Top PDF Intrusion Detection Systems Based On Packet Sniffing

Intrusion Detection Systems Based On Packet Sniffing

Intrusion Detection Systems Based On Packet Sniffing

Abstract - In the present era of networks, security of network systems is becoming increasingly important, as more and more sensitive information is being stored and manipulated online. The paper entitled ’Packet Sniffing’ is a IDS where it monitors packets on the network wire and attempts to the discovery of hacker/cracker who is attempting to break into system. Packet Sniffing also finds the contents and tracks the data packet in the network system. This sniffing is being performed by comparing the captured packet with the intruder details stored in the database .If the packet is found to be an intruder it is then forwarded to the firewall with the respective message for blocking. The Emotional Ants module contains the sender and receiver .The sender will inform all the other Ants running in other machines about the detection of intruder through his pheromone (Messages). The receiver in Ants will listen for the messages from other Ants.
Mostrar mais

4 Ler mais

Intrusion Prevention/Intrusion Detection System (IPS/IDS) for Wifi Networks

Intrusion Prevention/Intrusion Detection System (IPS/IDS) for Wifi Networks

Network intrusion detection is described in [4], as the process of monitoring the network for the activity that may compromise the security of the area that is under surveillance, and analysing events that may indicate possible incidents. The very same source also presents the Network Intrusion Detection System (NIDS) used as a tool that provides the intrusion detection functionality by sniffing the network traffic in real-time. Such event is then logged and/or the administrator of the system is automatically notified. Except for the detection, Intrusion Detection and Prevention System (IDPS) also executes automated responses to the detected malicious behaviour. This is useful in cases when the attack against the network is carried out very quickly. Thus the IDPS has the ability to take immediate action based on a set of rules, as configured by the network administrator. These rules can be based on IP address matching, TCP
Mostrar mais

13 Ler mais

Intrusion Detection System: Security Monitoring System

Intrusion Detection System: Security Monitoring System

An intrusion detection system (IDS) is an ad hoc security solution to protect flawed computer systems. It works like a burglar alarm that goes off if someone tampers with or manages to get past other security mechanisms such as authentication mechanisms and firewalls. An Intrusion Detection System (IDS) is a device or a software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.Intrusion Detection System (IDS) has been used as a vital instrument in defending the network from this malicious or abnormal activity..In this paper we are comparing host based and network based IDS and various types of attacks possible on IDS.
Mostrar mais

5 Ler mais

A Study of Various Intrusion Detection Model Based on Data Fusion, Neural Network and D-S Theory

A Study of Various Intrusion Detection Model Based on Data Fusion, Neural Network and D-S Theory

In recent years, significant attention has been focused on multi-sensor data fusion for both military and non- military applications [4][5][7]. Data fusion techniques combine data from multiple sensors to achieve more specific inferences than could be achieved by using a single, independent sensor. Data fusion is a critical part of the NSSA. It is the process of collecting the information from multiple and possibly heterogeneous cyberspace sources and combining it in order to get a more descriptive, intuitive and meaningful result [3]. In a security system, there are multiple network security sensors, but it is often difficult to obtain a panoramic, allencompassing view of an overall situation of the security status of a complex system. This is especially true of systems that, for example, may be geographically distributed over a wide area. So it is extremely important to fuse the outputs of these sensors in an effective and intelligent manner in order to improve the robustness of the system and provide the analysts with an overall network security situation. Furthermore, multiple data sources can provide more robust performance due to the inherent redundancy. Therefore, data fusion techniques of combining data from several data sources can yield higher accuracy and robustness than that achieved by a single data source. As to fusion techniques, there are: the Bayesian theory, Neural Networks (NN), Support Vector Machines (SVMs) and so on. As a elementary research, we adopt the MLF-NN method as the fusion technique and it has the ability to deal with non-linear and multi-classification issues An MLF-NN is an information processing system that is inspired by the way biological nervous systems, such as the brain, process information. It is composed of a large number of highly interconnected processing elements (neurons) working with each other to solve specific problems. Each processing element (a neuron) is basically a summing element followed by an activation function. The output of each neuron is
Mostrar mais

7 Ler mais

Intrusion Detection and Countermeasure of Virtual Cloud Systems - State of the Art and Current Challenges

Intrusion Detection and Countermeasure of Virtual Cloud Systems - State of the Art and Current Challenges

