SlideShare a Scribd company logo

IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular Expressions

IRJET Journal
IRJET Journal

https://irjet.net/archives/V7/i4/IRJET-V7I432.pdf

Engineering
1 of 5
Download to read offline
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 © 2020, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 147 NetReconner: An Innovative Method to Intrusion Detection using Regular Expressions Radhika Gupte1, Pranav Mundhe2, Kiran Tonpe3, Shruti Agrawal4 1B.E. Information Technology, Dept. of Information Technology, Vidyalankar Institute of Technology, Maharashtra, India 2 B.E. Information Technology, Dept. of Information Technology, Vidyalankar Institute of Technology, Maharashtra, India 3B.E. Information Technology, Dept. of Information Technology, Vidyalankar Institute of Technology, Maharashtra, India 4Professor, Dept. of Information Technology, Vidyalankar Institute of Technology, Maharashtra, India ---------------------------------------------------------------------***---------------------------------------------------------------------- Abstract - Intrusion detection is an essential part of Information Security, which plays a vital role in securing a network or a system from attacks on the confidentiality, integrity and availability of the system. AnIntrusionDetection System (IDS) is a tool used to monitor the network with the purpose of detecting an attack on the system, which then reports the network administrator about the potential damage, so as to take appropriate measures. Network Intrusion Detection System (NIDS), a category of IDS, focuses on detection of network attacks and aims at securing the entire network instead of securing a single host. This paper describes complete working of NetReconner system. NetReconner is a Regular Expression (RegEx) basedNIDSthat captures packets from the network and compares the set of RegEx with each line of the captured packets. This system monitors the network continuously using a bash script. It uses a tool called as tcpdump (a command line tool in Linux). The output of tcpdump (the captured packets) is stored in a text file. The bash script, at regular intervals, also calls the detection engine which is programmed in Python3. The detection engine uses a set Regular Expressions andcompares them with each line in the text file containing the captured packet. NetReconner also provides a facility for the administrator to add new RegExfor newlydiscoverednetwork attacks to the existing set of RegEx. This paper elaborates the mechanism of NetReconner and discusses the results obtained using it. Key Words: Intrusion Detection System (IDS); Malicious packets; Network attacks; Network security; Packet capture; Regular Expressions (RegEx); Signatures. 1. INTRODUCTION In the current era, larger volumes of data go through and over the Internet every day. This makes the Internet a potential pathway to intrude a network.Malicioususerstake advantage of this pathway and carry out network attacks on a target system or network. This can cause loss of huge amounts of data or information and can prove disastrous when it comes to sensitive Government information, data related to financial sector and other such critical information. To avoid such circumstances, network security has become a necessity in most organizations and institutions. The most common way attackers harm computer systems, is by using malicious software, called malwares. Malwares are a piece of software designed for performing unethical activity to gain access to another individual’s resource or to spy on them. Malwares can also disrupt the functioning of the complete system.According to the statistics report from Kaspersky’s SecurityBulletin2016 [1], 31.9% of user computers were subjected to at least one Malware-class web attack over the year. Unauthorizedusers in a network pose a threat to the system wheretheyperform network attacks to compromise the system or the services provided by it over the network. These attacks are data packets containing malicious codes in their payloads. These malicious codes can be detected usingregularexpressions.A regular expression (RegEx) is a sequence of characters used to search a specific pattern in a text file or for input validation under different applications. NetReconner is an IDS that makes use of RegEx for pattern matching with the captured packets’ data looking for a possible attack. As stated in Guide to Intrusion Detection and Prevention Systems (IDPS) [2], an Intrusion Detection System (IDS) is a software that automates the intrusion detection where the administrator monitors events occurring in a computer system or network and analyses them for signs of possible incidents that may qualify as violations or threats of violations of computer security policies. 1.1 Detection Process Capturing of packets from over the network is doneusing a simple Linux command ‘tcpdump’. Tcpdump can also be referred to as a tool for scanning the network for capturing and analyzing data packets and has multiple real-time applications. The tcpdump command is triggered by a bash script at fixed intervals of time to enable continuous packet capture. The packets captured are stored in and appended into a text file on which the Detection Engine carries out the pattern matching algorithm. The Detection Engine is also triggered by the same bash script that triggers tcpdump command causing minimal down time of the Engine and enabling batch processing of the packets captured
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 © 2020, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 148 meanwhile. If a line in the text file matches with a particular RegEx from the existing set, an alert is generated identifying the attack that has been occurred.NetReconneralsoprovides facility to the network administrator to addnewRegExtothe existing set, manually through a user interface. 