The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The papers for publication in The International Journal of Engineering& Science are selected through rigorous peer reviews to ensure originality, timeliness, relevance, and readability.
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATAijp2p
The objective of the proposed system is to integrate the high volume of data along with the important
considerations like monitoring a wide array of heterogeneous security. When a real time cyber attack
occurred, the Intrusion Detection System automatically store the log in distributed environment and
monitor the log with existing intrusion dictionary. At the same time the system will check and categorize the
severity of the log to high, medium, and low respectively. After the categorization, the system will
automatically take necessary action against the user-unit with respect to the severity of the log. The
advantage of the system is that it utilize anomaly detection, evaluates data and issue alert message or
reports based on abnormal behaviour.
The overwhelming threat may be a challenge to
general security system. Fundamentally diverse alert and threat
techniques are been researched in order to reduce deceptive
warnings. Threat Detection Systems generates huge amount of
alerts which becomes challenging to deal with them and prepare
solution. The detection System checks inbound and outbound
network activities and finds an suspicious pattern that indicate
an ongoing steps for attack. Large amount of alert may contain
false alarm therefore need of alert analysis mechanisms to offer
high level information of seriousness of threat, how dangerous
device are and which device admin has to pay more attention. To
solve this query we would make use of time and space based alert
analysis technique that provides a solution in form of attack
graph and its evaluation that provides severity of attack to
administrator.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATAijp2p
The objective of the proposed system is to integrate the high volume of data along with the important
considerations like monitoring a wide array of heterogeneous security. When a real time cyber attack
occurred, the Intrusion Detection System automatically store the log in distributed environment and
monitor the log with existing intrusion dictionary. At the same time the system will check and categorize the
severity of the log to high, medium, and low respectively. After the categorization, the system will
automatically take necessary action against the user-unit with respect to the severity of the log. The
advantage of the system is that it utilize anomaly detection, evaluates data and issue alert message or
reports based on abnormal behaviour.
The overwhelming threat may be a challenge to
general security system. Fundamentally diverse alert and threat
techniques are been researched in order to reduce deceptive
warnings. Threat Detection Systems generates huge amount of
alerts which becomes challenging to deal with them and prepare
solution. The detection System checks inbound and outbound
network activities and finds an suspicious pattern that indicate
an ongoing steps for attack. Large amount of alert may contain
false alarm therefore need of alert analysis mechanisms to offer
high level information of seriousness of threat, how dangerous
device are and which device admin has to pay more attention. To
solve this query we would make use of time and space based alert
analysis technique that provides a solution in form of attack
graph and its evaluation that provides severity of attack to
administrator.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Network Forensics is scientifically proven technique to accumulate, perceive, identify, examine, associate, analyse and document digital evidence from multiple systems for the purpose of uncovering the fact of attacks and other problem incident as well as performing the action to recover from the attack. Many systems are proposed for designing the network forensic systems. In this paper we have prepared comparative analysis of various models based on different techniques.
Deep Learning based Threat / Intrusion detection systemAffine Analytics
The article is about a Threat/Intrusion Detection System, which could be used to detect such data leaks/breaches & take a preventive action to contain, if not stop the damage due to breach.
As of late, remote sensor organize (WSN) is
utilized in numerous application zones, for
example, checking, following, and controlling. For
some utilizations of WSN, security is an essential
necessity. In any case, security arrangements in
WSN vary from conventional systems because of
asset confinement and computational
requirements. This paper investigates security
arrangements: Tiny Sec, IEEE 802.15.4, Twists,
Mini SEC, LSec, LLSP, LISA, and Drawl in
WSN. The paper additionally introduces qualities,
security prerequisites, assaults, encryption
calculations, and operation modes. This paper is
thought to be valuable for security planners in
WSNs.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
With the growth of computer networking, electronic commerce and web services, security networking systems have become very important to protect infomation and networks againts malicious usage or attacks. In this report, it is designed an Intrusion Detection System using two artificial neural networks: one for Intrusion Detection and the another for Attack Classification.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
DESIGN AND EFFICIENT DEPLOYMENT OF HONEYPOT AND DYNAMIC RULE BASED LIVE NETWO...IJNSA Journal
The continuously emerging, operationally and managerially independent, geographically distributed computer networks deployable in an evolutionarily manner have created greater challenges in securing them. Several research works and experiments have convinced the security expert that Network Intrusion Detection Systems (NIDS) or Network Intrusion Prevention Systems (NIPS) alone are not capable of securing the Computer Networks from internal and external threats completely. In this paper we present the design of Intrusion Collaborative System which is a combination of NIDS,NIPS, Honeypots, software tools like nmap, iptables etc. Our Design is tested against existing attacks based on Snort Rules and several customized DDOS , remote and guest attacks. Dynamic rules are generated during every unusual behavior that helps Intrusion Collaborative System to continuously learn about new attacks. Also a formal approach to deploy Live Intrusion Collaboration Systems based on System of Systems Concept is Proposed.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Alert Analysis using Fuzzy Clustering and Artificial Neural NetworkIJRES Journal
