Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Using Genetic algorithm for Network Intrusion Detection

Using Genetic algorithm for Network Intrusion Detection : Genetic Algorithm IDS involves detecting the intrusion based on the log history, possible intrusions that are likely to occur. In Genetic Algorithm, each connection will be considered as a chromosome” which consists of many “genes” ( properties of the connection like : sourceIP, targetIP, port no., protocol …), One has to find the fitness value of each such chromosomes to detect intrusion.

  • Login to see the comments

Using Genetic algorithm for Network Intrusion Detection

  1. 1. PROJECT SEMINARPROJECT SEMINAR OnOn ““Network Intrusion DetectionNetwork Intrusion Detection using Genetic Algorithmusing Genetic Algorithm”” Presented byPresented by Under the Guidance ofUnder the Guidance of CoordinatorsCoordinators Chakrapani D.SChakrapani D.S [ B.E, M.tech ][ B.E, M.tech ] Lecturer, Dept of CSELecturer, Dept of CSE ChetanChetan K. RK. R [ B.E, M.Tech ][ B.E, M.Tech ] Sr. Lecturer , Dept of CSESr. Lecturer , Dept of CSE Poornima K.MPoornima K.M [ B.E, M.Tech ][ B.E, M.Tech ] Asst. Professor, Dept of CSEAsst. Professor, Dept of CSE Jawaharlal Nehru National College of Engineering,Jawaharlal Nehru National College of Engineering, ShimogaShimoga HITESH KUMAR. P 4JN07CS027HITESH KUMAR. P 4JN07CS027 SAGAR. USAGAR. U 4JN07CS0704JN07CS070 SANDEEP TANTRY. K 4JN07CS072SANDEEP TANTRY. K 4JN07CS072 SHARATH KUMAR. K 4JN07CS078SHARATH KUMAR. K 4JN07CS078
  2. 2. Contents 1. Introduction 1.1 Introduction to Intrusion Detection System(IDS). 1.2 Introduction to genetic algorithm. 2. Problem Specification 2.1 Major problems addressed. 2.2 Challenges faced. 2.3 Scope of the project. 3. Literature Survey 3.1 Features & Technology used. 3.2 Drawbacks & Solutions. 4. System Architecture 4.1 Workflow diagrams & Modules.
  3. 3. Introduction to IntrusionIntroduction to Intrusion Detection SystemDetection System  Intrusion.Intrusion.  ExternalExternal  InternalInternal  Intrusion Detection System.Intrusion Detection System.  Misuse vs Anomaly.Misuse vs Anomaly.  Host-based vs Network-based.Host-based vs Network-based.
  4. 4.  IDS - one piece of the whole Security puzzle.  Lots of people use Firewall and Router logs for Intrusion Detection .  Important Security architecture but does not solve all your problems .  Mostly signature based .  Example (Denial of Service [ DoS ] Attack).
  5. 5. Introduction-Genetic Algorithm  Definition.  Background Theory.  A simple Genetic Algorithm. StartStart GenerateGenerate randomrandom populationpopulation EvaluationEvaluation FunctionFunction OptimizationOptimization Criteria met?Criteria met? BestBest IndividualsIndividuals ResultResult SelectionSelection CrossoverCrossoverMutationMutation yesyes nono GenerateGenerate a newa new PopulationPopulation
  6. 6. Applications. Military Information security in some multinational agencies. Intrusion Prevention System. Significance. Network traffic analysis . Detection of various attacks.
  7. 7. Major problems  Security infrastructure.  Threats originating from outside.  Support Issues (OS, Platform)  Evaluation Parameters.
  8. 8. Challenges  Frequency vs Difficulty level.  Hacktivists or cyber terrorists  Deployment & Myths  Using IDS in fully switched networks  Interpreting all the data being presented  Encryption, VPN, Tunnels  Performance  Response team.
  9. 9. Scope  Combining knowledge from different sensors into a Standard rule base.  Local Area Security.  Security purpose in main servers across the world.  Intelligence Intrusion Detection System(IIDS) is an ongoing Project in Mississippi University.
  10. 10. Literature Survey • “The Integration of security sensors into the Intelligent Intrusion Detection System (IIDS) in a cluster environment” by Li, Wei – In this paper the author has described the some methods to detect Intrusion in Network.
  11. 11. • “Network Intrusion Detection” by Stephen Northcutt, Judy Novak – In this book the author has described some concepts related to networks and concepts related to Intrusion Detection
  12. 12. • “Principles of Information Security” - Michel E. Whitman and Herbert J. Mattord – In this paper the author has described about concepts in network security completely.
  13. 13. • “Genetic Algorithms with Dynamic Niche Sharing for Multimodal Function Optimization.” by Miller, Brad. L. and Michael J. Shaw. – In this paper the author has described about the concepts of Genetic algorithm and its applications (usage).
