DIFFERENTIAL INTRUSION DETECTION ARCHITECTURE AND ANALYSIS

Prof.Dr.G.Manoj Someswar, Venkata Reddy Medikonda

Abstract


Intrusion Detection is the route toward watching the events that happen in a PC system or PC organization and exploring them for signs of attempts to rebuke for confidentiality, uprightness and availability. Irregularity in the purpose or space, as the critical convergence of research for recognizing new methods for intrusion, has exhibited obliged limit with regards to mission-fundamental organizations, generally due to the way that learning or bare essential showing of "run of the mill" direct of a baffling structure like today's orchestrated PCs is a difficult (if not boundless) undertaking.

In this research work, we have used abundance and varying qualities strategies to fulfill a reference for run of the mill direct of framework servers. Two heterogeneous servers that offer comparable organizations yet are arranged and executed differently are passed on, with a particular ultimate objective to discover attempts that goal the utilitarian genuineness of a structure moreover its availability. Since there are major differences in execution of the two systems, essential server and remote server, this approach should at best recognize the specific lead due to the difference in use and those due to dealt conditions. Appeared differently in relation to other grouped qualities based intrusion detection approaches, our work has the advantage of using only two contrasting servers instead of not less than three as suggested by voting-based courses of action.

The time tested Behavioral Difference Analyzer (BDA) is set in a proposed fashion for designing in order to watch activities of the essential and remote servers through a couple picked compose level and application-level components. Criteria for assurance of the watching parts are delineated as not every component is fitting for differential examination. Changes in highlight values and their differentials are checked using EWMA procedure as a part of an incremental learning process considering the fluctuating difference appropriately time of the servers. Use of BDA at different layers of frameworks organization, furthermore unique portions of the predetermined outline is spoken to.

A logical order of interruptions is delivered with applications to all contrasting qualities based recognizable proof systems, and it is checked with other saw logical orders and strike databases. The logical classification is surrounded in light of the behavioral characteristics of the joined heterogeneous servers: Excessiveness, Accordance, and Responsiveness.                                        

The consequences of different intrusions occuring show that differential intrusion location is a promising procedure in recognizing known and new Internet assaults; those that endeavor breaks in plan and execution of frameworks and also those that abuse true blue activities to make refusal of administration intrusions.


Full Text:

PDF

References


HTTP/1.1 (RFC 2616), Hypertext transfer protocol, http://www.w3.org/ Protocols/ rfc2616/ rfc2616.html.

Navid Aghdaie and Yuval Tamir, Implementation and evaluation of trans-parent fault-tolerant web service with kernel-level support, Proceedings of the IEEE International Conference on Computer Communications and Networks (Miami, FL, USA), October 2002, pp. 63–68.

Rakesh Agrawal and Ramakrishnan Srikant, Fast algorithms for mining asso-ciation rules, Proceedings of the 20th International Conference on Very Large Data Bases VLDB (Santiago de Chile, Chile), Morgan Kaufmann, September 1994, pp. 487–499.

Gonzalo Alvarez and Slobodan Petrovic, A new taxonomy of web attacks suitable for efficient encoding, Computers and Security 22 (2003), no. 5, 435–449.

S. Axelsson, Research in intrusion-detection systems: A survey and taxon-omy, Tech. Report 98-17, Department of Computer Engineering, Charlmers University of Technology, Goteborg, Sweden, March 2000.

R. Bace and P. Mell, Special publication on intrusion detection system, Tech. Report SP-800-31, National Institute of Standards and Technology, Gaithers-burg, MD, USA, November 2001.

J.S. Balasubramaniyan, J.O. Garcia-Fernandez, D. Isacoff, E. Spafford, and D. Zamboni, An architecture for intrusion detection using autonomous agents, Proceedings of the 14th Annual Computer Security Applications Con-ference, December 1998, pp. 13–24.

Ivan Balepin, Sergei Maltsev, Jeff Rowe, and Karl Levitt, Using specification-based intrusion detection for automated response, Proceedings of Recent Advances in Intrusion Detection, 6th International Symposium (RAID 2003) (Pittsburgh, PA, USA), Springer-Verlag Heidelberg, September 2003, pp. 136–154.

Daniel Barbara, Julia Couto, Sushil Jajodia, and Ningning Wu, ADAM: A testbed for exploring the use of data mining in intrusion detection, SIGMOD Rec. 30 (2001), no. 4, 15–24.

Matt Bishop, Computer security: Art and science, Addison-Wesley, Boston, MA, USA, November 2002.

Andrea Bosin, Nicoletta Dessì, and Barbara Pes, Intelligent bayesian classifiers in network intrusion detection, Proceedings of the 18th in-ternational conference on Innovations in Applied Artificial Intelligence (IEA/AIE’2005) (London, UK), Springer-Verlag, 2005, pp. 445–447.

A.M. Cansian, A.R.A. da Silva, and M. de Souza, An attack signature model to computer security intrusion detection, Proceedings of the 2002 IEEE Mil- itary Communications Conference (MILCOM) (Anaheim, CA, USA), IEEE

Press, October 2002, pp. 1368–1373.

M. Castro and B. Liskov, Practical byzantine fault tolerance, OSDI: Sym-posium on Operating Systems Design and Implementation (New Orleans, Louisiana, USA), USENIX Association, February 1999, pp. 173–186.

M. Crosbie and G. Spafford, Active defense of a computer system using au-tonomous agents, Tech. Report 95-008, COAST Group, Department of Com-puter Sciences, Purdue University, West Lafayette, IN, USA, February 1995.

Herve Debar and Benjamin Morin, Evaluation of the diagnostic capabilities of commercial intrusion detection systems, Proceedings of Recent Advances in Intrusion Detection, 5th International Symposium (RAID 2002) (Zurich, Switzerland), Springer-Verlag Heidelberg, October 2002, pp. 177–198.

The Third International Knowledge Discovery and Data Mining Tools Com-petition, KDD cup 1999 data, http://kdd.ics.uci.edu/ databases/ kddcup99/ kddcup99.html, 1999.

Stephen D. Donald, Robert V. McMillen, David K. Ford, and John C. McEachen, Therminator 2: A thermodynamics-based method for real-time patternless intrusion detection, Proceedings of IEEE Military Communications Conference (MILCOM 2002) (Anaheim, CA, USA), vol. 2, IEEE Press, October 2002, pp. 1498–1502.

M. Castro and B. Liskov, Practical byzantine fault tolerance, OSDI: Sym-posium on Operating Systems Design and Implementation (New Orleans, Louisiana, USA), USENIX Association, February 1999, pp. 173–186.

M. Crosbie and G. Spafford, Active defense of a computer system using au-tonomous agents, Tech. Report 95-008, COAST Group, Department of Com-puter Sciences, Purdue University, West Lafayette, IN, USA, February 1995.

Herve Debar and Benjamin Morin, Evaluation of the diagnostic capabilities of commercial intrusion detection systems, Proceedings of Recent Advances in Intrusion Detection, 5th International Symposium (RAID 2002) (Zurich, Switzerland), Springer-Verlag Heidelberg, October 2002, pp. 177–198.


Refbacks

  • There are currently no refbacks.