To detect network intrusions protects a computer network from unauthorized users, including perhaps insiders. The intrusion detector learning task is to build a predictive model (i.e. a classifier) capable of distinguishing between "bad" connections, called intrusions or attacks, and "good" normal connections
In this paper a novel intelligent soft computing based cryptographic technique based on synchronization of
two chaotic systems (CSCT) between sender and receiver has been proposed to generate session key using
Pecora and Caroll (PC) method. Chaotic system has some unique features like sensitive to initial
conditions, topologically mixing; and dense periodic orbits. By nature, the Lorenz system is very sensitive
to initial conditions meaning that the error between attacker and receiver is going to grow exponentially if
there is a very slight difference between their initial conditions. All these features make chaotic system as
good alternatives for session key generation. In the proposed CSCT few parameters ( , b , r , x1 ,y2 and z2 )
are being exchanged between sender and receiver. Some of the parameter which takes major roles to form
the session key does not get transmitted via public channel, sender keeps these parameters secret. This way
of handling parameter passing mechanism prevents any kind of attacks during exchange of parameters like
sniffing, spoofing or phishing.
1) The document describes a proposed SDN-based system to detect and prevent DDoS attacks. It uses entropy calculations on traffic flow statistics to detect attacks. When an attack is detected, the controller installs rules to block traffic from bot IPs and the server uses CAPTCHAs to authenticate legitimate users.
2) The system was tested using iperf and attack tools on an emulation platform. Results showed it maintained high throughput even during attacks, unlike approaches that overload the controller. It also had lower false positives than other detection algorithms.
3) Future work could include expanding the system to detect attacks targeting different SDN layers and more servers. The approach provides an effective and scalable DDoS defense for
Time-based DDoS Detection and Mitigation for SDN ControllerLippo Group Digital
This document proposes a method to detect and mitigate distributed denial of service (DDoS) attacks on software defined networking (SDN) controllers using time-based characteristics. The method considers not only the malicious packet destination but also the time needed to achieve high traffic rates and periodic attack patterns. The proposed solution architecture monitors packet rates over time windows to detect abnormal traffic increases. Future work includes optimizing detection thresholds, deeper analysis of DDoS attack time patterns, and evaluation of the method's performance in a simulation.
DoS Forensic Exemplar Comparison to a Known SampleCSCJournals
The investigation of any event or incident often involves the evaluation of physical evidence. Occasionally, a comparison is conducted between an evidentiary sample of unknown origin and that of an appropriate known sample. In a Denial of Service (DoS) attack, items of evidentiary value may cross the spectrum from anecdotes to useful information in firewall logs or complete packet captures. Because of the spoofed or reflective nature of DoS attacks, relevant information leading to the direct identification of the perpetrator is rarely available. In many instances, this underscores the significance of the investigator's ability to accurately identify the tool utilized by the suspect. For a DoS attack scenario, this would likely involve a commercially available stresser or criminal bot infrastructure. In this paper, we propose the concept of a DoS exemplar and determine if the comparison of evidentiary samples to an appropriate known sample of DoS attributes could add value in the investigative process. We also provide a simple tool to compare two DoS flows.
Reliable data transfer CN - prashant odhavani- 160920107003Prashant odhavani
transport layer services
multiplexing/demultiplexing
connectionless transport: UDP
principles of reliable data transfer
connection-oriented transport: TCP
reliable transfer
flow control
connection management
principles of congestion control
TCP congestion control
Replay of Malicious Traffic in Network TestbedsDETER-Project
In this paper we present tools and methods to integrate attack measurements from the Internet with controlled experimentation on a network testbed. We show that this approach provides greater fidelity than synthetic models. We compare the statistical properties of real-world attacks with synthetically generated constant bit rate attacks on the testbed. Our results indicate that trace replay provides fine time-scale details that may be absent in constant bit rate attacks. Additionally, we demonstrate the effectiveness of our approach to study new and emerging attacks. We replay an Internet attack captured by the LANDER system on the DETERLab testbed within two hours.
Data and tools from the paper are available at: http://montage.deterlab.net/magi/hst2013tools
Also read the LANDER Blog entry at: http://ant.isi.edu/blog/?p=411
Client server computing in mobile environments part 2Praveen Joshi
Client server computing in mobile environments. Versatile, Message based, Modular Infrastructure intended to improve usability, flexibility, interoperability and scalability as compared to Centralized, Mainframe, time sharing computing.
Intended to reduce Network Traffic.
Communication is using RPC or SQL
In this paper a novel intelligent soft computing based cryptographic technique based on synchronization of
two chaotic systems (CSCT) between sender and receiver has been proposed to generate session key using
Pecora and Caroll (PC) method. Chaotic system has some unique features like sensitive to initial
conditions, topologically mixing; and dense periodic orbits. By nature, the Lorenz system is very sensitive
to initial conditions meaning that the error between attacker and receiver is going to grow exponentially if
there is a very slight difference between their initial conditions. All these features make chaotic system as
good alternatives for session key generation. In the proposed CSCT few parameters ( , b , r , x1 ,y2 and z2 )
are being exchanged between sender and receiver. Some of the parameter which takes major roles to form
the session key does not get transmitted via public channel, sender keeps these parameters secret. This way
of handling parameter passing mechanism prevents any kind of attacks during exchange of parameters like
sniffing, spoofing or phishing.
1) The document describes a proposed SDN-based system to detect and prevent DDoS attacks. It uses entropy calculations on traffic flow statistics to detect attacks. When an attack is detected, the controller installs rules to block traffic from bot IPs and the server uses CAPTCHAs to authenticate legitimate users.
2) The system was tested using iperf and attack tools on an emulation platform. Results showed it maintained high throughput even during attacks, unlike approaches that overload the controller. It also had lower false positives than other detection algorithms.
3) Future work could include expanding the system to detect attacks targeting different SDN layers and more servers. The approach provides an effective and scalable DDoS defense for
Time-based DDoS Detection and Mitigation for SDN ControllerLippo Group Digital
This document proposes a method to detect and mitigate distributed denial of service (DDoS) attacks on software defined networking (SDN) controllers using time-based characteristics. The method considers not only the malicious packet destination but also the time needed to achieve high traffic rates and periodic attack patterns. The proposed solution architecture monitors packet rates over time windows to detect abnormal traffic increases. Future work includes optimizing detection thresholds, deeper analysis of DDoS attack time patterns, and evaluation of the method's performance in a simulation.