  14. 14. Applying Genetic Algorithm to IDS • Genetic algorithms can be used to evolve simple rules for network traffic. The rules stored in the rule base are usually in the following form if { condition } then { act } Eg. if {the connection has following information: source IP address 124.12.5.18; destination IP address:130.18.206.55; destination port number: 21; connection time: 10.1 seconds } then {stop the connection}
  15. 15. Rule definition for connection and range of values of each field AttributeAttribute Range Eg. Value DescriptionsRange Eg. Value Descriptions 0.0.0.0 – 255.0.0.0.0 – 255. d1.0b.**.** A subnet withd1.0b.**.** A subnet with resperespe Source IPSource IP 255.255.255255.255.255 (209.11.??.??) -ctive range of IP(209.11.??.??) -ctive range of IP Destination IP 0.0.0.0 – 255.Destination IP 0.0.0.0 – 255. 82.12.b*.**82.12.b*.** A subnet with respA subnet with resp 255.255.255255.255.255 -ective range of IP-ective range of IP Source Port no 0 - 65535Source Port no 0 - 65535 4233542335 Source Port noSource Port no Dest Port no 0 - 65535 00080Dest Port no 0 - 65535 00080 HTTP ServiceHTTP Service Duration 0 - 99999999 00000482 ConnectionDuration 0 - 99999999 00000482 Connection DurationDuration StateState 1 – 121 – 12 1111 (Internal Use)(Internal Use) ProtocolProtocol 1 – 91 – 9 22 TCPTCP ProtocolProtocol Bytes sent 0 – 9999999999 0000007320Bytes sent 0 – 9999999999 0000007320 Originator sends reOriginator sends re
  16. 16. Chromosome structure for example ( d, 1, 0, b, -1, -1, -1, -1, 8, 2, 1, 2, 1, 2, b, -1, -1,( d, 1, 0, b, -1, -1, -1, -1, 8, 2, 1, 2, 1, 2, b, -1, -1, -1, 4, 2, 3, 3, 5, 0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 4, 8, 2,-1, 4, 2, 3, 3, 5, 0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 4, 8, 2, 1, 1, 2, 0, 0, 0, 0, 0, 0, 7, 3, 2, 0, 0, 0, 0, 0, 0, 3,1, 1, 2, 0, 0, 0, 0, 0, 0, 7, 3, 2, 0, 0, 0, 0, 0, 0, 3, 8, 9, 1, 1 )8, 9, 1, 1 )
  17. 17. Drawbacks of other existing system  All the internal rules should be defined.  complex or loosely defined problems.  Monitoring systems.  Exact match for rules.  About 400 different IDS on the market-Only a few are scalable, and easy to maintain.
  18. 18. System Architecture StartStart GenerateGenerate randomrandom populationpopulation EvaluationEvaluation FunctionFunction OptimizationOptimization Criteria met?Criteria met? BestBest IndividualsIndividuals ResultResult SelectionSelection CrossoverCrossoverMutationMutation yesyes nono GenerateGenerate a newa new PopulationPopulation
  19. 19. Data setData set NetworkNetwork sniffersniffer GAGA Rule SetRule Set RuleRule BaseBase Rule Base ModuleRule Base Module
  20. 20. Evaluation Function = Outcome – Suspicious level= Outcome – Suspicious level 5757 Outcome =Outcome = Matched * Weight(i)Matched * Weight(i) i=1i=1 Fitness = 1 - PenaltyFitness = 1 - Penalty Penalty = (Penalty = ( * ranking )* ranking ) 100100
  21. 21. Father Mother Crossover offspring Point Child 1 Child 2 Crossover
  22. 22. • For example, 209.103.51.134 and 101.1.25.193 209.103.25.193 and 101.1.51.134.
  23. 23. 11 1 0 1 0 11 0 1 0 1 Before MutationBefore Mutation 1 0 0 0 0 11 0 0 0 0 1 After MutationAfter Mutation MutationMutation
  24. 24. Preferred Language Java Platform Windows
  25. 25.  Li, Wei. 2002. “The integration of security sensors intoLi, Wei. 2002. “The integration of security sensors into the Intelligent Intrusion Detection System (IIDS) in athe Intelligent Intrusion Detection System (IIDS) in a cluster environment.” Master’s Project Report. Departmentcluster environment.” Master’s Project Report. Department of Computer Science, Mississippi State University.of Computer Science, Mississippi State University.  Miller, Brad. L. and Michael J. Shaw. 1996. “GeneticMiller, Brad. L. and Michael J. Shaw. 1996. “Genetic Algorithms with Dynamic Niche Sharing for MultimodalAlgorithms with Dynamic Niche Sharing for Multimodal Function Optimization.”Function Optimization.” In Proceedings of IEEEIn Proceedings of IEEE International Conf. on Evolutionary Computation.International Conf. on Evolutionary Computation.  ““Network Intrusion Detection” by Stephen Northcutt,Network Intrusion Detection” by Stephen Northcutt, Judy Novak ( 3Judy Novak ( 3rdrd edition).edition).  ““Principles of Information SecurityPrinciples of Information Security” - Michel E. Whitman and” - Michel E. Whitman and Herbert J. Mattord, (2Herbert J. Mattord, (2ndnd Edition)Edition) REFERENCESREFERENCES
  26. 26. Thanking youThanking you

×