Intrusion Detection System (IDS) is used to supervise all tricks which are running on particular machine or network. Also it will give you alert regarding to any attack. However now a day’s these alerts are very large in amount. It is very complicated to examine these attacks. We intend a time and space based alert analysis technique which can strap related alerts without surroundings knowledge and provide attack graph to help the administrator to understand the attack on host or network steps wise clearly and fittingly for analysis. A threat evaluation is given to discover out the most treacherous attack, which decrease administrator’s time and energy in calculating huge amount of alerts. We are analyzing the network traffic in form of attack using Entity Threat Evaluation (ETE) which find out which particular host is attacked, Gadget Threat Evaluation (GTE) which tells us within that host which device is attacked, Network Threat Evaluation (NTE) which tells us which network is attacked, Hit Threat Evaluation (HTE) by giving input as dataset of attack. Main idea is that the distribution of different types of attacks is not balanced. The attacks which are not repeatedly occurs, the learning sample size is too small as compared to high-frequent attacks. It makes Artificial Neural Network (ANN) not easy to become skilled at the characters of these attacks and therefore detection precision is much worse. To solve such troubles, we propose a new technique for ANN-based IDS, Fuzzy Clustering (FC-ANN), to enhance the detection precision for low-frequent attacks and detection stability.
As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
A Study on Data Mining Based Intrusion Detection SystemAM Publications
In recent years security has remained unsecured for computers as well as data network systems. Intrusion detecting
system used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining
techniques that can be applied to intrusion detection system to detect normal and abnormal behavior patterns. This paper studies
nature of network attacks and the current trends of data mining based intrusion detection techniques
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The International Journal of Engineering and Science (IJES)theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Network Forensics is scientifically proven technique to accumulate, perceive, identify, examine, associate, analyse and document digital evidence from multiple systems for the purpose of uncovering the fact of attacks and other problem incident as well as performing the action to recover from the attack. Many systems are proposed for designing the network forensic systems. In this paper we have prepared comparative analysis of various models based on different techniques.
Deep Learning based Threat / Intrusion detection systemAffine Analytics
The article is about a Threat/Intrusion Detection System, which could be used to detect such data leaks/breaches & take a preventive action to contain, if not stop the damage due to breach.
As of late, remote sensor organize (WSN) is
utilized in numerous application zones, for
example, checking, following, and controlling. For
some utilizations of WSN, security is an essential
necessity. In any case, security arrangements in
WSN vary from conventional systems because of
asset confinement and computational
requirements. This paper investigates security
arrangements: Tiny Sec, IEEE 802.15.4, Twists,
Mini SEC, LSec, LLSP, LISA, and Drawl in
WSN. The paper additionally introduces qualities,
security prerequisites, assaults, encryption
calculations, and operation modes. This paper is
thought to be valuable for security planners in
WSNs.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
With the growth of computer networking, electronic commerce and web services, security networking systems have become very important to protect infomation and networks againts malicious usage or attacks. In this report, it is designed an Intrusion Detection System using two artificial neural networks: one for Intrusion Detection and the another for Attack Classification.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
DESIGN AND EFFICIENT DEPLOYMENT OF HONEYPOT AND DYNAMIC RULE BASED LIVE NETWO...IJNSA Journal
The continuously emerging, operationally and managerially independent, geographically distributed computer networks deployable in an evolutionarily manner have created greater challenges in securing them. Several research works and experiments have convinced the security expert that Network Intrusion Detection Systems (NIDS) or Network Intrusion Prevention Systems (NIPS) alone are not capable of securing the Computer Networks from internal and external threats completely. In this paper we present the design of Intrusion Collaborative System which is a combination of NIDS,NIPS, Honeypots, software tools like nmap, iptables etc. Our Design is tested against existing attacks based on Snort Rules and several customized DDOS , remote and guest attacks. Dynamic rules are generated during every unusual behavior that helps Intrusion Collaborative System to continuously learn about new attacks. Also a formal approach to deploy Live Intrusion Collaboration Systems based on System of Systems Concept is Proposed.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Alert Analysis using Fuzzy Clustering and Artificial Neural NetworkIJRES Journal
Intrusion Detection System (IDS) is used to supervise all tricks which are running on particular machine or network. Also it will give you alert regarding to any attack. However now a day’s these alerts are very large in amount. It is very complicated to examine these attacks. We intend a time and space based alert analysis technique which can strap related alerts without surroundings knowledge and provide attack graph to help the administrator to understand the attack on host or network steps wise clearly and fittingly for analysis. A threat evaluation is given to discover out the most treacherous attack, which decrease administrator’s time and energy in calculating huge amount of alerts. We are analyzing the network traffic in form of attack using Entity Threat Evaluation (ETE) which find out which particular host is attacked, Gadget Threat Evaluation (GTE) which tells us within that host which device is attacked, Network Threat Evaluation (NTE) which tells us which network is attacked, Hit Threat Evaluation (HTE) by giving input as dataset of attack. Main idea is that the distribution of different types of attacks is not balanced. The attacks which are not repeatedly occurs, the learning sample size is too small as compared to high-frequent attacks. It makes Artificial Neural Network (ANN) not easy to become skilled at the characters of these attacks and therefore detection precision is much worse. To solve such troubles, we propose a new technique for ANN-based IDS, Fuzzy Clustering (FC-ANN), to enhance the detection precision for low-frequent attacks and detection stability.