DoS Forensic Exemplar Comparison to a Known SampleCSCJournals
The investigation of any event or incident often involves the evaluation of physical evidence. Occasionally, a comparison is conducted between an evidentiary sample of unknown origin and that of an appropriate known sample. In a Denial of Service (DoS) attack, items of evidentiary value may cross the spectrum from anecdotes to useful information in firewall logs or complete packet captures. Because of the spoofed or reflective nature of DoS attacks, relevant information leading to the direct identification of the perpetrator is rarely available. In many instances, this underscores the significance of the investigator's ability to accurately identify the tool utilized by the suspect. For a DoS attack scenario, this would likely involve a commercially available stresser or criminal bot infrastructure. In this paper, we propose the concept of a DoS exemplar and determine if the comparison of evidentiary samples to an appropriate known sample of DoS attributes could add value in the investigative process. We also provide a simple tool to compare two DoS flows.
Reliable data transfer CN - prashant odhavani- 160920107003Prashant odhavani
transport layer services
multiplexing/demultiplexing
connectionless transport: UDP
principles of reliable data transfer
connection-oriented transport: TCP
reliable transfer
flow control
connection management
principles of congestion control
TCP congestion control
Replay of Malicious Traffic in Network TestbedsDETER-Project
In this paper we present tools and methods to integrate attack measurements from the Internet with controlled experimentation on a network testbed. We show that this approach provides greater fidelity than synthetic models. We compare the statistical properties of real-world attacks with synthetically generated constant bit rate attacks on the testbed. Our results indicate that trace replay provides fine time-scale details that may be absent in constant bit rate attacks. Additionally, we demonstrate the effectiveness of our approach to study new and emerging attacks. We replay an Internet attack captured by the LANDER system on the DETERLab testbed within two hours.
Data and tools from the paper are available at: http://montage.deterlab.net/magi/hst2013tools
Also read the LANDER Blog entry at: http://ant.isi.edu/blog/?p=411
Client server computing in mobile environments part 2Praveen Joshi
Client server computing in mobile environments. Versatile, Message based, Modular Infrastructure intended to improve usability, flexibility, interoperability and scalability as compared to Centralized, Mainframe, time sharing computing.
Intended to reduce Network Traffic.
Communication is using RPC or SQL
Transforming Security: Containers, Virtualization and SoftwarizationPriyanka Aash
This session will explore how we can leverage containers, network/endpoint virtualization technologies and virtualized security instrumentation, concurrently, to transformationally improve security visibility, security analytics, system resilience and actionable context, greatly increasing our ability to attest that systems will be secure and compliant in any state into which they may be driven.
(Source: RSA USA 2016-San Francisco)
Deadlocks occur when processes are waiting for resources held by other processes, resulting in a circular wait. Four conditions must be met: mutual exclusion, hold and wait, no preemption, and circular wait. Deadlocks can be handled through avoidance, prevention, or detection and recovery. Avoidance algorithms allocate resources only if it ensures the system remains in a safe state where deadlocks cannot occur. Prevention methods make deadlocks impossible by ensuring at least one condition is never satisfied, such as through collective or ordered resource requests. Detection finds existing deadlocks by analyzing resource allocation graphs or wait-for graphs to detect cycles.
DDoS Attack Detection & Mitigation in SDNChao Chen
This document summarizes a presentation on detecting and mitigating distributed denial of service (DDoS) attacks in software-defined networks. It discusses using sFlow and the Floodlight controller to detect common DDoS attack types like ICMP floods, SYN floods, and DNS amplification. An application was developed in Python to classify attacks and push static flow entries to direct attack traffic to the sFlow collector for analysis. The scheme was tested in a Mininet virtual network and shown to successfully mitigate ICMP and SYN flood attacks. Future work includes testing DNS amplification and UDP floods, implementing adaptive sampling rates and thresholds, and designing an unblocking mechanism.
Software Narratology found its successful application in software diagnostics of abnormal software behavior, especially in the pattern-driven and pattern-based analysis of software logs from complex systems with millions of events, thousands of threads, hundreds of processes and modules. This is the full transcript of Software Diagnostics Services seminar (27th of June 2013) about the new application of software narratology to network trace analysis with examples from Wireshark. Topics include: A Narrative Interpretation of Wireshark, Definitions of Software Diagnostics and Diagnostic Pattern, Pattern Orientation and Pattern Catalog Classification, Trace and Log Analysis Patterns, Definitions of Software Narrative, Software and Network Traces, Network Trace Analysis as A Part of Software Trace Analysis, Trace Maps, Name Resolution, Trace Presentation, Minimal Trace Graphs, Pattern-Driven and Pattern-Based Analysis, Trace and Log Pattern Classification, Discussion of 20 Selected Patterns.
Securing tesla broadcast protocol with diffie hellman key exchangeIAEME Publication
This document discusses securing the Tesla broadcast protocol with Diffie-Hellman key exchange. It first provides background on the Tesla broadcast protocol and its use of time to provide asymmetric authentication through one-way key chains. It then discusses using Diffie-Hellman key exchange to securely distribute the cryptographic keys in the one-way chain. The document outlines how Diffie-Hellman key exchange works and explains how it can be integrated with Tesla to build a public key infrastructure for secure broadcast authentication with loosely time synchronized nodes.
IRJET- Secure Kerberos System in Distributed EnvironmentIRJET Journal
This document proposes a secure Kerberos system using AES encryption in a distributed environment. Kerberos is an authentication system that allows clients to securely access networked services. The proposed system uses a new sub-session key for communication between clients and servers to prevent attacks. Tickets in this system include explicit start and end times to allow for arbitrary lifetimes. The system architecture includes an authentication server, ticket granting server, and application server. The authentication server issues a ticket-granting ticket to the client, which can then be used to request service tickets from the ticket granting server. These tickets and authentication messages are encrypted using symmetric keys to allow for secure authentication and prevent replay attacks.
The document summarizes a student's summer research internship on privacy preserving and integrity protecting data aggregation in wireless sensor networks. The student studied and improved an existing algorithm for integrity protection of data. The key points covered include:
1) Wireless sensor networks face challenges of privacy preservation and integrity protection when aggregating sensitive data.
2) The student examined an existing algorithm that uses perturbation and complex numbers to preserve privacy while allowing integrity checks.
3) Issues with the algorithm include vulnerability if partial nodes participate. The student proposed using a bit vector to indicate participating nodes to address this.
