Preventing Network From Intrusive Attack Using Artificial Neural Networks

With the growth of computer networking, electronic commerce, and web services, security of networking systems has become very important. Many companies now rely on web services as a major source of revenue. Computer hacking poses significant problems to these companies, as distributed attacks can render their cyberstorefront inoperable for long periods of time. This happens so often, that an entire area of research, called Intrusion Detection, is devoted to detecting this activity. We show that evidence of many of these attacks can be found by a careful analysis of network data. We also illustrate that neural networks can efficiently detect this activity. We test our systems against denial of service attacks, distributed denial of service attacks, and port scans. In this work, we explore network based intrusion detection using classifying, self-organizing maps for data clustering and MLP neural networks for detection. Keywords— NIDS,HIDS,Information Gain. I.INTRODUCTION Intrusion Detection attempts to detect computer attacks by examining data records observed by processes on the same network. These attacks are typically split into two categories, host-based attacks and network-based attacks. Host-based attack detection routines normally use system call data from an audit-process that tracks all system calls made on behalf of each user on a particular machine. These audit processes usually run on each monitored machine. Network-based attack detection routines typically use network traffic data from a network packet sniffer (e.g., tcpdump). Many computer networks, including the widely accepted Ethernet (IEEE 802.3) network, use a shared medium for communication. Therefore, the packet sniffer only needs to be on the same shared subnet as the monitored machines. We believe that denial of service and other network-based attacks leave a faint trace of their presence in the network traffic data. Ours is an anomaly detection system that detects network-based attacks by carefully analyzing this network traffic data and alerting administrators to abnormal traffic trends. It has been shown that network traffic can be efficiently modeled using artificial neural networks. Intrusion detection is the first step for defending against attacks. Attack alarms from IDSs are usually reported to auto-response systems or security staff for automatic or manual appropriate response actions according to the specific attacks. Identifying attacks in real-time is therefore crucial for taking appropriate response actions as soon as possible before substantial damage is done. However, nearly all the current anomaly detection methods can only detect network behavior as normal or abnormal but cannot identify the type of attack. Relying on current anomaly detection systems, therefore, is not adequate for real-time effective intrusion prevention. On the other hand, most current intrusion detection methods lack the capacity of real-time processing large amounts of typically high dimensional audit data produced during daily operation in a computer system. In experiments carried out by MIT Lincoln Lab for the 1998 DARPA evaluation , for example, network traffic over 7 weeks contains four gigabytes of compressed binary tcpdump data which were processed into about five million connection records. Processing a large amount of audit data in real-time is therefore essential for a practical IDS so that actions for response can be taken as soon as possible. II.EXISTING SYSTEM A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions. V.Sivakumar, T.Yoganandh, R.Mohan Das / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 2,Mar-Apr 2012, pp.370-373 371 | P a g e 1. Firewalls evolve due to cracker's ability to circumvent those increases. 2. "Always on" connections created by Cable and DSL connections create major problems for firewalls. This can be compared to leaving your car running with the keys in it and the doors unlocked which a thief may interpret as an invitation to "Please steal me". 3. Firewalls cannot protect you from internal sabotage within a network or from allowing other user’s access to your PC. 4. Firewalls cannot edit indecent material like pornography, violence, drugs and bad language. This would require you to adjust your browser security options or purchase special software to monitor your children's Internet activity. 5. Firewalls offer weak defense from viruses so antiviral software and an IDS (intrusion detection system) which protects against Trojans and port scans should also complement your firewall in the layering defense. 6. Some firewalls claim full firewall capability when it's not the case. Not all firewalls are created equally or offer the same protection so it's up to the user to do their homework. 7. Cost varies. There are some great free firewalls available to the PC User but there are also a few highly recommended products, which can only be purchased. The difference may be just the amount of support or features that a User can get from a free product as opposed to a paid one and how much support that user thinks he or she will require. 8. A firewall protection is limited once you have an allowable connection open. This is where another program should be in place to catch Trojan horse viruses trying to enter your computer as unassuming normal traffic. 9. There have been claims made by IDS (Intrusion Detection System) companies where Trojan's were detected such as the RuX FireCracker v 2.0 which disabled certain Firewalls programs thus leaving the PC vulnerable to malicious actions. III.PROPOSED SYSTEM An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IPSec for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IPSec have become a necessary addition to the security infrastructure of nearly every organization. For the purpose of dealing with IT, there are two main types of IDS: Network intrusion detection system (NIDS) Is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Network intrusion detection systems gain access to network traffic by connecting to a network hub, network switch configured for port mirroring, or network tap. In a NIDS, sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. Sensors capture all network traffic and analyze the content of individual packets for malicious traffic. Host-based intrusion detection system (HIDS) It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, filesystem modifications (binaries, password files, capability databases, Access control lists, etc.) and other host activities and state. In a HIDS, sensors usually consist of a software agent. Some application-based IDS are also part of this

[1]  Alex Aussem,et al.  Queueing network modelling with distributed neural networks for service quality estimation in B-ISDN networks , 2000, Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium.