1 / 16

Layered Approach using Conditional Random Fields For Intrusion Detection

Layered Approach using Conditional Random Fields For Intrusion Detection. ABSTRACT:.

hera
Download Presentation

Layered Approach using Conditional Random Fields For Intrusion Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Layered Approach using Conditional Random Fields For Intrusion Detection

  2. ABSTRACT: • Intrusion detection faces a number of challenges; an intrusion detection system must reliably detect malicious activities in a network and must perform efficiently to cope with the large amount of network traffic. In this paper, we address these two issues of Accuracy and Efficiency using Conditional Random Fields and Layered Approach. We demonstrate that high attack detection accuracy can be achieved by using Conditional Random Fields and high efficiency by implementing the Layered Approach. Intrusion detection is one of the high priority and challenging tasks for network administrators and security professionals. More sophisticated security tools mean that the attackers come up with newer and more advanced penetration methods to defeat the installed security systems. Finally, our system has the advantage that the number of layers can be increased or decreased depending upon the environment in which the system is deployed, giving flexibility to the network administrators. The areas for future research include the use of our method for extracting features that can aid in the development of signatures for signature-based systems. The signature-based systems can be deployed at the periphery of a network to filter out attacks that are frequent and previously known, leaving the detection of new unknown attacks for anomaly and hybrid systems. • .

  3. EXISTING SYSTEM • Intrusion detection in Wireless Sensor Network (WSN) is of practical interest in many applications such as detecting an intruder in a battlefield. The intrusion detection is defined as a mechanism for a WSN to detect the existence of inappropriate, incorrect, or anomalous moving attackers. It is a fundamental issue to characterize the WSN parameters such as node density and sensing range in terms of a desirable detection probability. In addition, we discuss the network connectivity and broadcast reach ability, which are necessary conditions to ensure the corresponding detection probability in a WSN.

  4. In analyzes the intrusion detection problem in both homogeneous and heterogeneous WSNs by characterizing intrusion detection probability with respect to the intrusion distance and the network parameters. Intrusion detection model includes a network model, a detection model, and an intrusion strategy model. The network model specifies the WSN environment.

  5. PROPOSED SYSTEM • In this paper, we have addressed the dual problem of Accuracy and Efficiency for building robust and efficient intrusion detection systems. Our experimental results in Section 6 show that CRFs are very effective in improving the attack detection rate and decreasing the FAR. • Having a low FAR is very important for any intrusion detection system. Further, feature selection and implementing the Layered Approach significantly reduce the time required to train and test the model.

  6. The areas for future research include the use of our method for extracting features that can aid in the development of signatures for signature-based systems. The signature-based systems can be deployed at the periphery of a network to filter out attacks that are frequent and previously known, leaving the detection of new unknown attacks for anomaly and hybrid systems. Finally, our system has the advantage that the number of layers can be increased or decreased depending upon the environment in which the system is deployed, giving flexibility to the network administrators.

  7. ADVANTAGES & DISADVANTAGES • Disadvantage: • The sensed information provided by a single sensor might be inadequate for recognizing the intruder. • So that there is no guarantee for our information has been sent securely. • Advantage: • Through sensing the network we able to find possible node in the wireless Sensor network. • By finding the intruders we can send our information in a secured manner.

  8. Hardware Requirements: • Processor : Pentium IV 2.8GHz. • RAM : 512 MB RAM. • Hard Disk : 40 GB. • Input device : Standard Keyboard and Mouse. • Output device : VGA and High Resolution Monitor.

  9. Software Requirements: • Operating System : Windows XP • Language : JDK 1.5.

  10. Modules • CONSTRUCTING NETWORK SECURITY • RANDOMIZED FIELD DETCTION

  11. CONSTRUCTING NETWORK SECURITY • In this module, we are going to connect the network each node is connected the neighboring node and it is independently deployed in network area. And also deploy the each port no is authorized in a node. Intrusion detection as defined by the Sys Admin, Audit, Networking, and Security (SANS) Institute is the art of detecting inappropriate, inaccurate, or anomalous activity. Today, intrusion detection is one of the high priority and challenging tasks for network administrators and security professionals.

  12. RANDOMIZED FIELD DETCTION • In this module, browse and select the source file. And selected data is converted into fixed size of packets. And the packet is send from source to detector. Conditional models are probabilistic systems that are used to model the conditional distribution over a set of random variables. Such models have been extensively used in the natural language processing tasks. Conditional models offer a better framework as they do not make any unwarranted assumptions on the observations and can be used to model rich overlapping features among the visible observations.

  13. DATA FLOW DIAGRAM • In proposed system, we address these two issues of Accuracy and Efficiency using Conditional Random Fields and Layered Approach. • High attack detection accuracy can be achieved by using Conditional Random Fields and high efficiency by implementing the Layered Approach. • Experimental results show that our proposed system based on Layered Conditional Random Fields outperforms other well-known methods such as the decision trees and the naive Bayes.

  14. Dest Detect1 Probe Spec Trans Dos Dest Detect2 Spec Trans Detect3 R2L Dest

  15. Source File Dialog Detector Dest Select The Source File Fixed Size of Packet Detector MODULE DIAGRAM Source

  16. REFERENCES: [1] Autonomous Agents for Intrusion Detection, http://www.cerias. purdue.edu/research/aafid/, 2010. [2] CRF++: Yet Another CRF Toolkit, http://crfpp.sourceforge.net/, 2010. [3] KDD Cup 1999 Intrusion Detection Data, http://kdd.ics.uci.edu/ databases/kddcup99/kddcup99.html, 2010. [4] Overview of Attack Trends, http://www.cert.org/archive/pdf/ attack_trends.pdf, 2002. [5] Probabilistic Agent Based Intrusion Detection, http://www.cse.sc. edu/research/isl/agentIDS.shtml, 2010.

More Related