4) Creation of energy efficient data aggregation trees in sensor networks was another topic studied to optimize parameters like energy consumption and network lifetime
This document analyzes the Patchwork targeted attack campaign, which infected an estimated 2,500 machines since 2015. The attackers used spearphishing emails containing malicious PowerPoint files to exploit CVE-2014-4114 and deploy first stage payloads. The investigation team used deception techniques to observe the attackers deploying second stage tools and pivoting through the network. Technical analysis of the payloads and command and control communications reveal the attackers copied code from online forums and targeted organizations working on military and political issues relating to Southeast Asia.
IRJET- Estimating Various DHT ProtocolsIRJET Journal
This document compares three distributed hash table (DHT) protocols: Tapestry, Chord, and Kademlia. It analyzes their performance using a simulator under varying parameters like stabilization interval, number of backup nodes, number of successors, and number of parallel lookups. The analysis seeks to determine the optimal cost-performance tradeoff for each protocol based on metrics like lookup latency and number of messages sent. Key differences between the protocols are described, such as Tapestry using a 160-bit identifier space, Chord arranging nodes in a circular identifier space and using a finger table for routing, and Kademlia storing contacts in buckets and finding closer nodes through iterative lookups. Simulation results are used to compare the protocols
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manetidescitation
Mobile adhoc networks are connected by wireless
links which forms a random topology of mobile nodes.Random
topology and self-organising network provides on-demand
networking and dynamic topology.Due to lack of infrastructure
support each node are self-organising and any nodes can join
and leave the network at any time.Providing security to these
network is a challenging issue because these type of networks
suffer for various kinds of malicious attacks.One of the attacks
which are most difficult to detect in Mobile adhoc network is
Gray hole attack.In this paper an analytical Gray Hole attack
model is developed for AODV protocol.Experiments are
simulated for Gray Hole attacks under variety of adhoc
network condition.
Deadlock in distribute system by saeed siddikSaeed Siddik
The document discusses deadlocks in distributed systems, outlining the four conditions required for a deadlock, strategies to handle deadlocks such as ignoring, detecting, preventing, and avoiding them, and algorithms for centralized deadlock detection and distributed deadlock detection and prevention. It provides examples of resource allocation graphs to illustrate deadlock conditions and explains how distributed deadlock detection and prevention algorithms work.
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
[Case Study] DDoS Attack on DNS using infected IoT Devices @ ACSAC 2015 (The 31st Annual Computer Security Applications Conference 2015), which is one of the most important cyber security conferences in the world and the oldest information security conference held annually
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...Nexgen Technology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
Exploiting tls to disrupt privacy of web application's trafficSandipan Biswas
In this work, we analyze privacy and security aspects of encryption modes, padding schemes
and order of padding of messages in TLS during encrypted communication between client and
web-application on the server. We show that using padding schemes to pad all packets to
hide message sizes during communication without considering underlying encryption modes and
padding methodology is not safe .
This document is a resume for Manu Rajendra Sheelvant seeking a full-time opportunity in communications, networks, and network security. He has a Master's in Electrical Engineering from UT Arlington and is working on his CCNA certification. His experience includes setting up a test network lab and working as a network engineer intern at CDK Global where he implemented various networking protocols and technologies. He has experience with programming languages, operating systems, networking tools and commands, and has completed various academic projects involving networking, security, and signal processing using tools like MATLAB, Python, and Cisco devices.
RSA is one of the most popular Public Key Cryptography based algorithm mainly used for digital
signatures, encryption/decryption etc. It is based on the mathematical scheme of factorization of very large
integers which is a compute-intensive process and takes very long time as well as power to perform.
Several scientists are working throughout the world to increase the speedup and to decrease the power
consumption of RSA algorithm while keeping the security of the algorithm intact. One popular technique
which can be used to enhance the performance of RSA is parallel programming. In this paper we are
presenting the survey of various parallel implementations of RSA algorithm involving variety of hardware
and software implementations.
This document provides a summary of CLDAP reflection DDoS attacks observed by Akamai between October 2016 and January 2017. It details the attack methods, timelines, largest attacks observed, affected industries, source distributions by country and ASN, mitigation recommendations including filtering port 389, and conclusions regarding CLDAP reflection as an emerging DDoS vector.
Node Legitimacy Based False Data Filtering Scheme in Wireless Sensor NetworksEswar Publications
False data injection attack is a serious threat to wireless sensor network. In this paper, a node legitimacy based false data filtering scheme (NLFS) is proposed. NLFS verifies not only message authentication codes (MACs) contains in reports, but also the legitimacy of nodes that endorse the report. The verification guarantees that compromised nodes from different geographical areas cannot collude to inject false data, which makes NLFS has a high tolerance of compromised nodes. In addition, NLFA only utilizes the relationships between node IDs to verify the legitimacy of nodes without other software or hardware overhead. Simulation results show that NLFS can filter 95% false reports within three hops and is resilience to an increasing number of compromised nodes.
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...cscpconf
In this paper, we have taken out the concern of security on a Medium Access Control layer
implementing Assured Neighbor based Security Protocol to provide the authentication,
confidentiality and taking in consideration High speed transmission by providing security in
parallel manner in both Routing and Link Layer of Mobile Ad hoc Networks. We basically
divide the protocol into two different segments as the first portion concentrates, based on
Routing layer information; we implement the scheme for the detection and isolation of the
malicious nodes. The trust counter for each node is maintained which actively increased and
decreased considering the trust value for the packet forwarding. The threshold level is defined differencing the malicious and non malicious nodes. If the value of the node in trust counter lacks below the threshold value then the node is considered as malicious. The second part focus on providing the security in the link layer, the security is provided using CTR (Counter) approach for authentication and encryption. Hence simulating the results in NS-2, we come to conclude that the proposed protocol can attain high packet delivery over various intruders while attaining low delays and overheads.
Transforming Security: Containers, Virtualization and SoftwarizationPriyanka Aash
This session will explore how we can leverage containers, network/endpoint virtualization technologies and virtualized security instrumentation, concurrently, to transformationally improve security visibility, security analytics, system resilience and actionable context, greatly increasing our ability to attest that systems will be secure and compliant in any state into which they may be driven.