The most common DDoS defence approaches combine elements located in the source-end and victim-end in to combine their advantages. However, the use of multiple components leads to gaps in coverage, which can be exploited. The source-end is the location from which the attack is launched; this is the best place to intercept an attack as it causes the least disruption to legitimate traffic. However, distinguishing between legitimate and malicious traffic at this point is a serious challenge. D-WARD [27] is a system that employs a firewall at the source end. It gathers 2-way statistics from the border routers. This introduces significant overhead because D-WARD is continuously monitoring and classifying traffic based on IP address, comparing statistics and applying filtering rules. The operation of D-WARD affects the speed of the entire network whether there is an attack or not. Beitollahi et al [27] suggest that there is no benefit for deploying source- end firewalls considering the overhead and performance loss they introduce. Yet, a user would not want his networks to be compromised and turned into a pad to launch further attacks. This is more critical when considered in the cloud computing paradigm, where undetected intrusion has the possibility of giving an attacker access to a far greater amount of resources than a traditional network could provide. The CSP would need to balance the the threat of becoming a source of an attack with the detriment in service provided to legitimate users.
Mostrar mais

15 Ler mais

Intrusion detection in mobile ad hoc network

Intrusion detection in mobile ad hoc network

Signature detection requires maintenance of an extensive database of attack signatures, which in the case of ad hoc network would have to be replicated among all the hosts. Every packet in a signature based approach needs to be compared with the attack signature database. This operation requires O (n) time where n is the number of signatures in the database. The signature database would generally have hundreds of attack patterns. Anomaly detection, on the other hand has fewer comparisons, typically less than twenty parameters are used. Thus it can be concluded that signature detection requires greater computational power as compared to anomaly detection. This election algorithm favors a node that has a better computational power and a better battery power as compared to other nodes in the cluster. So it is decided to run signature detection on the cluster head. For a pre-decided window of time, the cluster head will monitor each node for potential attack signatures. This is done in a round robin manner for all nodes in the cluster. The database of signatures does not need frequent updates. An update is needed only when a new attack has been discovered and its signature needs to be added to the database. The probability of update during a particular ad- hoc session is very rare.
Mostrar mais

7 Ler mais

Lightweight Intrusion Detection Scheme for Wireless Sensor Networks

Lightweight Intrusion Detection Scheme for Wireless Sensor Networks

confidentiality but also against data integrity. Several papers have presented the security attacks in WSN [3][4][5][6][7][8]. To deal with these attacks protection systems exists. Intrusion Detection Systems (IDSs) can play an important role in detecting and preventing attacks. Moreover, intrusion detection techniques must be designed to detect and prevent the execution of the most dangerous attacks. In addition, these techniques must be lightweight to suit the limited resources of WSN. Energy consumption is a very important factor in this type of network. Therefore, many researchers worked on this issue by proposing a network architecture based on clustering approach. This architecture consists of the construction of one or more (cluster) nodes in each of them a cluster head is elected, it is responsible for collecting data sent by the members of his group, aggregation and subsequently transmitting data to the base station. This architecture is designed to minimize the power consumption of the nodes, and consequently the extension of network lifetime.
Mostrar mais

8 Ler mais

An Overview on Intrusion Detection in Manet

An Overview on Intrusion Detection in Manet

Nisha Dang and Pooja Mittal [1] proposed a Cluster based intrusion detection system. This system is designed to restrict the intruder’s activities in clusters of mobile nodes. In this system each clusters each node run some detection code to detect local as well as global intrusion. In this paper, system has taken insight of intrusion detection systems and different attacks on MANET security. System proposed a generalized clustering algorithm that can run on top of any routing protocol and can monitor the intrusions constantly irrespective of the routes. Clustering scheme has been used to detect intrusions in the MANETS, resulting in high detection rates and low processing. Proposed system also detects memory overhead irrespective of the routes, connections, traffic types and mobility of nodes in the network.
Mostrar mais

4 Ler mais

Diversity management in intrusion tolerant systems

Diversity management in intrusion tolerant systems

Sousa et al. proposed a new approach to intrusion tolerant systems [58] that periodi- cally rejuvenates the replicas, to remove the effects of malicious attacks/faults. The basic idea is to perform rejuvenations sufficiently often, in order to make the attackers unable to compromise enough replicas to bring the whole system down. The system fails only if f + 1 replicas are compromised between rejuvenations. One of the contributions of this work is the proactive-reactive recovery. If one replica is faulty it can disturb the behavior of the other n-1 replicas, and there is nothing that a correct replica can do to avoid this. With proactive-reactive recovery the rejuvenation process can be accelerated by detecting the faulty replicas and forcing them to recover, without sacrificing periodic rejuvenations. The technique can only be implemented with some synchrony [60], due to the recovery trigger clocks. To overcome this limitation the authors proposed an hybrid system model: the payload is a any-synchrony subsystem, and the wormhole is a synchronous subsystem. In this work, Sousa and colleagues also made an experiment with a CIS (CRUTIAL Information Switch). The CIS is a distributed firewall [9] in which at most f replicas can suffer Byzantine failures in a given recovery period, and also at most k replicas can recover at same time. In this experiment, each wormhole subsystem is connected through a dedicated and secure control channel to the payload subsystem. A wormhole has a high precision clock to synchronize the payload recoveries. There is also a point-to- point timed reliable channel connecting to the other wormholes. The authors named this architecture as Proactive-Reactive Recovery Wormhole. It offers a service that can be called by the payload whenever there is a suspicion (or detection) of incorrect behavior by the other replicas. The interface to this service is through the two functions: W suspect(j) for crash suspicions, since it is impossible to know if a replica really crashed or if is only slow; and W detect(j) if the BFT protocols running on the payload replicas detected incorrect messages from some replica. If f + 1 replicas detected j as faulty the recovery of j occurs immediately. If f + 1 replicas suspect j as faulty, the recovery must be coordinated with periodic recoveries to guarantee a minimum of replicas to ensure system availability. The quorum of f + 1 is needed, in terms of suspicions or detections, to avoid recoveries triggered by faulty replicas. In order to schedule recoveries without harming the availability of the whole system, Sousa et al. designed an algorithm that runs in the wormhole part [58]. The algorithm is based on temporal slots that are allocated based on two variables, T P the maximum time interval between consecutive recoveries, and T D
Mostrar mais

