown attack as stated earlier. When it isknown attack we will check the magnitude of the attack. Magnitude is calculated asMagnitude = cluster size of intrusion detected / max intrusioni.e. if the cluster size or number of intrusion is 900 as compared to max intrusion the value ofattack magnitude will be 0.9 so we will conclude that it is highest magnitude attack. Thus we willbe creating rule based system which answers as to what is the magnitude of the attack. If it isunknown attack then we will try to change the strategy which means that we will run K-meansalgorithm once again. 396
  6. 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 1, January- February (2013), © IAEMEV. CONCLUSION In this paper we introduced a small modification to the existing work of [13] by providingadditional security to the information transferred between the agents. Security to the agents is beingprovided to agents using AES algorithm. We also discussed how we will implement our proposedwork. Thus the main advantage of this system is that we will provide one more level of security. Onearea of concern would be what if the agents undergo man-in-the-middle-attack. Future work may bedone in these directions.REFERENCES[1] R. Heady, G. Luger, A. Maccabe, and M. Servilla, “The architecture of a network level intrusiondetection system,” Technical report, Computer Science Department, University of New Mexico,August 1990.[2] M. Wooldridge and N. R. Jennings, “Intelligent agents: theory and practice”, KnowledgeEngineering Review, October 1994.[3] M. Wooldridge and N.R. Jennings. “Agent theories, architectures, and languages,” In Wooldridgeand Jennings, eds. Intelligent Agents, Springer Verlag, 1995, pp.1-22.[4] Jai Sundar Balasubramaniyan, Jose Omar Garcia-Fernandez, David Isacoff, Eugene Spafford,Diego Zamboni, “An Architecture for Intrusion Detection using Autonomous Agents”, COASTTechnical Report 98/05, Jun. 1998.[5] Y. Labrou, T. Finin, and Y. Peng, “The current landscape of Agent Communication Languages,”IEEE Intelligent Systems, vol. 14, number 2, March/April, 1999.[6] J. B. D. Cabrera et al. , “Proactive Detection of Distributed Denial of Service Attacks using MIBTraffic Variables-A Feasibility Study”.IEEE, 2001.[7] Tiranuch Anantvalee and Jie Wu, “A Survey on Intrusion Detection in Mobile Ad Hoc Networks”,Wireless/Mobile Network Security, Y. Xiao, X. Shen, and D.-Z. Du (Eds.), Springer 2006, pp. 170 –196.[8] N. Marchang and R. Datta, “Collaborative techniques for intrusion detection in mobile ad-hocnetworks, ” Ad Hoc Networks, 6 (2008), pp. 508-523.[9] C. Ramachandran, S. Misra, and M. S. Obaidat, “FORK: A novel twopronged strategy for anagent-based intrusion detection scheme in adhoc networks, ” Computer Communications 31 (2008),pp. 3855–3869.[10] B.-C. Cheng and R.-Y. Tseng, “A Context Adaptive Intrusion Detection System for MANET, ”Computer Communications, 2010.[11] F. Abdel-Fattah, Z. Md. Dahalin, and S. Jusoh, “Distributed and cooperative hierarchicalintrusion detection on MANETs,” International Journal of Computer Applications (0975-8887), Vol.12– No.5, Dec 2010, pp. 32-40.[12] J.-H. Cho and I.-R. Chen, “Performance analysis of hierarchical group key managementintegrated with adaptive intrusion detection in mobile ad hoc networks, ” Performance Evaluation 68(2011), pp. 58–75.[13] Leila Mechtri, Fatiha Djemili Tolba, Salim Ghanemi, “MASID: Multi-Agent System forIntrusion Detection in MANET”, IEEE 2012.[14] S. B. Patil, S. M. Deshmukh, Dr. Preeti Patil and Nitin Chavan, “Intrusion Detection ProbabilityIdentification in Homogeneous System of Wireless Sensor Network” International journal ofComputer Engineering & Technology (IJCET), Volume 3, Issue 2, 2012, pp. 12 - 18, ISSN Print:0976 – 6367, ISSN Online: 0976 – 6375, Published by IAEME.[15] Syeda Gauhar Fatima, Dr. Syed Abdul Sattar and Dr.K.Anita Sheela, “Energy Efficient IntrusionDetection System For Wsn” International journal of Electronics and Communication Engineering&Technology (IJECET), Volume 3, Issue 3, 2012, pp. 246 - 250, ISSN Print: 0976- 6464, ISSNOnline: 0976 –6472, Published by IAEME. 397

×