As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
A Study on Data Mining Based Intrusion Detection SystemAM Publications
In recent years security has remained unsecured for computers as well as data network systems. Intrusion detecting
system used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining
techniques that can be applied to intrusion detection system to detect normal and abnormal behavior patterns. This paper studies
nature of network attacks and the current trends of data mining based intrusion detection techniques
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The International Journal of Engineering and Science (IJES)theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Determination of the Cost of Production from the Raw Dung to the Final Outpu...theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The papers for publication in The International Journal of Engineering& Science are selected through rigorous peer reviews to ensure originality, timeliness, relevance, and readability.
The International Journal of Engineering and Science (IJES)theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Using the Physicochemical Properties and the Thermo-oxidation Degradation Pro...theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The papers for publication in The International Journal of Engineering& Science are selected through rigorous peer reviews to ensure originality, timeliness, relevance, and readability.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Developing Accident Avoidance Program for Occupational Safety and Healththeijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The papers for publication in The International Journal of Engineering& Science are selected through rigorous peer reviews to ensure originality, timeliness, relevance, and readability.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Development of a power factor model for power sysytem loadstheijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The papers for publication in The International Journal of Engineering& Science are selected through rigorous peer reviews to ensure originality, timeliness, relevance, and readability.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIOSR Journals
To improve network security different steps has been taken as size and importance of the network has
increases day by day. Then chances of a network attacks increases Network is mainly attacked by some
intrusions that are identified by network intrusion detection system. These intrusions are mainly present in data
packets and each packet has to scan for its detection. This paper works to develop a intrusion detection system
which utilizes the identity and signature of the intrusion for identifying different kinds of intrusions. As network
intrusion detection system need to be efficient enough that chance of false alarm generation should be less,
which means identifying as a intrusion but actually it is not an intrusion. Result obtained after analyzing this
system is quite good enough that nearly 90% of true alarms are generated. It detect intrusion for various
services like Dos, SSH, etc by neural network
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
INTRUSION DETECTION SYSTEM USING CUSTOMIZED RULES FOR SNORTIJMIT JOURNAL
These days the security provided by the computer systems is a big issue as it always has the threats of
cyber-attacks like IP address spoofing, Denial of Service (DOS), token impersonation, etc. The security
provided by the blue team operations tends to be costly if done in large firms as a large number of systems
need to be protected against these attacks. This leads these firms to turn to less costly security
configurations like IDS Suricata and IDS Snort. The main theme of the project is to improve the services
provided by Snort which is a tool used in creating a vague defense against cyber-attacks like DDOS
attacks which are done on both physical and network layers. These attacks in turn result in loss of
extremely important data. The rules defined in this project will result in monitoring traffic, analyzing it,
and taking appropriate action to not only stop the attack but also locate its source IP address. This whole
process uses different tools other than Snort like Wireshark, Wazuh and Splunk. The product of this will
result in not only the detection of the attack but also the source IP address of the machine on which the
attack is initiated and completed. The end product of this research will result in sets of default rules for the
Snort tool which will not only be able to provide better security than its previous versions but also be able
to provide the user with the IP address of the attacker or the person conducting the attack. The system
involves the integration of Wazuh with Snort tool in order to make it more efficient than IDS Suricata
which is another intrusion detection system capable of detecting all these types of attacks as mentioned.
Splunk is another tool used in this project which increases the firewall efficiency to pass the no. of bits to
be scanned and the no. of bits scanned successfully. Wazuh is used in this system as it is the best choice for
traffic monitoring and incident response than any other of its alternatives in the market. Since this system
is used in firms which are known to handle big amounts of data and for this purpose, we use Splunk tool as
it is very efficient in handling big amounts of data. Wireshark is used in this system in order to give the IDS
automation in its capability to capture and report the malicious packets found during the network scan. All
of this gives the IDS a capability of a low budget automated threat detection system. This paper gives
complete guidelines for authors submitting papers for the AIRCC Journals.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging
endlessly. So it is critical to protect the networks from attackers and the Intrusion detection
technology becomes popular. Therefore, it is necessary that this security concern must be articulate
right from the beginning of the network design and deployment. The intrusion detection technology is the
process of identifying network activity that can lead to a compromise of security policy. Lot of work has
been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a
novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and
manage misuse and anomaly detects
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMIJNSA Journal
Nowadays it is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations. But secured data communication over internet and any other network is always under threat of intrusions and misuses. So Intrusion Detection Systems have
become a needful component in terms of computer and network security. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. So, the quest of betterment continues. In this progression, here we present an Intrusion
Detection System (IDS), by applying genetic algorithm (GA) to efficiently detect various types of network intrusions. Parameters and evolution processes for GA are discussed in details and implemented. This approach uses evolution theory to information evolution in order to filter the traffic data and thus reduce the complexity. To implement and measure the performance of our system we used the KDD99
benchmark dataset and obtained reasonable detection rate.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
How world-class product teams are winning in the AI era by CEO and Founder, P...
Implementing a Robust Network-Based Intrusion Detection System
1. The International Journal Of Engineering And Science (IJES)
|| Volume || 3 || Issue || 10 || Pages || 01-09 || 2014 ||
ISSN (e): 2319 – 1813 ISSN (p): 2319 – 1805
www.theijes.com The IJES Page 1
Implementing a Robust Network-Based Intrusion Detection System 1Ogheneovo, E. E. ,2Japheth, B. R. 1Senior Lecturer, Department of Computer Science, University of Port Harcourt, Port Harcourt, Nigeria. 2Lecturer, Department of Maths/Computer Science, Niger-Delta University, Yenagoa, Nigeria. --------------------------------------------------------ABSTRACT----------------------------------------------------------- Information security is of great concern these days due to the activities of hackers and malicious users on the Internet. Securing information has become a critical issue and is of growing concern as computer systems worldwide become increasingly vulnerable to the rapid increase in the volume of information being transmitted across networks and over the Internet. In this paper, we proposed a technique that provides a robust intrusion detection system against attackers. It puts scalability and appropriate security in mind. The framework is made up of a Network Intrusion Detection System (NIDS) for detection of traffic to and from a given network or sub network, a Host based Intrusion Detection System (HIDS) and a line for possible Intrusion Prevention Systems (IPS). The technique is implemented by modeling network using OPNET, a network simulation software; since a real life implementation is very costly. Our result shows that the technique provides an intrusion detection system that can be used to monitor user’s activities on the Internet and other networks with relatively minimal false alarms. KEYWORDS: Intrusion Detection Systems, intrusion detection, HIDS, NIDS, network, hackers.
--------------------------------------------------------------------------------------------------------------------------------------- Date of Submission: 28 July 2014 Date of Publication: 30 October 2014 --------------------------------------------------------------------------------------------------------------------------------------- I. INTRODUCTION The Internet no doubt has revolutionized the world in recent times. As a result, businesses have become more open to individuals who want to buy or shop for goods and services. These services include customer care, e-commerce, and extranet collaboration, sourcing for information, etc. Due to the advantages the Internet offers, many people have been using it for bad motives such as gaining access to people’s Web sites and accessing information without authorization. As a result, the Internet and other enterprise networks have been broken into by hackers. For instance, the US Citibank reported a security breach in 1994. This caused about 10million dollars loss in revenue. Only 400,000 dollars was eventually recovered [1]. Joseph [2] also observed that there were a high number of unauthorized security events, and in the year 2000 alone, 70 percent of organizations in the US at least reported security breach to their computers. This represents 42 percent increase from the 1996 report. According to them, Computer Emergency Response Team (CERT) reported 3734 incidents in 1998, 9859 in 1999 and within only the first six months of 2000, 8836 incidences where already reported. These are but just a few of the identified and published forms of computer system attacks. As a result, there is need for an intrusion detection system that can be used to monitor user’s activities on the Internet and other networks. Intrusion detection [3] [4] is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or security standard practices [5] [6]. To understand the meaning of intrusion detection, we can use an analogy to the common “burglar alarm”. Just like the burglar alarm, intrusion detection works on a computer system or network and is enabled to detect possible violations of security policies and raise an alarm to notify the proper authority. Intrusion Detection Systems (IDS) looks for signatures, which are specific patterns that usually indicate suspicious or specific patterns that usually indicate suspicious or malicious intent [7]. IDS is used to detect malicious activities that compose the security of a computer system.