(Source: RSA USA 2016-San Francisco)
Deadlocks occur when processes are waiting for resources held by other processes, resulting in a circular wait. Four conditions must be met: mutual exclusion, hold and wait, no preemption, and circular wait. Deadlocks can be handled through avoidance, prevention, or detection and recovery. Avoidance algorithms allocate resources only if it ensures the system remains in a safe state where deadlocks cannot occur. Prevention methods make deadlocks impossible by ensuring at least one condition is never satisfied, such as through collective or ordered resource requests. Detection finds existing deadlocks by analyzing resource allocation graphs or wait-for graphs to detect cycles.
DDoS Attack Detection & Mitigation in SDNChao Chen
This document summarizes a presentation on detecting and mitigating distributed denial of service (DDoS) attacks in software-defined networks. It discusses using sFlow and the Floodlight controller to detect common DDoS attack types like ICMP floods, SYN floods, and DNS amplification. An application was developed in Python to classify attacks and push static flow entries to direct attack traffic to the sFlow collector for analysis. The scheme was tested in a Mininet virtual network and shown to successfully mitigate ICMP and SYN flood attacks. Future work includes testing DNS amplification and UDP floods, implementing adaptive sampling rates and thresholds, and designing an unblocking mechanism.
Software Narratology found its successful application in software diagnostics of abnormal software behavior, especially in the pattern-driven and pattern-based analysis of software logs from complex systems with millions of events, thousands of threads, hundreds of processes and modules. This is the full transcript of Software Diagnostics Services seminar (27th of June 2013) about the new application of software narratology to network trace analysis with examples from Wireshark. Topics include: A Narrative Interpretation of Wireshark, Definitions of Software Diagnostics and Diagnostic Pattern, Pattern Orientation and Pattern Catalog Classification, Trace and Log Analysis Patterns, Definitions of Software Narrative, Software and Network Traces, Network Trace Analysis as A Part of Software Trace Analysis, Trace Maps, Name Resolution, Trace Presentation, Minimal Trace Graphs, Pattern-Driven and Pattern-Based Analysis, Trace and Log Pattern Classification, Discussion of 20 Selected Patterns.
Securing tesla broadcast protocol with diffie hellman key exchangeIAEME Publication
This document discusses securing the Tesla broadcast protocol with Diffie-Hellman key exchange. It first provides background on the Tesla broadcast protocol and its use of time to provide asymmetric authentication through one-way key chains. It then discusses using Diffie-Hellman key exchange to securely distribute the cryptographic keys in the one-way chain. The document outlines how Diffie-Hellman key exchange works and explains how it can be integrated with Tesla to build a public key infrastructure for secure broadcast authentication with loosely time synchronized nodes.
IRJET- Secure Kerberos System in Distributed EnvironmentIRJET Journal
This document proposes a secure Kerberos system using AES encryption in a distributed environment. Kerberos is an authentication system that allows clients to securely access networked services. The proposed system uses a new sub-session key for communication between clients and servers to prevent attacks. Tickets in this system include explicit start and end times to allow for arbitrary lifetimes. The system architecture includes an authentication server, ticket granting server, and application server. The authentication server issues a ticket-granting ticket to the client, which can then be used to request service tickets from the ticket granting server. These tickets and authentication messages are encrypted using symmetric keys to allow for secure authentication and prevent replay attacks.
The document summarizes a student's summer research internship on privacy preserving and integrity protecting data aggregation in wireless sensor networks. The student studied and improved an existing algorithm for integrity protection of data. The key points covered include:
1) Wireless sensor networks face challenges of privacy preservation and integrity protection when aggregating sensitive data.
2) The student examined an existing algorithm that uses perturbation and complex numbers to preserve privacy while allowing integrity checks.
3) Issues with the algorithm include vulnerability if partial nodes participate. The student proposed using a bit vector to indicate participating nodes to address this.
4) Creation of energy efficient data aggregation trees in sensor networks was another topic studied to optimize parameters like energy consumption and network lifetime
This document analyzes the Patchwork targeted attack campaign, which infected an estimated 2,500 machines since 2015. The attackers used spearphishing emails containing malicious PowerPoint files to exploit CVE-2014-4114 and deploy first stage payloads. The investigation team used deception techniques to observe the attackers deploying second stage tools and pivoting through the network. Technical analysis of the payloads and command and control communications reveal the attackers copied code from online forums and targeted organizations working on military and political issues relating to Southeast Asia.
IRJET- Estimating Various DHT ProtocolsIRJET Journal
This document compares three distributed hash table (DHT) protocols: Tapestry, Chord, and Kademlia. It analyzes their performance using a simulator under varying parameters like stabilization interval, number of backup nodes, number of successors, and number of parallel lookups. The analysis seeks to determine the optimal cost-performance tradeoff for each protocol based on metrics like lookup latency and number of messages sent. Key differences between the protocols are described, such as Tapestry using a 160-bit identifier space, Chord arranging nodes in a circular identifier space and using a finger table for routing, and Kademlia storing contacts in buckets and finding closer nodes through iterative lookups. Simulation results are used to compare the protocols
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manetidescitation
Mobile adhoc networks are connected by wireless
links which forms a random topology of mobile nodes.Random
topology and self-organising network provides on-demand
networking and dynamic topology.Due to lack of infrastructure
support each node are self-organising and any nodes can join
and leave the network at any time.Providing security to these
network is a challenging issue because these type of networks
suffer for various kinds of malicious attacks.One of the attacks
which are most difficult to detect in Mobile adhoc network is
Gray hole attack.In this paper an analytical Gray Hole attack
model is developed for AODV protocol.Experiments are
simulated for Gray Hole attacks under variety of adhoc
network condition.
Deadlock in distribute system by saeed siddikSaeed Siddik
The document discusses deadlocks in distributed systems, outlining the four conditions required for a deadlock, strategies to handle deadlocks such as ignoring, detecting, preventing, and avoiding them, and algorithms for centralized deadlock detection and distributed deadlock detection and prevention. It provides examples of resource allocation graphs to illustrate deadlock conditions and explains how distributed deadlock detection and prevention algorithms work.
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
[Case Study] DDoS Attack on DNS using infected IoT Devices @ ACSAC 2015 (The 31st Annual Computer Security Applications Conference 2015), which is one of the most important cyber security conferences in the world and the oldest information security conference held annually
CONTROL CLOUD DATA ACCESS PRIVILEGE AND ANONYMITY WITH FULLY ANONYMOUS ATTRIB...Nexgen Technology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
Exploiting tls to disrupt privacy of web application's trafficSandipan Biswas
In this work, we analyze privacy and security aspects of encryption modes, padding schemes
and order of padding of messages in TLS during encrypted communication between client and
web-application on the server. We show that using padding schemes to pad all packets to
hide message sizes during communication without considering underlying encryption modes and
padding methodology is not safe .
