LightBlog
Contact at mumbai.academics@gmail.com or 8097636691/9323040215
Responsive Ads Here

Thursday, 8 February 2018

Layered Approach Using Conditional Random Fields for Intrusion Detection(2010)


Layered Approach Using Conditional Random

 Fields for Intrusion Detection(2010)


Abstract:
Intrusion detection faces a number of challenges; an intrusion detection system must reliably detect malicious activities in a network and must perform efficiently to cope with the large amount of network traffic. In this project, we address these two issues of Accuracy and Efficiency using Conditional Random Fields and Layered Approach. We demonstrate that high attack detection accuracy can be achieved by using Conditional Random Fields and high efficiency by implementing the Layered Approach.  Finally, we show that our system is robust and is able to handle noisy data without compromising performance.
Existing System:-
The field of intrusion detection and network security has been around since late 1980s. Since then, a number of methods and frameworks have been proposed and many systems have been built to detect intrusions. Various techniques such as association rules, clustering, naive Bayes classifier, support vector machines, genetic algorithms, artificial neural networks, and others have been applied to detect intrusions. In this section, we briefly discuss these techniques and frameworks.
 Experimental results on the benchmark KDD ’99 intrusion data set show that our proposed system based on Layered Conditional Random Fields outperforms other well-known methods such as the decision trees and the naive Bayes.
The improvement in attack detection accuracy is very high, particularly, for the U2R attacks (34.8 percent improvement) and the R2L attacks (34.5 percent improvement). Statistical Tests also demonstrate higher confidence in detection accuracy for our method.
Proposed System:-
Other approaches for detecting intrusion include the use of  autonomous  and probabilistic agents for intrusion detection. These methods are generally aimed at developing a distributed intrusion detection system. To overcome the weakness of a single intrusion detection system, a number of frameworks have been proposed, which describe the collaborative use of network-based and hostbased systems . Systems that employ both signature based and behavior-based techniques are discussed in  the authors describe a data mining framework for building adaptive intrusion detection models.
     The data analyzed by the intrusion detection system for classification often has a number of features that are highly correlated and complex relationships exist between them. when classifying network connections as either normal or as attack, a system may consider features such as “logged in” and “number of file creations.” When these features are analyzed individually, they do not provide any information that can aid in detecting attacks. However, when these features are analyzed together, they can provide meaningful information, which can be helpful for the classification task. And connection level feature such as the “service invoked” at the
Modules:-
CONDITIONAL RANDOM FIELD
The CRFs have proven to be very successful in such tasks, as they do not make any unwarranted assumptions about the data. Hence, we explore the suitability of CRFs for intrusion detection. system may consider features such as “logged in” and “number of file creations.” When these features are analyzed individually, they do not provide any information that can aid in detecting attacks.
Probe layer
The probe attacks are aimed at acquiring information about the target network from a source that is often external to the network. Hence, basic connection level features such as the “duration of connection” and “source bytes” are significant while features like “number of files creations” and “number of files accessed” are not expected to provide information for detecting probes
 DoS layer,
For the DoS layer, traffic features such as the “percentage of connections having same destination host and same service” and packet level features such as the “source bytes” and “percentage of packets with errors” are significant. To detect DoS attacks, it may not be important to know whether a user is “logged in or not.”
 R2L layer
The R2L attacks are one of the most difficult to detect as they involve the network level and the host level features. We therefore selected both the network level features such as the “duration of connection” and “service requested” and the host level features such as the “number of failed login attempts” among others for detecting R2L attack.
U2R layer ( User to Root attacks)
The U2R attacks involve the semantic details that are very difficult to capture at an early stage. Such attacks are often content based and target an application. Hence, for U2R attacks, we selected features such as “number of file creations” and “number of shell prompts invoked,” while we ignored features such as “protocol” and “source bytes.”
System Specifications:
Hardware Requirements
  •  SYSTEM            : Pentium IV 2.4 GHz
  •  HARD DISK      : 40 GB
  •  FLOPPY DRIVE : 1.44 MB
  •  MONITOR         : 15 VGA colour
  •  MOUSE              : Logitech.
  •  RAM                   : 256 MB
  •  KEYBOARD      : 110 keys enhanced.
Software Requirements
  •  Operating system :-  Windows XP Professional
  •   Front End           :-  JAVA, RMI, JDBC, Swing
  •  Tool                    :Eclipse 3.3

No comments:

Post a Comment