An attacker can craft a legitimate HTTP request in such a way that it will look legitimate and perform the evil actions. The widespread use of information stored and processed on network-based systems in most businesses has increased the necessity of protecting these systems [8]. Most businesses are constantly experiencing new threats and vulnerabilities in their applications. Therefore, trying to keep up with emerging
2. Implementing a Robust Network-Based…
www.theijes.com The IJES Page 2
threats, applying patches against known vulnerabilities, updating antivirus software, updating firewall rules and all of the other security measures can have a network or security administrator working 24 hour days, 7 days a week with no vacation. There is a crucial need to address security issues that affect networks. It is equally important to be able to sift through the mountains of potential threats and determine which ones truly affect your network so that your time and resources can be put to the most efficient use. Organizations are striving to maintain confidentiality, integrity and availability of their networked resources and a number of techniques have been employed to guard against network intrusion. However, even though these measures provide some level of security, they have been found to be lacking in a number of ways. In the past, firewalls have been used but they have been found not to provide enough security as it is easily compromised. It is mostly used to control traffic to or from a private network. Firewall, user authentication, data encryption and Virtual Private Networks (VPN) provide a level of security but they are limited by the fact that they cannot give protection against malicious codes, inside attacks or unsecured modems [9] [10]. They therefore would only be effective as one of the available lines of defense. For institutions that already have intrusion prevention systems, perfectly secure system are hard to come by. There are always a number of system flaws in addition to possible administrator configuration errors. Intrusion detection systems can thus be used to supplement the already existing systems. In this paper, we design an effective and scalable intrusion detection system that can be used in an organization such as an academic institution with emphasis on network security. Although, we implemented this work by using modeling technique due to the costs of implementing it in a real life situation, however, we are sure if applied to real life situation will also be very effective and functional. The rest of the paper is as follows. Section 2 discussed related work; section 3 discussed the methodology adopted, the architecture of the system and the simulation of the network-based IDS. Section 4 discussed the simulation result and also the discussion of the result, and section 5 draws a conclusion. II. RELATED WORK Daniels et al. [11] proposed the distributed intrusion detection systems as a system that uses varying techniques to combine elements of both Network-based Intrusion Detection System (NIDS) and Host-Based Intrusion Detection System (HIDS).They are designed to maximize on the strengths of NIDS and HIDS, while minimizing on their weaknesses. This could possibly happen in high security networks such as server farms and they may also be implemented in settings where some hosts on the same network will require relatively more security and therefore in addition to NIDS, HIDS may be installed in them. Ibrahim et al. [12] proposed a technique that uses two different approaches to intrusion detection system, phase and level approaches. The phase approach comprises three phases. Phase 1 accepts the input data and check if it is an attack, phase 2 classifies the attack while phase 3 records the attack into the appropriate classification type. The level approach also has 3 stags. Level 1 detects normal and attack profiles, level 2 records and classifies the attacks into 4 categories; level 3 classifies each attack type and records them. However, the model did not address the problem of countering intrusion attacks. In situations where there are intensive attacks, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. Ning et al. [13] proposed a technique for constructing attack scenarios through alert correlation using prerequisites and consequences of attack. This approach is based on the fact that a series of attacks, that were not isolated but are based on earlier stages as a prerequisite for the next stages. The framework intuitive representation is based on correlated alerts that reveal the attack scenario of the corresponding attacks. A set of interactive utilities was also developed to facilitate the analysis of large sets of correlated alerts, including hyper-alert generating utilities to reduce the scope of alerts being investigated, and feature extraction utilities to facilitate the examination of some properties of some selected sets of alerts. Faizal [14] proposed a technique for verifying threshold value for network intrusion detection system especially in detecting fast attacks. The threshold value is obtained using observation and experimental techniques. The results from both techniques are then compared and verified using statistical control process approach [15] [16] [17]. Real time network data, simulated data from DARPA99 and data obtained from the experimental setup, any connection that exceeds the threshold value of 3 within 1 second is considered abnormal and harmful. III. METHODOLOGY
The design takes into account the knowledge of how dynamic the Information Technology (I.T) industry has been. It puts scalability and appropriate security in mind. The framework is made up of a Network Intrusion Detection System (NIDS) for detection of traffic to and from a given network or sub network, a Host based Intrusion Detection System (HIDS) and a line for possible Intrusion Prevention Systems (IPS). The NIDS
3. Implementing a Robust Network-Based…
www.theijes.com The IJES Page 3
detects against network level intrusion and since traffic such as encrypted data may not be detected by the NIDS, host level Intrusion detection systems to further enhance intrusion detection. The framework provides a flexible approach that will enable the network designer put in place prevention mechanism that will enhance intrusion detection and meet the required level of security while at the same time trying to strike a balance between security and resource utilization. Each of these has rules to refer to in determining which traffic is unwanted. The intrusion detection system is configured behind a firewall. This architecture helps detect any of the traffic that may have bypassed the firewall. It also has a Dynamic Host Configuration Protocol (DHCP) machine. It also decreases on the workload for the IDS and hence IDS efficiency. The DHCP if not well protected by a good line defense or intrusion prevention techniques can be compromised by the attacker through denial of service attacks. The DHCP also by itself may not force clients to release their leases at shutdown. Malicious hosts for example may therefore continue to allocate new addresses without releasing them at all, leading to exhaustion of addresses. Also, when external clients are intentionally or accidentally configured to use addresses of internal clients, regulation of addresses will become hard and therefore leads to a security disaster. Figure 1 shows an architectural framework of the proposed intrusion detection system.