This document is a resume for Manu Rajendra Sheelvant seeking a full-time opportunity in communications, networks, and network security. He has a Master's in Electrical Engineering from UT Arlington and is working on his CCNA certification. His experience includes setting up a test network lab and working as a network engineer intern at CDK Global where he implemented various networking protocols and technologies. He has experience with programming languages, operating systems, networking tools and commands, and has completed various academic projects involving networking, security, and signal processing using tools like MATLAB, Python, and Cisco devices.
RSA is one of the most popular Public Key Cryptography based algorithm mainly used for digital
signatures, encryption/decryption etc. It is based on the mathematical scheme of factorization of very large
integers which is a compute-intensive process and takes very long time as well as power to perform.
Several scientists are working throughout the world to increase the speedup and to decrease the power
consumption of RSA algorithm while keeping the security of the algorithm intact. One popular technique
which can be used to enhance the performance of RSA is parallel programming. In this paper we are
presenting the survey of various parallel implementations of RSA algorithm involving variety of hardware
and software implementations.
This document provides a summary of CLDAP reflection DDoS attacks observed by Akamai between October 2016 and January 2017. It details the attack methods, timelines, largest attacks observed, affected industries, source distributions by country and ASN, mitigation recommendations including filtering port 389, and conclusions regarding CLDAP reflection as an emerging DDoS vector.
Node Legitimacy Based False Data Filtering Scheme in Wireless Sensor NetworksEswar Publications
False data injection attack is a serious threat to wireless sensor network. In this paper, a node legitimacy based false data filtering scheme (NLFS) is proposed. NLFS verifies not only message authentication codes (MACs) contains in reports, but also the legitimacy of nodes that endorse the report. The verification guarantees that compromised nodes from different geographical areas cannot collude to inject false data, which makes NLFS has a high tolerance of compromised nodes. In addition, NLFA only utilizes the relationships between node IDs to verify the legitimacy of nodes without other software or hardware overhead. Simulation results show that NLFS can filter 95% false reports within three hops and is resilience to an increasing number of compromised nodes.
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...cscpconf
In this paper, we have taken out the concern of security on a Medium Access Control layer
implementing Assured Neighbor based Security Protocol to provide the authentication,
confidentiality and taking in consideration High speed transmission by providing security in
parallel manner in both Routing and Link Layer of Mobile Ad hoc Networks. We basically
divide the protocol into two different segments as the first portion concentrates, based on
Routing layer information; we implement the scheme for the detection and isolation of the
malicious nodes. The trust counter for each node is maintained which actively increased and
decreased considering the trust value for the packet forwarding. The threshold level is defined differencing the malicious and non malicious nodes. If the value of the node in trust counter lacks below the threshold value then the node is considered as malicious. The second part focus on providing the security in the link layer, the security is provided using CTR (Counter) approach for authentication and encryption. Hence simulating the results in NS-2, we come to conclude that the proposed protocol can attain high packet delivery over various intruders while attaining low delays and overheads.
This document presents a multi-classification approach for detecting network attacks using a layered model. The proposed system consists of two stages - the first stage classifies network records as normal or an attack, while the second stage further classifies any detected attacks into four categories (DoS, Probe, R2L, U2R) using separate layers. Experimental results on the NSL-KDD dataset show the layered approach using the JRip classifier achieved very high classification accuracy of over 99% for each attack category, outperforming existing approaches. The multi-layered model is effective for improving detection of minority attack classes without reducing performance on majority classes.
Detecting Hacks: Anomaly Detection on Networking DataJames Sirota
See https://medium.com/@jamessirota for a series of blog entries that goes with this deck...
Defense in Depth for Big Data
Network Anomaly Detection Overview
Volume Anomaly Detection
Feature Anomaly Detection
Model Architecture
Deployment on OpenSOC Platform
Questions
Detecting Hacks: Anomaly Detection on Networking DataDataWorks Summit
This document summarizes techniques for anomaly detection on network data. It discusses defense-in-depth strategies using both misuse detection and anomaly detection. It then describes volume-based and feature-based network anomaly detection, including statistical process control techniques. The document outlines a three-phase anomaly detection process and discusses implementation in Hadoop using time series databases. It provides examples of common network anomalies and techniques for batch and online anomaly detection modeling.
1) Google has built one of the fastest and most capable network infrastructures over the past 15+ years through innovations like global caching, software defined networking, and virtualizing the physical network.
2) Telemetry and analytics are needed in large data center networks to perform network modeling, configuration verification, and fault isolation given their complexity with thousands of switches and links.
3) Systems are used at Google to continuously verify topology matches intent, detect routing inconsistencies within milliseconds, and measure service level agreements and traffic characteristics across all host pairs.
During the audit, 10 issues were found including 1 medium risk issue that has been resolved. Several issues related to unclear specifications that require clarification. All issues have now been resolved according to the recent updates. The audit evaluated the code for security vulnerabilities, adherence to best practices, and specifications. Both automated analysis and manual review were performed, finding issues such as missing access controls, unchecked parameters, and clone-and-own risks.
DDoS Attack Detection and Botnet Prevention using Machine LearningIRJET Journal
This document discusses using machine learning to detect distributed denial of service (DDoS) attacks and prevent botnets. It proposes using classifiers like logistic regression, support vector machines, K-nearest neighbors, decision trees, and AdaBoost to detect DDoS attacks based on the NSL KDD dataset, achieving accuracies from 82.28% to 90.4%. It also plans to add botnet prevention features to reduce the creation of botnets and the intensity of future DDoS attacks, which could help individual users. The document reviews several related works applying machine learning for DDoS detection and phishing URL classification.
Secure Checkpointing Approach for Mobile Environmentidescitation
The document describes a secure checkpointing approach for mobile environments. It proposes using elliptic curve cryptography combined with checkpointing to provide a low overhead, secure, fault tolerant system. Key points:
- Checkpointing is used to save system states to allow recovery from failures. Elliptic curve cryptography provides security by encrypting communication and generating digital signatures.
- The approach shifts cryptographic calculations to base stations to reduce mobile node overhead. Checkpoints and recovery information are stored at base stations.
- Mobile nodes save checkpoints and transfer them to the current base station they are connected to. A recovery algorithm allows processes to rollback and resume from the last saved checkpoint if a failure occurs.