2. LITERATURE SURVEY Through this section, we summarize some of the existing research work on intrusion detection systems. In January 2016, Akash Garg et al. [3], has proposed a system to improve performance of an existing intrusion detection system. They have used a dataset to detect attacks using Snort. Snort is a well-known network intrusion detection system that audits network packets andcompares them with attack signatures. The complete performance analysis of Snort is presented in this paper. Snort identifies attacks even when the entire packet is not available to it. On the other hand, there is a drawback in this system that Snort generates false alerts or false alarms in considerable amounts. In May 2017, Abdullah H Almutairi1 et al. [4], has proposed a solution to the problem of huge database size. Signature based intrusion detection systems often suffer from large number of signature patterns stored in database. The idea of frequent-signature database is used to decrease the database size, also resulting in improving the performance of the system. This generates an alert very quickly after a signature is triggered.Inaddition,theconcept of parallel processing is used with two small databases. This will minimize the detection time. When the packet goes through a network, it gets parsed by the databases for matching. The scanning should be done on a separate machine. The proposed system has four components: detection engine, small databases to store the most frequently used signatures, updating agent, and a complementary database that stores the remaining signatures. Detection engine captures an incoming packet, then decodes it and extracts its features which could also be considered as the packet signature. This is compared with the signature database. If the database contains a match, the engine will trigger an alert by displaying it. It also logs the incident, disables the connection by forbidding all succeeding packets from coming from that source. The second component is the small databases containing the most frequent attack signatures. The size of these databases is smaller, compared to the complementary database and this database can be adjusted according to network load or administrator decision. The third componentistheupdating agent, used to update the small databases with the most frequent signatures and removethosesignatures,eitherthat were not used over a time period or related to a malware which depends on a vulnerability that has been predefined. The fourth component is the complementary database containing the remaining signatures. This database is larger in size than the small databases and is used to detect infrequent attacks. This module updates the small database module over time. The proposed solution sets a priority for each added signature in database. These priorities are‘high’, ‘low’ and ‘medium’. These are like labels to the signatures. The reason for assigning a priority to a signature is to know if a specific signature is likely to occur in the network or not. High priority signatures are kept in the smaller database, while the complementary database stores low priority signatures. Network administrator decides what to do with medium priority signatures. In November 2012, Prof. D. P. Gaikwad1 et al. [5], has proposed Multithreaded design detection module. It is a single process that decides whether a captured packet is malicious or not. A single process works well when there is not much traffic in the network. However, if the network is flooded, it will slow down the detection speed or there is a possibility of missing a potential attack due to dropping of extra packets. To deal with this problem they used the multithreaded design. This design keeps a two-variable count. One variable is used to track the number of captured packets and another variable keeps count of threadscreated by the detection engine. The first variable can take some maximum value that a single thread can handle at a time for processing. When that value exceeds, a new thread will be created to handle further packets. The concept of an agent is used in their paper to describe the working of the system. Components of agents are a frequent-attack signature database, a detection engine and an updating module. In the first component, incoming packets are checked against attack signatures. This process is time consuming. To overcome this flaw, they have used cache mechanism for frequently triggered signatures, decreasing the response time. Another module is the detection module that takes a packet as an input and extracts its signature. This extracted signature is then compared with all the signatures in cached database to check for intrusion. If a match is found then that packet is labelled as a malicious packet. The work of the updating module is to keep the frequent-attack signature set up to date. A variable is associated with each attack. That variable is incremented whenever an attack signature is triggered. The concept of DIDS (Distributed Intrusion Detection System) is used here. A distributed IDS uses multiple detection modules over a large network. All these modules communicate with eachotherandsendupdates toa central server. This makes the task ofnetwork administrator and analysts easy and manageable. This allows them to update distributed servers using single central server. Osaghae [6] also proposed a similar model that decreases the size of the main signature database. The model consists of components such as a detection engine, a family malware reduction buffer database engine, a scalable malware signature database and a temporary database called the
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 © 2020, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 149 reduction buffer database. The working of these modules is similar to the other modules explained before. 3. PROPOSED SYSTEM In order to detect malicious activity in a network,thereisa need to monitor the network continuously. To achieve this, capturing the packets flowing on the line is necessary. Thisis done using TCPDUMP, a packet capture tool which is available in all Linux and Unix based operating systems. It is often used to help troubleshoot network issues and is also a security tool. It is the most powerful and versatile tool that includes many options and filters by using the ‘libpcap’ library to do this task. After capturing all data packets, the result is stored in a simple flat file or a text file.Theamountof data packets in flat files dependsontheactivityperformedon the web. Then, the detection engine parses all the data packets using Regular Expressions which are stored in flat files based on attacks. Regular expression is a library in Python programming language. Regular expression library or RE specifies a set of strings that matches it. The functions in this module are used to check if a particular string matches with a given regular expression or not. This flat file isusedbyDetectionEnginefor parsing the data packets to generatealertsandlogsuspicious activities. Detailed explanation about modules in Fig 3.1 isgivenbelow. 