Fig. 1: Architectural Framework of the intrusion detection system The design of this architecture takes into account the knowledge of how dynamic the Information Technology (I.T) industry has been. It considers the concepts of scalability and appropriate security for the network. The framework is made up of a Network Intrusion Detection System (NIDS) and a Host-based Intrusion Detection System (HIDS). The NIDS is used for detecting traffic to and from a given network or sub network while the (HIDS) is used for Intrusion Prevention Systems (IPS). The NIDS detects against network level intrusion and since traffic such as encrypted data may not be detected by the NIDS, host-based Intrusion detection system is used to further enhance intrusion detection by providing a two-level security. The framework provides a flexible approach that will enable the network designer put in place prevention mechanism that will enhance intrusion detection and meet the required level of security while at the same time trying to strike a balance between security and resource utilization. Each of these has rules to refer to in determining which traffic is unwanted. 3.1 Simulation of Network-Based Intrusion Detection Systems
In this analysis, we are assuming that there is an attack to a network and the attack is simulated in OPNET. Figure 2 shows the OPNET model for simulating the attack. There are 10 virtual PC nodes arranged into two columns in the figure: PC 0 – 4 on the left side and PC 5 – 9 on the right side. The top node in the center column is the “generator”, which prepares the packets extracted from the traffic source. Once a packet is ready, it is given to its source PC node, and from there it will be sent to the destination PC node through the hub (located at the bottom of the center column). There is no delay between the generator and the end PC nodes, so
4. Implementing a Robust Network-Based…
www.theijes.com The IJES Page 4
the traffic flow is consistent with the captured traffic source. The number of the virtual PCs is the outcome of
preprocessing the source traffic file. Since there are 10 distinct IP addresses in the source, the model uses 10 PC
nodes connected to each other through a hub. Node 0 (the top node in the left side column) is the “hacker”, and
node 1 (below node 0 in the figure) is the “victim” of the attack. There is a “firewall” node between the victim
and the hub which we use to capture suspicious data packets to or from the victim using the attack’s signature.
Fig. 2: The network model simulating Uniport intrusion
The node domain of the “generator” is shown in Figure 3. There is a generator module (pk_generator)
configured to use a script file of inter-arrival times for generating the packets. The script file is the result of pre-processing
the traffic source. Figure 4 shows the attribute panel of pk_generator.
Fig 3: The node structure of the packet generator
Fig. 4: The attribute panel of “pk_generator”
5. Implementing a Robust Network-Based…
www.theijes.com The IJES Page 5
Within the “dispatch” module of the generator node in Figure 4, the traffic source file is parsed and the
next data packet extracted. Whenever a packet arrives from “pk_generator”, its fields are set according to the
corresponding values of the data packet from the source traffic, e.g., the destination, flags, etc. Then, the packet
is sent to the PC node corresponding to the source IP address. Thus, the packet arrival time and its contents will
match the information as in the original traffic source.
Fig. 5: The structure of the virtual PC in process domain
Figure 5 depicts the process domain for each virtual PC, which supports the packet streams in and out.
We also set up a firewall between the hub and the victim of the network attack. The firewall uses a simple
signature-based detection which looks for packets sent to port 139 (NetBIOS) of the victim PC with the “urg”
flag set in the packet header. The pre-processing tools we developed can be reused for simulating other types of
intrusion attacks. To demonstrate, we also simulated the ProcessTable DOS attack using the Uniport ICT Center
Lab TCPDUMP files. We needed to set up a network in OPNET using 20 PC nodes because there are 20 distinct
IP addresses involved in the traffic source. We also modified the intrusion detection logic of the firewall node
using the new attack’s signature, and added the corresponding statistical measures to the OPNET simulation.