Security is a major concern in computer networking which faces increasing threats as the commercial
Internet and related economies continue to grow. Virtualization technologies enabling
scalable Cloud services pose further challenges to the security of computer infrastructures,
demanding novel mechanisms combining the best-of-breed to counter certain types of attacks
. Our work aims to explore advances in Cyber Threat Intelligence (CTI) in the context of
Software Defined Networking (SDN) architectures. While CTI represents a recent approach
to combat threats based on reliable sources, by sharing information and knowledge about
computer criminal activities, SDN is a recent trend in architecting computer networks based
on modularization and programmability principles. In this dissertation, we propose IntelFlow,
an intelligent detection system for SDN that follows a proactive approach using OpenFlow
to deploy countermeasures to the threats learned through a distributed intelligent plane. We
show through a proof of concept implementation that the proposed system is capable of delivering
a number of benefits in terms of effectiveness, altogether contributing to the security
of modern computer network designs.
Protecting Financial Networks from Cyber CrimeLancope, Inc.
Financial services organizations are prime targets for cyber criminals. They must take extreme care to protect customer data, while also ensuring high levels of network availability to allow for 24/7 access to critical financial information. Additionally, industry consolidation has created large, heterogeneous network environments within large financial institutions, making it difficult to ensure that networks have the necessary visibility and protection to prevent a devastating security breach. By leveraging NetFlow from existing network infrastructure, financial services organizations can achieve comprehensive visibility across even the largest, most complex networks. The ability to quickly detect a wide range of potentially malicious activity helps prevent damaging data breaches and network disruptions. Attend this informational webinar, conducted by Lancope’s Director of Security Research, Tom Cross, to learn: How NetFlow can help quickly uncover both internal and external threats How pervasive network insight can accelerate incident response and forensic investigations How to substantially decrease enterprise risks
Layered approach using conditional random fields for intrusion detection (syn...Mumbai Academisc
The document proposes a layered approach using conditional random fields for intrusion detection. It aims to improve accuracy and efficiency. Each layer is trained separately to detect different attack types (probe, DoS, R2L, U2R) using relevant features. The layers act as filters to quickly detect and block attacks without passing connections to subsequent layers. Experimental results show the proposed system outperforms other methods with high improvements in detecting certain attack types. Hardware requirements include a Pentium IV PC with 256MB RAM and software requirements include Windows XP and development tools like Java and Eclipse.
Proactive ops for container orchestration environmentsDocker, Inc.
This document discusses different approaches to monitoring systems from manual and reactive to proactive monitoring using container orchestration tools. It provides examples of metrics to monitor at the host/hardware, networking, application, and orchestration layers. The document emphasizes applying the principles of observability including structured logging, events and tracing with metadata, and monitoring the monitoring systems themselves. Speakers provide best practices around failure prediction, understanding failure modes, and using chaos engineering to build system resilience.
• For a full set of 950+ questions. Go to
https://skillcertpro.com/product/ceh-v11-certified-ethical-hacker-exam-questions/
• SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
• It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
• SkillCertPro updates exam questions every 2 weeks.
• You will get life time access and life time free updates
• SkillCertPro assures 100% pass guarantee in first attempt.
Semantic Metadata Annotation for Network Anomaly DetectionThomasGraf42
This document proposes defining standardized semantic metadata annotations for network anomaly detection. This would help network operators, vendors, and academia collaborate by enabling data exchange and facilitating supervised/semi-supervised machine learning development. Key benefits include testing and comparing outlier detection methods, making anomalies understandable for humans, and automating the learning process from network incidents. The document discusses categorizing network symptoms and defining their associated actions, reasons, and causes using YANG data models to annotate operational and analytical data.
PREDICTIVE DETECTION OF KNOWN SECURITY CRITICALITIES IN CYBER PHYSICAL SYSTEM...cscpconf
A large number of existing Cyber Physical Systems (CPS) in production environments, also employed in critical infrastructures, are severely vulnerable to cyber threats but cannot be modified due to strict availability requirements and nearly impossible change management. Monitoring solutions are increasingly proving to be very effective in such scenarios. Since CPS are typically designed for a precise purpose, their behaviour is predictable to a good extent and often well known, both from the process and the cyber perspective. This work presents a cyber security monitor capable of leveraging such knowledge to detect illicit activities. It uses a formal language to specify critical conditions and an SMT-based engine to detect them through network traffic and log analysis. The framework is predictive, i.e. it recognises if the system is approaching a critical state before reaching it. An important novelty of the approach is the capability of dealing with unobservable variables, making the framework much more feasible in real cases. This work presents the formal framework and first experimental results validating the feasibility of the approach.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
An Enhanced Technique for Network Traffic Classification with unknown Flow De...IRJET Journal
This document presents a technique for classifying network traffic and detecting unknown flows in wireless sensor networks. The technique aims to improve on previous work by using fewer labeled training samples and investigating flow correlation in real-world network environments. It proposes a method that selects a sender and receiver node, establishes a path between them by avoiding faulty nodes, and evaluates the system based on propagation rate, training purity, and accuracy. The results show the proposed method achieves higher propagation rate, training purity, and overall accuracy compared to an existing semi-supervised technique.
CGPA otherwise called Cumulative Grade Points. Average is the normal of Grade Points acquired in every one of the subjects secured till date. It is trusted that it gives a general knowledge into the level of devotion, truthfulness and diligent work put by the understudy.
However there might be where an understudy who is remarkable at programming may not appreciate other hypothetical subjects like programming testing. Notwithstanding, CGPA comes up short when such a situation comes into picture.
.net programming using asp.net to make web projectKedar Kumar
It is very easy to do a web prject using asp.net in .net programming.Here,I am doing a project on Airbase reservation system(ARS) used to be standalone systems. Each airline had it’s own system, disconnected from other airlines or ticket agents, and usable only by a designated number of airline employees.
This purpose assumes that educational websites in general are a good thing. Even so, we have heard arguments that many young people today use the internet so much for leisure and personal interest activities that they would advantaged by learning all of their formal school or college studies from paper textbooks
i have done this works to demonstrate the data security by the help of cloud storage.It determines many algorithm including so many tools and many more..
Wireless multimedia sensor networks (WMSNs) allow for the collection of interactive media like video and audio streams from sensor devices. The paper surveys the state of the art in algorithms, protocols, and hardware for WMSNs. It discusses existing network models and open research issues at various layers of the communication protocol stack, as well as potential cross-layer optimizations. Time-hopping impulse radio ultra-wideband (TH-IR-UWB) is promising for the physical layer due to features like low power consumption and high data rates over short distances. The MAC layer must provide channel access and error control schemes to support different types of multimedia data streams in the network.