1. Packet capture Module: TCPDUMP command/tool is used for capturing data like header and payload in this module. It captures all major protocol packets like TCP, UDP and DNS requests. Following command is used for packet capture: tcpdump -nnvvSs 1564 -A 2. Rules or RegEx set: A set of rules, written in regular expressions that a detection engine uses to find typical intrusive activity. These rules are stored in a specific repository and are fetched to compare with captured data. 3. Detection engine: It consists of a Python script which is used to check if a particular string matches with any of the given regular expressions. Parsing through all data and then applyingRegular Expressionsetoneachpackettakesplacein the Detection Engine. 4. IMPLEMENTATION AND RESULTS 4.1 Implementation The first module deals with packet capturing and generating alerts for designated attacks carried out in a network. Here the first module logs network traffic in a flat file in order to find malicious packets in it. Detection engine continuously parses through, the logged packets so that the system remains active for all the time without allowing any infected packets to escape. Now the generated alerts are appended in different files based on the attack type. This separates out the bad traffic so that the network administrator can analyze the generated alerts. Detailed packet information can tell a lot about the attacker. This is how the system can backtrack an attacker. In the second module, a graphical user interface (GUI) is rendered. This is done for appending a new RegEx in a particular file which is not included before. This module is administrator triggered. If an attack is done using a different approach for which the RegEx is not present in the existing files, then the administrator can add a new RegEx for that particular attack in a particular file mentioned by the administrator. TheseRegExfilesaresimultaneouslyaccessed by both modules. Hence, there is a possibility of deadlock in the operating system. This problem is solved by creating a temporary file for appending RegEx entered by the administrator and then adding that RegEx to the main file when module one execution is completed the next first time in a cycle. Thus, there is no need to halt the detection engine for alert generation. This makes the system real-time. Fig 3.1: Block diagram of NetReconner
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 © 2020, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 150 Flow chart for NetReconner system is shown below: As shown in Fig 4.1, NetReconner comprises of two modules. Each module acts independent of each other without being interrupted by another one. 4.2 Results Tests were conducted to check the performance of NetReconner’s Detection Engine. During the test, the Detection Engine was deployed on an Ubuntu machine equipped with Intel Core i3 CPU, 64-bit OS and8GBRAM.To launch the attacks, Kali Linux was used withinbuilttoolslike Nmap, Xerxes and Hping3. Following are some of the snapshots taken while recording the results. Fig 4.2.1 shows that the packets are captured using tcpdump command and detection engine starts parsing through all the captured packets. The “end_of_execution” shows that the detection engine has parsed all packets. Till this instant no attack has been detected and the execution time remains almost constant as a result of the same. Fig 4.2.2 shows that Cross-site scripting attack is detected and the entire packet is captured and stored in a flat file. The captured packet has many attributes, such as Source IP address, Destination IP address, Host (the site on which the attack has been performed), User-agent (Browser used for performing the activity), Content (the content that the attacker had put in the input field of the web page). Fig 4.1: Flowchart for working of NetReconner Fig 4.2.1: System before attack detection Fig 4.2.2: System after attack detection
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 © 2020, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 151 Fig 4.2.3 shows a graph of system timeline versus execution time. The blue line represents the performance of detection engine before attack, while the orange line represents performance during attack. From the time the detection engine starts till the time an attack is detected, the execution time remains almost constant. When an attack is detected, the magnitude of increase in execution time depends upon the type of the attack. 5. CONCLUSIONS This paper focused on the proposed signature-based IDS, NetReconner, andelaboratelyexplainstheimplementationof the Intrusion Detection System. There are quite a number of IDSs available in the market that require to be configured on the system to be deployed on. NetReconner, on the other hand, does not need to be configured. It only requires installation of a few files and the IDS is good to go. The detection engine is lightweight and uses simple flat files for storing the set of regular expressions. No relational database is used in the NetReconner which makes operations of the detection engine easier. Another factor which makes NetReconner advantageous is that the detection engine works on string operations making it less cumbersome for comparisons.Despitetheseadvantages,problemsstillexistin today’s Intrusion Detection Systems.RegExgenerationisstill a challenge being a manual process.Furthermore,processing of the packets depends on the system hardware. The existing IDS can be added with more features such as behavioral securityandconversiontoIntrusionPreventionSystem(IPS). REFERENCES [1] Kaspersky Security Bulletin OVERALL STATISTICS FOR 2016 Maria Garnaeva, Fedor Sinitsyn, Yury Namestnikov, Denis Makrushin, Alexander Liskin. [2] Karen Scarfone1, Peter Mell2, Guide to Intrusion Detection and Prevention Systems (IDPS), Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930. [3] Akash Garg1, Prachi Maheshwari2, ‘Performance Analysis of Snort-based IntrusionDetectionSystem“3rd International Conference on Advanced Computing and Communication System”, January 2016. [4] Abdullah H Almutairi1, Dr. Nabih T Abdelmajeed2, “Innovative Signature Based IntrusionDetectionSystem using Parallel Processing and Minimized Database’ Institute of Electrical and Electronics Engineers”, May 2017. [5] Prof. D. P. Gaikwad1, Pooja Polshettiwar2, Priyanka Musale3, Pooja Paranjape4, Ashwini S. Pawar5 “A Proposal for Implementation of Signature Based Intrusion Detection System Using Multithreading Technique” International Journal of Computational Engineering Research, November 2012. [6] Osaghae EO1. Improved signature-based antivirus system. International Journal of Computer Science and Information Technology Research. 2015;3(4):250-254. Fig 4.2.3: System performance