The results of the simulations are described in the following section.
IV. RESULTS
The source traffic data for the network attack comes from the Uniport ICT Center Lab TCPDUMP outside file,
2014/week14/Monday data set. This data set includes the initial 5 minutes of data, and only one type of the
attack. In our experiment, we pre-processed the source file, and extracted less than 3 minutes of data containing
a total of 367 TCP packets. There were 10 packets captured by the firewall node due to the network attack, 9 of
which were sent from the attacker node to the victim and one sent from the victim back to the attacker. We set
up several statistical measures in OPNET to study the performance of the intrusion simulation. For example,
Figure 7 depicts the IP address distributions of the data packets during the entire simulation, where the IP
addresses correspond to the PC node numbers 0 – 9 of the y-axis. The figure clearly demonstrates patterns of
consecutive accesses to the same IP addresses during several short intervals of the simulation although these
accesses are irrelevant to the Uniport attack.
Fig. 6: IP address Distribution of data packets
6. Implementing a Robust Network-Based…
www.theijes.com The IJES Page 6
Figure 6 depicts the rates of data packets captured by the firewall. The occurrences of the packets and
the times of their arrivals are clearly shown in the figure – there were a few rapid arrivals in the beginning,
followed by 3 more at later times. This figure demonstrates the occurrences of the Uniport attack and its capture
by the firewall. This is indicated in figure 7.
Fig. 7: The inbound traffic of the firewall
We also collected statistics of the overall network traffic, which is depicted in Figure 8, although this
performance measure seems irrelevant to the Uniport attack.
Fig. 8: The overall network traffic during simulation
4.1 The ProcessTable Attack
To demonstrate the reusability of our pre-processing tools and to demonstrate our intrusion simulation
methodology, we also simulated the ProcessTable DOS attack. This attack aims at filling up the process table of
the underlying operating system, rendering the system lifeless until the attack terminates or when the system
administrator kills the attacking processes. The ProcessTable attack can be detected by recording a large number
of connections to a particular port of the victim node during a short period of time. In our simulation, we used
the Uniport ICT Center Lab TCPDUMP file that contains the ProcessTable attack packets, extracted the
pertinent information using our pre-processing tools, and then set up the simulation in OPNET. There are
slightly less than 2 minutes of data with a total of 5526 data packets. We collected two statistical measures at the
firewall node attempting to detect and identify the ProcessTable attack. Figure 9 depicts the number of distinct
port connections to the victim PC during simulation. It can be seen very clearly that there are 3 jumps in the
graph, indicting rapid increases of port connections to the victim during 3 distinct time intervals.
7. Implementing a Robust Network-Based…
www.theijes.com The IJES Page 7
Fig. 4.8.1: Number of distinct port connections to victim
The ProcessTable attack can also be directed at a particular port of the victim. Figure 10 depicts the network
traffic directed to Port 25 of the victim during simulation. The graph displays two peaks: the first occurred
around the one-minute mark; the second started after one minute 20 seconds and lasted to the end. Thus, the two
figures 9 and 10 clearly demonstrated data packets that are suspicious of the ProcessTable (or similar) attacks.
Fig. 10: Data traffic to Port 25 of the victim PC
4.2 Discussion of Results
Another goal of our research of intrusion simulation is to study the simulation efficiency, that is, how to
speed up the simulation and intrusion detection of intrusion traffic for large data files. We first used the data file
of the Uniport attack and simulated the data packets and intrusion detection of different time durations. All
simulations were performed on a Dual Core PC, with a 2.83 GHz CPU and 1024 MB RAM. Figure 11 plots the
OPNET simulation time running the data files of durations ranging from 30 seconds through 131 seconds, at an
increment of 30 seconds. Since there are only a few hundred data packets (367 exactly), all simulation runs
completed within one second.
Fig. 11: OPNET simulation time of the Dosnuke attack
8. Implementing a Robust Network-Based…
www.theijes.com The IJES Page 8
We also ran the simulations of the ProcessTable attack file of different time durations to measure the simulation efficiency. Figure 12 plots the OPNET simulation time running the data files of durations ranging from 30 seconds through 114 seconds, at an increment of 30 seconds. There are a total of 5526 data packets in the entire file (114 seconds). We notice that the simulation time increases approximately linearly as the time duration of the source file increases. Thus, the simulation efficiency can become a significant factor when we try to quickly detect intrusions that involve large data files.
