Site Logo E-PROJECTTOPICS

SECURITY EXPERTS THAT NETWORK INTRUSION DETECTION SYSTEM (NIDS)


📋


Presented To


Computer Science Department

📄 Pages: 65       🧠 Words: 10111       📚 Chapters: 5 🗂️️ For: PROJECT

👁️‍🗨️️️ Views: 482      

⬇️ Download Now!

CHAPTER ONE

GENERAL INTRODUCTION

1.0       INTRODUCTION

Research works and experiments have convinced security experts that Network Intrusion Detection Systems (NIDS)alone are not capable of securing the computer networks from internal and external threats completely. (Renuka et al., 2011). An intrusion detection system (IDS) is a device or software application that monitors systems for malicious activities and policy violations and produces reports to a management station. Intrusion detection systems are primarily focused on identifying possible incidents, logging information about them and reporting attempts. Organizations use these systems for identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. The goals of intrusion detection systems are to use all available information in order to detect both attacks by external hackers and misuse by insiders. IDSs are based on the belief that an attacker's behaviour will be noticeably different from that of a legitimate user. (tzeyoung, 2009).

Intrusions can occur due to vulnerabilities in operating systems. Many common operating systems are simply not designed to operate securely. Thus, malware often is written to exploit discovered vulnerabilities in popular operating systems. Depending on the nature of the attack, many times if an operating system is compromised, it can be difficult for an IDS to recognise that the operating system is no longer legitimate. Operating Systems must be designed to better support security policies pertaining to authentication, access control and encryption. Intrusion detection uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to access the security of a computer system or network. Hackers can use malware to record keyboard strokes, then send that account and password information by hacking sites which store those details through the use of tools such as scanning tools; which they use to survey and analyse system characteristics and remote management tools; used by system's administrators to manage a network by managing and controlling systems devices from a remote location.

1.1       MOTIVATION OF STUDY

This work is motivated by the need to secure networks and system resources. Intrusion detection systems has been developed at 1980 to protect the computer from threats by monitoring and surveillance. It has been observed that network intrusion detection systems alone cannot handle both internal and external threats to computers because the number of false alarms generated by Network Intrusion Detection Systems have firewalls which also play a vital role in network security but also cannot prevent attacks from happening and computer security system still fails to secure the computer networks in case of new attacks.

The problems posed by the existing system are as follows:

  1. Network breaches occur as invalid data and TCP/IP stack attacks may cause an NIDS to crash.
  2. Local packets that escaped can create a significantly high false-alarm rate in the NIDS.
  3. NIDS requires signatures of known attacks and often fail to detect compromises that were unknown at the time it was deployed.
  4. Encrypted packets are not processed by the intrusion detection system, therefore the encrypted packet can allow an intrusion to the network that is undiscovered until more significant network intrusions have occurred.

Therefore, in order to have a better secured networking system, the honeypot system should be incorporated into networks to allow administrators monitor the behaviour of attackers closely.

1.2       AIM AND OBJECTIVES.

The aim of this work is to develop a honeypot based intrusion detection system that will enhance network security by using Adaptive Neurofuzzy Inference System.

The specific objectives are as follows:

  1. To design a virtual honeypot network consisting of a honeywall, honeyd and high interaction honeypot analysing tool in a virtualized domain.
  2. To capture, collect and analyse network data.
  3. Using the result obtained to access system and file integrity and network security.
  4. Design of a Mamdani type ANFIS for intelligent analysis of activities.
  5. To provide necessary network security measures.
  6. Implementation of the system using MATLAB tool.

1.3       METHODOLOGY

The steps necessary to achieve the objectives in section 1.2 are as follows;

  1. Review of relevant literature in network intrusion detection systems (NIDS), honeypots and adaptive neuro-fuzzy inference system.
  2. Honeypot system design and network setup in virtualized environment using VMware workstation.
  3. Intrusion into the honeypot network; using an advanced penetrating tool such as backtrack5 or kali-linux.
  4. Data control, capture and collection using liblibrary (libevent, libdnet, libpcap).
  5. Design of a Mamdani type ANFIS for intelligent analysis of activities.
  6. Implementation of the system using MATLAB tool.
  7. Result and inferences.

1.4       SCOPE OF THE STUDY

This work considers the use of honeypot as a network intrusion detection system in tracking attacker's traffic and traffic analysis using ANFIS. It does not cover other advanced features of honeypot such as load balancing. The design is basically for academic and research purposes.

1.5       ORGANIZATION OF STUDY

This work is presented in five chapters. Chapter one represents a general overview of the study and states the problems that motivates this study, the aim and objectives of the study and the methodologies employed to realise the objectives of the study.

Chapter two is summarily concerned with the review of relevant literature in network intrusion detection system, honeypot, fuzzy inference system and analysis of the existing system.

The model of the system structure and its components are presented in chapter four.

Chapter five sums up the work by presenting the summary, offering recommendations to the system and conclusion of the work.

1.6       DEFINITION OF TERMS

Intrusion Detection System (IDS): This is a device or software application that monitors network or system activities for malicious activities.

Honeypot: This is a system that is expressly setup to 'attract' and 'trap' people who attempt to penetrate other people's computer systems.

Fuzzy Logic: This is a form of many valued logic which deals with reasoning that is approximate rather than fixed and exact.

False Positive: This is an event signalling an IDS to produce an alarm when no attack has taken place.

Noise: This refers to data or interference that can trigger a false positive.

Ethernet: A physical network protocol for transmitting information across copper wires. Ethernet network segments are restricted to distances normally less than415 meters and utilize a packet oriented message transfer protocol. Ethernet is the most popular physical network topology in use today.
Event: A notification from an analyzer to the security administrator a signature has triggered. An event typically contains information about the activity that triggered the signature, as well as the specifics of the occurrence.
File assessment: A technology in which message digest hashing algorithms are used to render files and directories tamper evident.
Firewall - A computer or router (or combination thereof) configured to permit or deny specific kinds of traffic through it. Usually used to protect a network from potentially hostile outside networks; intranetwork firewalls, however are becoming more popular. Available in a variety of strengths and reliability

📄 Pages: 65       🧠 Words: 10111       📚 Chapters: 5 🗂️️ For: PROJECT

👁️‍🗨️️️ Views: 482      

⬇️ Download Now!

click on whatsapp