Recommended

5
55
5aniketnimaje
 
4
44
4aniketnimaje
 
A novel signature based traffic classification engine to reduce false alarms ...
A novel signature based traffic classification engine to reduce false alarms ...A novel signature based traffic classification engine to reduce false alarms ...
A novel signature based traffic classification engine to reduce false alarms ...IJCNCJournal
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET Journal
 
A NOVEL HEADER MATCHING ALGORITHM FOR INTRUSION DETECTION SYSTEMS
A NOVEL HEADER MATCHING ALGORITHM FOR INTRUSION DETECTION SYSTEMSA NOVEL HEADER MATCHING ALGORITHM FOR INTRUSION DETECTION SYSTEMS
A NOVEL HEADER MATCHING ALGORITHM FOR INTRUSION DETECTION SYSTEMSIJNSA Journal
 
A proposed architecture for network
A proposed architecture for networkA proposed architecture for network
A proposed architecture for networkIJCNCJournal
 
Survey on classification techniques for intrusion detection
Survey on classification techniques for intrusion detectionSurvey on classification techniques for intrusion detection
Survey on classification techniques for intrusion detectioncsandit
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 

Recommended

5
55
5aniketnimaje
 
4
44
4aniketnimaje
 
A novel signature based traffic classification engine to reduce false alarms ...
A novel signature based traffic classification engine to reduce false alarms ...A novel signature based traffic classification engine to reduce false alarms ...
A novel signature based traffic classification engine to reduce false alarms ...IJCNCJournal
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET Journal
 
A NOVEL HEADER MATCHING ALGORITHM FOR INTRUSION DETECTION SYSTEMS
A NOVEL HEADER MATCHING ALGORITHM FOR INTRUSION DETECTION SYSTEMSA NOVEL HEADER MATCHING ALGORITHM FOR INTRUSION DETECTION SYSTEMS
A NOVEL HEADER MATCHING ALGORITHM FOR INTRUSION DETECTION SYSTEMSIJNSA Journal
 
A proposed architecture for network
A proposed architecture for networkA proposed architecture for network
A proposed architecture for networkIJCNCJournal
 
Survey on classification techniques for intrusion detection
Survey on classification techniques for intrusion detectionSurvey on classification techniques for intrusion detection
Survey on classification techniques for intrusion detectioncsandit
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Internet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining TechniquesInternet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining Techniquesiosrjce
 
6
66
6aniketnimaje
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusionvinaykumar R
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningeSAT Publishing House
 
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET Journal
 
Survey of Clustering Based Detection using IDS Technique
Survey of Clustering Based Detection using IDS Technique Survey of Clustering Based Detection using IDS Technique
Survey of Clustering Based Detection using IDS Technique IRJET Journal
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
 
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONCOMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONIJNSA Journal
 
A Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection SystemA Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection SystemAM Publications
 
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...ijcsit
 
False positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoFalse positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoeSAT Journals
 
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANIJNSA Journal
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachSuraj Chauhan
 
1762 1765
1762 17651762 1765
1762 1765Editor IJARCET
 
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...IRJET Journal
 
Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsDETER-Project
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data miningbalbeerrawat
 
Intrusion detection system via fuzzy
Intrusion detection system via fuzzyIntrusion detection system via fuzzy
Intrusion detection system via fuzzyIJDKP
 
504 508
504 508504 508
504 508Editor IJARCET
 
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...ijsrd.com
 
Collecting and analyzing network-based evidence
Collecting and analyzing network-based evidenceCollecting and analyzing network-based evidence
Collecting and analyzing network-based evidenceCSITiaesprime
 
Intrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIntrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIOSR Journals
 

More Related Content

What's hot

Internet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining TechniquesInternet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining Techniquesiosrjce
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusionvinaykumar R
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningeSAT Publishing House
 
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET Journal
 
Survey of Clustering Based Detection using IDS Technique
Survey of Clustering Based Detection using IDS Technique Survey of Clustering Based Detection using IDS Technique
Survey of Clustering Based Detection using IDS Technique IRJET Journal
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
 
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONCOMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONIJNSA Journal
 
A Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection SystemA Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection SystemAM Publications
 
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...ijcsit
 
False positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoFalse positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoeSAT Journals
 
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANIJNSA Journal
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachSuraj Chauhan
 
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...IRJET Journal
 
Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsDETER-Project
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data miningbalbeerrawat
 
Intrusion detection system via fuzzy
Intrusion detection system via fuzzyIntrusion detection system via fuzzy
Intrusion detection system via fuzzyIJDKP
 

What's hot (19)

Internet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining TechniquesInternet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining Techniques
 
6
66
6
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusion
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learning
 
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
 
Survey of Clustering Based Detection using IDS Technique
Survey of Clustering Based Detection using IDS Technique Survey of Clustering Based Detection using IDS Technique
Survey of Clustering Based Detection using IDS Technique
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
 
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONCOMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
 
A Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection SystemA Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection System
 
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...
 
False positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoFalse positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algo
 
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining Approach
 
1762 1765
1762 17651762 1765
1762 1765
 
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
 
Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network Testbeds
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data mining
 
Intrusion detection system via fuzzy
Intrusion detection system via fuzzyIntrusion detection system via fuzzy
Intrusion detection system via fuzzy
 
504 508
504 508504 508
504 508
 

Similar to IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular Expressions

A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...ijsrd.com
 
Collecting and analyzing network-based evidence
Collecting and analyzing network-based evidenceCollecting and analyzing network-based evidence
Collecting and analyzing network-based evidenceCSITiaesprime
 
Intrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIntrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIOSR Journals
 
Online stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficOnline stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficeSAT Journals
 
Online stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficOnline stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficeSAT Publishing House
 
COPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docxCOPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docxvoversbyobersby
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
 
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.IRJET Journal
 
IRJET - A Secure Approach for Intruder Detection using Backtracking
IRJET - A Secure Approach for Intruder Detection using BacktrackingIRJET - A Secure Approach for Intruder Detection using Backtracking
IRJET - A Secure Approach for Intruder Detection using BacktrackingIRJET Journal
 
A honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityA honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityIAEME Publication
 
Pre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the networkPre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
 
A Survey on Data Intrusion schemes used in MANET
A Survey on Data Intrusion schemes used in MANETA Survey on Data Intrusion schemes used in MANET
A Survey on Data Intrusion schemes used in MANETIRJET Journal
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...IJNSA Journal
 
IRJET- Machine Learning based Network Security
IRJET- Machine Learning based Network SecurityIRJET- Machine Learning based Network Security
IRJET- Machine Learning based Network SecurityIRJET Journal
 

Similar to IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular Expressions (20)

A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
 
Collecting and analyzing network-based evidence
Collecting and analyzing network-based evidenceCollecting and analyzing network-based evidence
Collecting and analyzing network-based evidence
 
Intrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIntrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural Network
 
Online stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficOnline stream mining approach for clustering network traffic
Online stream mining approach for clustering network traffic
 
Online stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficOnline stream mining approach for clustering network traffic
Online stream mining approach for clustering network traffic
 
COPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docxCOPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docx
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern mining
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern mining
 
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
 
IRJET - A Secure Approach for Intruder Detection using Backtracking
IRJET - A Secure Approach for Intruder Detection using BacktrackingIRJET - A Secure Approach for Intruder Detection using Backtracking
IRJET - A Secure Approach for Intruder Detection using Backtracking
 
A honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityA honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network security
 
Pre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the networkPre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the network
 
L017317681
L017317681L017317681
L017317681
 
A Survey on Data Intrusion schemes used in MANET
A Survey on Data Intrusion schemes used in MANETA Survey on Data Intrusion schemes used in MANET
A Survey on Data Intrusion schemes used in MANET
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
 
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...
 
IRJET- Machine Learning based Network Security
IRJET- Machine Learning based Network SecurityIRJET- Machine Learning based Network Security
IRJET- Machine Learning based Network Security
 
Kb2417221726
Kb2417221726Kb2417221726
Kb2417221726
 

More from IRJET Journal

TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...IRJET Journal
 
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURESTUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTUREIRJET Journal
 
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...IRJET Journal
 
Effect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil CharacteristicsEffect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil CharacteristicsIRJET Journal
 
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...IRJET Journal
 
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...IRJET Journal
 
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...IRJET Journal
 
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...IRJET Journal
 
A REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADASA REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADASIRJET Journal
 
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...IRJET Journal
 
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD ProP.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD ProIRJET Journal
 
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...IRJET Journal
 
Survey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare SystemSurvey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare SystemIRJET Journal
 
Review on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridgesReview on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridgesIRJET Journal
 
React based fullstack edtech web application
React based fullstack edtech web applicationReact based fullstack edtech web application
React based fullstack edtech web applicationIRJET Journal
 
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...IRJET Journal
 
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.IRJET Journal
 
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...IRJET Journal
 
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic DesignMultistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic DesignIRJET Journal
 
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...IRJET Journal
 

More from IRJET Journal (20)

TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
 
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURESTUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
 
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
 
Effect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil CharacteristicsEffect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil Characteristics
 
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
 
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
 
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
 
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
 
A REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADASA REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADAS
 
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
 
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD ProP.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
 
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
 
Survey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare SystemSurvey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare System
 
Review on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridgesReview on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridges
 
React based fullstack edtech web application
React based fullstack edtech web applicationReact based fullstack edtech web application
React based fullstack edtech web application
 
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
 
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
 
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
 
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic DesignMultistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
 
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
 

Recently uploaded

Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingjaychoudhary37
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 

Recently uploaded (20)

🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacing
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 

IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular Expressions

  • 1. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 © 2020, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 147 NetReconner: An Innovative Method to Intrusion Detection using Regular Expressions Radhika Gupte1, Pranav Mundhe2, Kiran Tonpe3, Shruti Agrawal4 1B.E. Information Technology, Dept. of Information Technology, Vidyalankar Institute of Technology, Maharashtra, India 2 B.E. Information Technology, Dept. of Information Technology, Vidyalankar Institute of Technology, Maharashtra, India 3B.E. Information Technology, Dept. of Information Technology, Vidyalankar Institute of Technology, Maharashtra, India 4Professor, Dept. of Information Technology, Vidyalankar Institute of Technology, Maharashtra, India ---------------------------------------------------------------------***---------------------------------------------------------------------- Abstract - Intrusion detection is an essential part of Information Security, which plays a vital role in securing a network or a system from attacks on the confidentiality, integrity and availability of the system. AnIntrusionDetection System (IDS) is a tool used to monitor the network with the purpose of detecting an attack on the system, which then reports the network administrator about the potential damage, so as to take appropriate measures. Network Intrusion Detection System (NIDS), a category of IDS, focuses on detection of network attacks and aims at securing the entire network instead of securing a single host. This paper describes complete working of NetReconner system. NetReconner is a Regular Expression (RegEx) basedNIDSthat captures packets from the network and compares the set of RegEx with each line of the captured packets. This system monitors the network continuously using a bash script. It uses a tool called as tcpdump (a command line tool in Linux). The output of tcpdump (the captured packets) is stored in a text file. The bash script, at regular intervals, also calls the detection engine which is programmed in Python3. The detection engine uses a set Regular Expressions andcompares them with each line in the text file containing the captured packet. NetReconner also provides a facility for the administrator to add new RegExfor newlydiscoverednetwork attacks to the existing set of RegEx. This paper elaborates the mechanism of NetReconner and discusses the results obtained using it. Key Words: Intrusion Detection System (IDS); Malicious packets; Network attacks; Network security; Packet capture; Regular Expressions (RegEx); Signatures. 1. INTRODUCTION In the current era, larger volumes of data go through and over the Internet every day. This makes the Internet a potential pathway to intrude a network.Malicioususerstake advantage of this pathway and carry out network attacks on a target system or network. This can cause loss of huge amounts of data or information and can prove disastrous when it comes to sensitive Government information, data related to financial sector and other such critical information. To avoid such circumstances, network security has become a necessity in most organizations and institutions. The most common way attackers harm computer systems, is by using malicious software, called malwares. Malwares are a piece of software designed for performing unethical activity to gain access to another individual’s resource or to spy on them. Malwares can also disrupt the functioning of the complete system.According to the statistics report from Kaspersky’s SecurityBulletin2016 [1], 31.9% of user computers were subjected to at least one Malware-class web attack over the year. Unauthorizedusers in a network pose a threat to the system wheretheyperform network attacks to compromise the system or the services provided by it over the network. These attacks are data packets containing malicious codes in their payloads. These malicious codes can be detected usingregularexpressions.A regular expression (RegEx) is a sequence of characters used to search a specific pattern in a text file or for input validation under different applications. NetReconner is an IDS that makes use of RegEx for pattern matching with the captured packets’ data looking for a possible attack. As stated in Guide to Intrusion Detection and Prevention Systems (IDPS) [2], an Intrusion Detection System (IDS) is a software that automates the intrusion detection where the administrator monitors events occurring in a computer system or network and analyses them for signs of possible incidents that may qualify as violations or threats of violations of computer security policies. 1.1 Detection Process Capturing of packets from over the network is doneusing a simple Linux command ‘tcpdump’. Tcpdump can also be referred to as a tool for scanning the network for capturing and analyzing data packets and has multiple real-time applications. The tcpdump command is triggered by a bash script at fixed intervals of time to enable continuous packet capture. The packets captured are stored in and appended into a text file on which the Detection Engine carries out the pattern matching algorithm. The Detection Engine is also triggered by the same bash script that triggers tcpdump command causing minimal down time of the Engine and enabling batch processing of the packets captured
  • 2. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 © 2020, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 148 meanwhile. If a line in the text file matches with a particular RegEx from the existing set, an alert is generated identifying the attack that has been occurred.NetReconneralsoprovides facility to the network administrator to addnewRegExtothe existing set, manually through a user interface. 