Combinatorial testing can significantly reduce the number of tests needed to cover all variable combinations by focusing on pairwise combinations. The document discusses pairwise testing, which aims to test all combinations of each pair of input parameters. This catches a high percentage of errors while dramatically reducing the number of required test cases. Tools like PICT can automatically generate optimal pairwise test suites. The document provides an example showing PICT reducing 96 potential test cases for a car ordering application down to just 8 test cases.
Combinatorial testing (CT) can significantly reduce the number of tests needed to cover all combinations of parameters by using techniques like pairwise testing. Pairwise testing involves testing all possible combinations of each pair of input parameters, reducing hundreds of thousands of test cases to just a few dozen. Tools are available to automatically generate optimal pairwise test cases. CT has been shown to improve defect detection over traditional ad hoc testing while lowering costs by reducing testing time and effort.
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELgerogepatton
As digital technology becomes more deeply embedded in power systems, protecting the communication
networks of Smart Grids (SG) has emerged as a critical concern. Distributed Network Protocol 3 (DNP3)
represents a multi-tiered application layer protocol extensively utilized in Supervisory Control and Data
Acquisition (SCADA)-based smart grids to facilitate real-time data gathering and control functionalities.
Robust Intrusion Detection Systems (IDS) are necessary for early threat detection and mitigation because
of the interconnection of these networks, which makes them vulnerable to a variety of cyberattacks. To
solve this issue, this paper develops a hybrid Deep Learning (DL) model specifically designed for intrusion
detection in smart grids. The proposed approach is a combination of the Convolutional Neural Network
(CNN) and the Long-Short-Term Memory algorithms (LSTM). We employed a recent intrusion detection
dataset (DNP3), which focuses on unauthorized commands and Denial of Service (DoS) cyberattacks, to
train and test our model. The results of our experiments show that our CNN-LSTM method is much better
at finding smart grid intrusions than other deep learning algorithms used for classification. In addition,
our proposed approach improves accuracy, precision, recall, and F1 score, achieving a high detection
accuracy rate of 99.50%.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
ACEP Magazine edition 4th launched on 05.06.2024Rahul
This document provides information about the third edition of the magazine "Sthapatya" published by the Association of Civil Engineers (Practicing) Aurangabad. It includes messages from current and past presidents of ACEP, memories and photos from past ACEP events, information on life time achievement awards given by ACEP, and a technical article on concrete maintenance, repairs and strengthening. The document highlights activities of ACEP and provides a technical educational article for members.
Literature Review Basics and Understanding Reference Management.pptxDr Ramhari Poudyal
Three-day training on academic research focuses on analytical tools at United Technical College, supported by the University Grant Commission, Nepal. 24-26 May 2024
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMSIJNSA Journal
The smart irrigation system represents an innovative approach to optimize water usage in agricultural and landscaping practices. The integration of cutting-edge technologies, including sensors, actuators, and data analysis, empowers this system to provide accurate monitoring and control of irrigation processes by leveraging real-time environmental conditions. The main objective of a smart irrigation system is to optimize water efficiency, minimize expenses, and foster the adoption of sustainable water management methods. This paper conducts a systematic risk assessment by exploring the key components/assets and their functionalities in the smart irrigation system. The crucial role of sensors in gathering data on soil moisture, weather patterns, and plant well-being is emphasized in this system. These sensors enable intelligent decision-making in irrigation scheduling and water distribution, leading to enhanced water efficiency and sustainable water management practices. Actuators enable automated control of irrigation devices, ensuring precise and targeted water delivery to plants. Additionally, the paper addresses the potential threat and vulnerabilities associated with smart irrigation systems. It discusses limitations of the system, such as power constraints and computational capabilities, and calculates the potential security risks. The paper suggests possible risk treatment methods for effective secure system operation. In conclusion, the paper emphasizes the significant benefits of implementing smart irrigation systems, including improved water conservation, increased crop yield, and reduced environmental impact. Additionally, based on the security analysis conducted, the paper recommends the implementation of countermeasures and security approaches to address vulnerabilities and ensure the integrity and reliability of the system. By incorporating these measures, smart irrigation technology can revolutionize water management practices in agriculture, promoting sustainability, resource efficiency, and safeguarding against potential security threats.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Comparative analysis between traditional aquaponics and reconstructed aquapon...bijceesjournal
The aquaponic system of planting is a method that does not require soil usage. It is a method that only needs water, fish, lava rocks (a substitute for soil), and plants. Aquaponic systems are sustainable and environmentally friendly. Its use not only helps to plant in small spaces but also helps reduce artificial chemical use and minimizes excess water use, as aquaponics consumes 90% less water than soil-based gardening. The study applied a descriptive and experimental design to assess and compare conventional and reconstructed aquaponic methods for reproducing tomatoes. The researchers created an observation checklist to determine the significant factors of the study. The study aims to determine the significant difference between traditional aquaponics and reconstructed aquaponics systems propagating tomatoes in terms of height, weight, girth, and number of fruits. The reconstructed aquaponics system’s higher growth yield results in a much more nourished crop than the traditional aquaponics system. It is superior in its number of fruits, height, weight, and girth measurement. Moreover, the reconstructed aquaponics system is proven to eliminate all the hindrances present in the traditional aquaponics system, which are overcrowding of fish, algae growth, pest problems, contaminated water, and dead fish.
Understanding Inductive Bias in Machine LearningSUTEJAS
This presentation explores the concept of inductive bias in machine learning. It explains how algorithms come with built-in assumptions and preferences that guide the learning process. You'll learn about the different types of inductive bias and how they can impact the performance and generalizability of machine learning models.
The presentation also covers the positive and negative aspects of inductive bias, along with strategies for mitigating potential drawbacks. We'll explore examples of how bias manifests in algorithms like neural networks and decision trees.
By understanding inductive bias, you can gain valuable insights into how machine learning models work and make informed decisions when building and deploying them.
2. 2
CERTIFICATE
This is to guarantee that the undertaking work entitled "STUDENT Marks
Analysis" that is being put together by "KEDAR KUMAR (15BIT0268) and
RUBAL NANDAL (15BIT0134)" is a record of bonafide work done in Data
MINING (ITE2006) under my watch. The substance of this Project work, in
full or in parts, have nor been taken from some other source nor have been
submitted for some other CAL course.