Fig. 12: OPNET simulation time of the ProcessTable attack V. CONCLUSION Information security is of great concern these days due to the activities of hackers and malicious users on the Internet. Securing information has become a critical issue and is of growing concern as computer systems worldwide become increasingly vulnerable to the rapid increase in the volume of information being transmitted across networks and over the Internet. In this paper, we proposed a technique that provides a robust intrusion detection system against attackers. We discussed the design and implementation of the new tool that was developed for this paper. We demonstrated that the tool provides a robust web-server security against IDS - based attacks. The tool contains crucial IDPS components and provides capabilities that other tools failed to provide. The features include IDPS management configuration interface, ability to block the attackers, and automatic email notification. The technique puts scalability and appropriate security in mind. The framework is made up of a Network Intrusion Detection System (NIDS) for detection of traffic to and from a given network or sub network, a Host based Intrusion Detection System (HIDS) and a line for possible Intrusion Prevention Systems (IPS). The technique is implemented by modeling network using OPNET, a network simulation software; since a real life implementation is very costly. Our result shows that the technique provides an intrusion detection system that can be used to monitor user’s activities on the Internet and other networks with relatively minimal false alarms. REFERENCES [1] Damien, H. and Mathew, W. (2003). Security for Internet Banking: a Framework, Logistics Information Management Vol.16, No. 1, pp. 64-73. [2] Joseph, S. and Rod, A. (2003). Intrusion Detection: Methods and Systems. Part II. Information Management and Computer Security Vol. 11, No. 5, pp. 222-229. [3] Arafat, H. ( 2001). A New Model for Monitoring Intrusion Based on Petri Net, Information Management and Computer Security, Vol. 9, No. 4, pp. 175-182. [4] Chan, P. and Wei, V. (2002). Preemptive Distributed Intrusion Detection Using Mobile Agents. Paper Presented at IEEE International Workshop on Enabling Technologies, June 2002, Carnegie Mellon University, Petersburg, P.A. [5] Rod, H. Darren, M. and Hai, T. (1999). An Introduction to Automated Intrusion Detection Approaches. Information Management and Computer, 1999. [6] Zhou, J., Carlson, A. and Bishop, M. (2005). Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis, Proc. of the 21st Annual Computer Security and Applications Conference, 2005, (ACSAC 2005). [7] Elhenawy, I., Raid, A. E.-D., Hassan, A. Awadallah, N. (2011). Visualization Techniques for Intrusion Detection – A Survey. International Journal of Computer Science & Engineering Survey (IJCSES), Vol. 2, No. 3, August 2011, 107-119. [8] Hwang, K. Cai, M. Che, Y. and Qin, M. (2007). Hybrid Intrusion Detection with Weighted Signature Generation Over Anomalous Internet Episodes, IEEE Transactions on Dependable Computing, Vol. 4, No. 1, pp. 41-55. ,[9] Ajith, A. Crina, G. and Yuehui, C. (2001). Cyber Security and the Evolution of Intrusion Detection Systems. Information Management and Computer Security 9(4), pp. 175-182. [10] Ye, N. and Chen, Q. (2001). Profile-Based Information Fusion for Intrusion Detection. Proc. of the 2001 IEEE Workshop on Information Assurance and Security, United States Military Academy, Wets point NY, June 5-6, pp. 227-230. [11] Daniels, T. E. and Spafford, E. H. (1999). Identification of Host Audit Data to Detect Attacks on Low-Level IP Vulnerabilities. Journal of Computer Security Vol. 7, No. 1, 1999, pp. 3-35. [12] Ebrahim, H. E. Badr, S. M.and Shaheen, M. A. (2012). Phases vs. Levels using decision trees for intrusion detection system, International Journal of Computer Science and Information Security (IJCSIS),Vol. 10, No. 8, pp. 1-7.
9. Implementing a Robust Network-Based…
www.theijes.com The IJES Page 9
[13] Ning, P. Cui, Y. Reeves, D. S. and Xu , D. (2004). Technique and Tools for Analyzing Intrusion Alerts, ACM Journal, Vol. v, No. N, pp. 1-44. [14] Faizal, M. A , Mohd, Z. M., Shahrin, S. Robiah, Y. Siti, R. S. and Nazrulazhar, B. (2009). Threshold Verification technique for Network Intrusion Detection System, International Journal of Computer Science and Information Security, 2(1), 2009, pp. 1-8. [15] Wang, J. and Lee, T. (2002). Enhanced Intranet Management in DHCP-Enabled Environment, Proc. of the 26th Annual International Computer Software and Applications Conference 2002, COMPSAC’02. [16] Sodiya, A. and Akinwale, A. (2004). A New Two - Tiered Strategy to Intrusion Detection, Information Management and Computer Security, Vol. 12, No. 1, 2004, 27-44. [17] Steve, H. David, C. Yen, Y. and x David, Y. (2000). Awareness and Challenges of Internet Security, Information Management and Computer Security, Vol. 8. No. 3, pp. 131-143.