2. LITERATURE SURVEY Through this section, we summarize some of the existing research work on intrusion detection systems. In January 2016, Akash Garg et al. [3], has proposed a system to improve performance of an existing intrusion detection system. They have used a dataset to detect attacks using Snort. Snort is a well-known network intrusion detection system that audits network packets andcompares them with attack signatures. The complete performance analysis of Snort is presented in this paper. Snort identifies attacks even when the entire packet is not available to it. On the other hand, there is a drawback in this system that Snort generates false alerts or false alarms in considerable amounts. In May 2017, Abdullah H Almutairi1 et al. [4], has proposed a solution to the problem of huge database size. Signature based intrusion detection systems often suffer from large number of signature patterns stored in database. The idea of frequent-signature database is used to decrease the database size, also resulting in improving the performance of the system. This generates an alert very quickly after a signature is triggered.Inaddition,theconcept of parallel processing is used with two small databases. This will minimize the detection time. When the packet goes through a network, it gets parsed by the databases for matching. The scanning should be done on a separate machine. The proposed system has four components: detection engine, small databases to store the most frequently used signatures, updating agent, and a complementary database that stores the remaining signatures. Detection engine captures an incoming packet, then decodes it and extracts its features which could also be considered as the packet signature. This is compared with the signature database. If the database contains a match, the engine will trigger an alert by displaying it. It also logs the incident, disables the connection by forbidding all succeeding packets from coming from that source. The second component is the small databases containing the most frequent attack signatures. The size of these databases is smaller, compared to the complementary database and this database can be adjusted according to network load or administrator decision. The third componentistheupdating agent, used to update the small databases with the most frequent signatures and removethosesignatures,eitherthat were not used over a time period or related to a malware which depends on a vulnerability that has been predefined. The fourth component is the complementary database containing the remaining signatures. This database is larger in size than the small databases and is used to detect infrequent attacks. This module updates the small database module over time. The proposed solution sets a priority for each added signature in database. These priorities are‘high’, ‘low’ and ‘medium’. These are like labels to the signatures. The reason for assigning a priority to a signature is to know if a specific signature is likely to occur in the network or not. High priority signatures are kept in the smaller database, while the complementary database stores low priority signatures. Network administrator decides what to do with medium priority signatures. In November 2012, Prof. D. P. Gaikwad1 et al. [5], has proposed Multithreaded design detection module. It is a single process that decides whether a captured packet is malicious or not. A single process works well when there is not much traffic in the network. However, if the network is flooded, it will slow down the detection speed or there is a possibility of missing a potential attack due to dropping of extra packets. To deal with this problem they used the multithreaded design. This design keeps a two-variable count. One variable is used to track the number of captured packets and another variable keeps count of threadscreated by the detection engine. The first variable can take some maximum value that a single thread can handle at a time for processing. When that value exceeds, a new thread will be created to handle further packets. The concept of an agent is used in their paper to describe the working of the system. Components of agents are a frequent-attack signature database, a detection engine and an updating module. In the first component, incoming packets are checked against attack signatures. This process is time consuming. To overcome this flaw, they have used cache mechanism for frequently triggered signatures, decreasing the response time. Another module is the detection module that takes a packet as an input and extracts its signature. This extracted signature is then compared with all the signatures in cached database to check for intrusion. If a match is found then that packet is labelled as a malicious packet. The work of the updating module is to keep the frequent-attack signature set up to date. A variable is associated with each attack. That variable is incremented whenever an attack signature is triggered. The concept of DIDS (Distributed Intrusion Detection System) is used here. A distributed IDS uses multiple detection modules over a large network. All these modules communicate with eachotherandsendupdates toa central server. This makes the task ofnetwork administrator and analysts easy and manageable. This allows them to update distributed servers using single central server. Osaghae [6] also proposed a similar model that decreases the size of the main signature database. The model consists of components such as a detection engine, a family malware reduction buffer database engine, a scalable malware signature database and a temporary database called the
  • 3. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 © 2020, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 149 reduction buffer database. The working of these modules is similar to the other modules explained before. 3. PROPOSED SYSTEM In order to detect malicious activity in a network,thereisa need to monitor the network continuously. To achieve this, capturing the packets flowing on the line is necessary. Thisis done using TCPDUMP, a packet capture tool which is available in all Linux and Unix based operating systems. It is often used to help troubleshoot network issues and is also a security tool. It is the most powerful and versatile tool that includes many options and filters by using the ‘libpcap’ library to do this task. After capturing all data packets, the result is stored in a simple flat file or a text file.Theamountof data packets in flat files dependsontheactivityperformedon the web. Then, the detection engine parses all the data packets using Regular Expressions which are stored in flat files based on attacks. Regular expression is a library in Python programming language. Regular expression library or RE specifies a set of strings that matches it. The functions in this module are used to check if a particular string matches with a given regular expression or not. This flat file isusedbyDetectionEnginefor parsing the data packets to generatealertsandlogsuspicious activities. Detailed explanation about modules in Fig 3.1 isgivenbelow. 