PLACE:VELLORE
DATE:1/11/2017
KEDAR KUMAR (15BIT0268)
RUBAL NANDAL (15BIT0134)"
3. 3
Table of components
Acknowlegement 2
Problem Statement 3
Approach 6
Modules 7
Proposed Implementation 8
Implementation 9
Conclusi
on
22
Referenc
es
23
4. 4
ACKNOWLEDGEMENTS
We acknowledge SUDHA M mam for the direction and help gave help
the execution of the undertaking. We additionally recognize all others
worried about accomplishment of this undertaking. It is standard to
recognize the University Management/School Dean for giving us a
chance to complete our examinations at the University. Thanks for such
an outstanding opportunity to us.
Problem Statement
Now a days there are so many attacks are carried out on various people with malicious intents
.Most of them are network attacks , so we attempt to develop an network abuse detection
(intrusion detection ) from the KDD-1999 data set and try to identity normal connection and
attacked connection
To detect network intrusions protects a computer network from unauthorized users, including
perhaps insiders. The intrusion detector learning task is to build a predictive model (i.e. a
classifier) capable of distinguishing between "bad" connections, called intrusions or attacks, and
"good" normal connections.
A connection is a sequence of TCP packets starting and ending at some well defined times,
between which data flows to and from a source IP address to a target IP address under some well
defined protocol. Each connection is labelled as either normal, or as an attack, with exactly one
specific attack type. Each connection record consists of about 100 bytes.
Attacks fall into four main categories
DOS: denial-of-service, e.g. syn flood;
R2L: unauthorized access from a remote machine, e.g. guessing password;
U2R: unauthorized access to local superuser (root) privileges, e.g., various "buffer
overflow" attacks;
PROBING: surveillance and other probing, e.g., port scanning.
5. 5
ABOUT DATASET
Our dataset contains these features
Table 1: Basic features of individual TCP connections
feature name description type
duration length (number of seconds) of the connection continuous
protocol_type type of the protocol, e.g. tcp, udp, etc. discrete
service network service on the destination, e.g., http, telnet, etc. discrete
src_bytes number of data bytes from source to destination continuous
dst_bytes number of data bytes from destination to source continuous
flag normal or error status of the connection discrete
land 1 if connection is from/to the same host/port; 0 otherwise discrete
wrong_fragment number of "wrong" fragments continuous
urgent number of urgent packets continuous
Table 2: Content features within a connection suggested by domain knowledge
feature name description type
hot number of "hot" indicators continuous
num_failed_logins number of failed login attempts continuous
logged_in 1 if successfully logged in; 0 otherwise discrete
num_compromised number of "compromised" conditions continuous
root_shell 1 if root shell is obtained; 0 otherwise discrete
su_attempted 1 if "su root" command attempted; 0 otherwise discrete
num_root number of "root" accesses continuous
6. 6
num_file_creations number of file creation operations continuous
num_shells number of shell prompts continuous
num_access_files number of operations on access control files continuous
num_outbound_cmds number of outbound commands in an ftp session continuous
is_hot_login 1 if the login belongs to the "hot" list; 0 otherwise discrete
is_guest_login 1 if the login is a "guest"login; 0 otherwise discrete
Table 3: Traffic features computed using a two-second time window
feature name description> type
count number of connections to the same host as the current connection
in the past two seconds
continuous
Note: The following features refer to these same-host connections.
serror_rate % of connections that have "SYN" errors continuous
rerror_rate % of connections that have "REJ" errors continuous
same_srv_rate % of connections to the same service continuous
diff_srv_rate % of connections to different services continuous
srv_count number of connections to the same service as the current
connection in the past two seconds
continuous
Note: The following features refer to these same-service connections.
srv_serror_rate % of connections that have "SYN" errors continuous
srv_rerror_rate % of connections that have "REJ" errors continuous
srv_diff_host_rate % of connections to different hosts continuous
7. 7
Approach
1)There we will do some exploratory data analysis using Pandas.
2) After that we will do Data pre-processing and remove unnecessary features (attributes) from
our dataset
3) Then we will use clustering and anomality detection. We want our model to be able to work
well with unknown attack types and also to give an approximation of the closest attack type. We
will use K-mean clustering.
4) Then we will build a classifier using Scikit-learn (machine learning library).
Our classifier will just classify entries into normal or attack. By doing so, we can
generalise the model to new attack types.
8. 8
Modules
1) Data Pre-processing:
Initially, we will use all features. We need to do something with our categorical variables. But
not all the features are numerical so we will do feature selection to remove unwanted features to
reduce the dimensionality of our data.
2) KMeans clustering
We will perform anomaly detection approach in the reduced dataset. We will start by doing k-
means clustering. Once we have the cluster centres, we can use it to identify the clusters of
attack or normal in new dataset
3) Classification
In classification we will train our dataset and make a classifier and use that classifier to predict
other data file and then we will test our estimation with R2
test to predict the accuracy of our
classifier.
4) Predictions
Based on the assumption that new attack types will resemble old type, we will be able to detect
those. Moreover, anything that falls too far from any cluster, will be considered anomalous and
therefore a possible attack.
13. 13
CLUSTERING
from sklearn.cluster import KMeans
k = 30
km = KMeans(n_clusters = k)
t0 = time()
km.fit(features)
tt = time()-t0
print("Clustered in",round(tt,3)," seconds")
#visualising cluster sample
for i in range(600,620):
print (km.labels_[i])
ASSIGINING LABELS
labels = kdd_data_10percent['label']
label_names = list(map(
lambda x: pandas.Series([labels[i] for i in range(len(km.labels_)) if km.labels_[i]==x]),
range(k)))
for i in range(k):
print ("Cluster ",i," labels:")
print (label_names[i].value_counts(),"n")
print
23. 23
CONCLUSION
We have formed clusters . those clusters can e used with real data to predict an
attack and a normal connection. Even anything falling far from cluster can also be
considered as an attack
From classification we obtained results tabulated in below table
ALGORITHM TIME FOR TRAINING ACCURACY
Ball-Tree Least 0.925 (near max)
KD-TREE Little higher than Ball-tree 0.820 (least)
BRUTEFORCE High 0.932 (maximum)
Form our experiment we concluded bruteforce is most expensive algorithm but
produced max accuracy on the other hand kd-tree obtained least result for our data
and ball-tree algorithm worked better as it consumed almost least time and almost
max accuracy