VSRD International Journal of Computer Science & Information Technology, Vol. 2 No. 12 December 2012 ISSN No. 2231-2471 (Online), 2319-2224 (Print) © VSRD International Journals : www.vsrdjournals.com
/ 930
RESEARCH ARTICLE
IMPACT OF PROTOCOL BEHAVIOR ON INTRUSION DETECTION SYSTEM 1Ashish
Kr. Chakraverti*, 2K.P. Yadav and 3Sugandha Chakraverti
1Research
Scholar, Department of Computer Science, CMJ University, Shillong, Meghalaya, INDIA. 2Professor, Department of Computer Science & Engineering, SIET, Ghaziabad, Uttar Pradesh, INDIA. 3Assistant Professor, Department of Computer Science & Engineering, BBDIT, Ghaziabad, Uttar Pradesh, INDIA. *Corresponding Author :
[email protected]
ABSTRACT This paper present the comparative study about the impact of protocol behavior on data transmission over networks and how its affect the intrusion detection system positively or negatively. After the comparative study this paper also illustrates an intelligent intrusion detection system (I-IDS) for use within an embedded device network consisting of interconnected agents. Integral behavior types are categorized by focusing primarily on inter-device requests and actions rather than at a packet or link level. Machine learning techniques use these observed behavioral actions to track devices which deviate from normal protocol. Deviant behavior can be analyzed and flagged, enabling interconnected agents to identify an intruder based upon the historical distribution of behavioral data that is accumulated about the possible deviant agent. Simulation results from the prototype system correlate detection accuracy with a tunable input tolerance factor. Keywords : I-IDS, Protocol, Embedded Device Network, Agents.
1. INTRODUCTION Network Security is an important field of Computer Science. With the emergence of the Internet as a medium for wide-scale exchanges of sensitive information and financial transactions, maintaining the security and integrity of messages sent over public networks is very important. Our research combines two common security technologies to provide protection for electronic information exchange over public networks. In the practices of traditional information security, methods of authentication and integrity protection continue to dominate as principal means of protecting sensitive and dynamic information from nonrelevant parties. Such methods are proven in reliability and practical security for a vast majority of information transactions taking place at all times in most data driven environments. Yet these methods are somewhat limited in their scope and flexibility, and especially limited in their ability to provide dynamic security support to interconnected parties – not because of issues in theory or implementation, but rather in the way that security is defined within the contexts of such theory and implementation. Commonly used key exchange protocols, (e.g. RSA), encryption standards, (e.g. 3- DES, AES), and digital signature methods, (e.g. GnuPG) all provide a static framework that establish security and then rely on a continuous point of trust that said security will continue to be unaffected in all aspects of subsequent data exchange [14]. The reality of such situations indicates that encryption and authentication can be breached due to their points of trust and possible further assumptions that once a source
has been authenticated, it is secure. This leads to the need for intrusion detection, capable of determining if authenticity or integrity has been compromised in such a way that the static security methods are unable to compensate or identify. One solution to this dilemma is intelligent intrusion detection which promises methods to protect and secure networks from dynamic threats. Current work on intelligent intrusion detection systems (IDSs) involves a number of approaches. These include fuzzy intrusion classifiers [5] which apply heuristic learning to create “fuzzy” rules for data being transmitted, “hybrid” approaches utilizing a fuzzy intrusion classifier along with neural networks [6] and further methods involving rules derived from AI data mining [7]. This paper attempts to shift the discussion away from general-purpose intrusion detection within the realm of standard TCP/IP-based networks and their associated switching and routing equipment to the paradigm of embedded devices. Such device networks can range in type and complexity while encompassing a wide variety of applications, from portable music players sharing media in a social setting, to autonomous aircraft networks, relaying information on relative position, speed and attitude to nearby aircraft [8-9]. The goal of this research is to create an intelligent intrusion detection system that can be applied to embedded applications to provide intelligent IDS functionality that is independent in design to the target application, yet capable of adapting to the target application environment. Ideally, the proposed mechanism would provide a “system-on-achip” solution which could be implemented in new or