1. Packet capture Module: TCPDUMP command/tool is used for capturing data like header and payload in this module. It captures all major protocol packets like TCP, UDP and DNS requests. Following command is used for packet capture: tcpdump -nnvvSs 1564 -A 2. Rules or RegEx set: A set of rules, written in regular expressions that a detection engine uses to find typical intrusive activity. These rules are stored in a specific repository and are fetched to compare with captured data. 3. Detection engine: It consists of a Python script which is used to check if a particular string matches with any of the given regular expressions. Parsing through all data and then applyingRegular Expressionsetoneachpackettakesplacein the Detection Engine. 4. IMPLEMENTATION AND RESULTS 4.1 Implementation The first module deals with packet capturing and generating alerts for designated attacks carried out in a network. Here the first module logs network traffic in a flat file in order to find malicious packets in it. Detection engine continuously parses through, the logged packets so that the system remains active for all the time without allowing any infected packets to escape. Now the generated alerts are appended in different files based on the attack type. This separates out the bad traffic so that the network administrator can analyze the generated alerts. Detailed packet information can tell a lot about the attacker. This is how the system can backtrack an attacker. In the second module, a graphical user interface (GUI) is rendered. This is done for appending a new RegEx in a particular file which is not included before. This module is administrator triggered. If an attack is done using a different approach for which the RegEx is not present in the existing files, then the administrator can add a new RegEx for that particular attack in a particular file mentioned by the administrator. TheseRegExfilesaresimultaneouslyaccessed by both modules. Hence, there is a possibility of deadlock in the operating system. This problem is solved by creating a temporary file for appending RegEx entered by the administrator and then adding that RegEx to the main file when module one execution is completed the next first time in a cycle. Thus, there is no need to halt the detection engine for alert generation. This makes the system real-time. Fig 3.1: Block diagram of NetReconner
  • 4. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 © 2020, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 150 Flow chart for NetReconner system is shown below: As shown in Fig 4.1, NetReconner comprises of two modules. Each module acts independent of each other without being interrupted by another one. 4.2 Results Tests were conducted to check the performance of NetReconner’s Detection Engine. During the test, the Detection Engine was deployed on an Ubuntu machine equipped with Intel Core i3 CPU, 64-bit OS and8GBRAM.To launch the attacks, Kali Linux was used withinbuilttoolslike Nmap, Xerxes and Hping3. Following are some of the snapshots taken while recording the results. Fig 4.2.1 shows that the packets are captured using tcpdump command and detection engine starts parsing through all the captured packets. The “end_of_execution” shows that the detection engine has parsed all packets. Till this instant no attack has been detected and the execution time remains almost constant as a result of the same. Fig 4.2.2 shows that Cross-site scripting attack is detected and the entire packet is captured and stored in a flat file. The captured packet has many attributes, such as Source IP address, Destination IP address, Host (the site on which the attack has been performed), User-agent (Browser used for performing the activity), Content (the content that the attacker had put in the input field of the web page). Fig 4.1: Flowchart for working of NetReconner Fig 4.2.1: System before attack detection Fig 4.2.2: System after attack detection
  • 5. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 © 2020, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 151 Fig 4.2.3 shows a graph of system timeline versus execution time. The blue line represents the performance of detection engine before attack, while the orange line represents performance during attack. From the time the detection engine starts till the time an attack is detected, the execution time remains almost constant. When an attack is detected, the magnitude of increase in execution time depends upon the type of the attack. 5. CONCLUSIONS This paper focused on the proposed signature-based IDS, NetReconner, andelaboratelyexplainstheimplementationof the Intrusion Detection System. There are quite a number of IDSs available in the market that require to be configured on the system to be deployed on. NetReconner, on the other hand, does not need to be configured. It only requires installation of a few files and the IDS is good to go. The detection engine is lightweight and uses simple flat files for storing the set of regular expressions. No relational database is used in the NetReconner which makes operations of the detection engine easier. Another factor which makes NetReconner advantageous is that the detection engine works on string operations making it less cumbersome for comparisons.Despitetheseadvantages,problemsstillexistin today’s Intrusion Detection Systems.RegExgenerationisstill a challenge being a manual process.Furthermore,processing of the packets depends on the system hardware. The existing IDS can be added with more features such as behavioral securityandconversiontoIntrusionPreventionSystem(IPS). REFERENCES [1] Kaspersky Security Bulletin OVERALL STATISTICS FOR 2016 Maria Garnaeva, Fedor Sinitsyn, Yury Namestnikov, Denis Makrushin, Alexander Liskin. [2] Karen Scarfone1, Peter Mell2, Guide to Intrusion Detection and Prevention Systems (IDPS), Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930. [3] Akash Garg1, Prachi Maheshwari2, ‘Performance Analysis of Snort-based IntrusionDetectionSystem“3rd International Conference on Advanced Computing and Communication System”, January 2016. [4] Abdullah H Almutairi1, Dr. Nabih T Abdelmajeed2, “Innovative Signature Based IntrusionDetectionSystem using Parallel Processing and Minimized Database’ Institute of Electrical and Electronics Engineers”, May 2017. [5] Prof. D. P. Gaikwad1, Pooja Polshettiwar2, Priyanka Musale3, Pooja Paranjape4, Ashwini S. Pawar5 “A Proposal for Implementation of Signature Based Intrusion Detection System Using Multithreading Technique” International Journal of Computational Engineering Research, November 2012. [6] Osaghae EO1. Improved signature-based antivirus system. International Journal of Computer Science and Information Technology Research. 2015;3(4):250-254. Fig 4.2.3: System performance