74 Ler mais

Analysis of Freeware Hacking Toolkit

Analysis of Freeware Hacking Toolkit

Intrusion Detection Systems were developed to detect and monitor unauthorized and malicious computer network intrusions. IDS are network security monitoring tools used to check and reveal numerous variations of malicious computer network traffic otherwise called security breaches. They are basically used to find out people trying to get into networked systems. Attackers always try to sidestep any IDSs installed on a network. Hackers may use various different techniques to fool IDSs by forging data packets to make them look genuine to the IDSs. An IDS uses a system of rules to issue alerts from security events recorded. IDSs are made up of sensors to produce security events, a console to keep an eye on events and alerts. IDSs come in two main types; hostbased intrusion detection system (HIDS) and network intrusion detection system (NIDS). Some IDSs are Hybrids of these two. NIDS captures and scan data flowing on a network for malicious traffic. Snort, freely accessible at http://www.snort.org is an example of an open source NIDS (Cox and Gerg, 2004). HIDSs are installed on particular hosts and detect attacks targeted to that host only (Shinder, 2003). The following major mechanisms; Packet Decoder, Pre-processors, Detection Engine, Logging and Alerting System and Output Modules make up Snort (Rehman, 2003).
Mostrar mais

10 Ler mais

SECURITY IN VEHICULAR AD HOC NETWORK BASED ON INTRUSION DETECTION SYSTEM

SECURITY IN VEHICULAR AD HOC NETWORK BASED ON INTRUSION DETECTION SYSTEM

In the current technology, the industry and academic research community focus on vehicular networking which has gained a lot of popularity. This concept may be used to provide safety to the transportations systems in an efficient way. Vehicular Ad Hoc Networks (VANET) was created in October 2002 by the Federal Communications Commission (FCC). The aim of its creation was to improve safety on the roads and transportations. The VANET belongs to the customized version of IEEE 802.11, namely IEEE 802.11p. Vehicular ad hoc network is a special form of MANET which is a vehicle to vehicle and vehicle roadside wireless communication network. It is also called as a subclass of MANET. In a typical VANET environment, we assume that each vehicle consists of an On-Board Unit (OBU) and a Road-Side Unit (RSU) installed along the roads. A protocol is used to communicate between OBUs and RSUs, called Dedicated Short Range
Mostrar mais

10 Ler mais

Combining MLP and Using Decision Tree in Order to Detect the Intrusion into Computer Networks

Combining MLP and Using Decision Tree in Order to Detect the Intrusion into Computer Networks

The security of computer networks has an important role in computer systems. The increasing use of computer networks results in penetration and destruction of systems by system operations. So, in order to keep the systems away from these hazards, it is essential to use the intrusion detection system (IDS). This intrusion detection is done in order to detect the illicit use and misuse and to avoid damages to the systems and computer networks by both the external and internal intruders. Intrusion detection system based on the combination of experts has been offered using MLP neural networks with the aid of a mediator expert which is applied by Decision Tree. The offered method has been tested using KDDCup99 dataset. The results show the increase in attack detection precision. Also, using this method has a high output considering the previous methods in detecting R2L attacks which have few pedagogical samples.
Mostrar mais

17 Ler mais

Intrusion detection based on behavioral rules for the bytes of the headers of the data units in IP networks

Intrusion detection based on behavioral rules for the bytes of the headers of the data units in IP networks

3. Niksums NetDetector is an application for network security monitoring. NetDetector inte- grates signature-based IDS methods with statistical anomaly detection methods, analytic and deep forensics with web reconstruction and packet level decoding. It provides deep extraction of contents from network packets, fast mining and reconstruction of the widest range of specific contents such as voice, video, web, Instant Messaging (IM), File Transfer Protocol (FTP), emails, images, etc., and aims to make the mitigation of the root causes of security breaches as fast as possible. NetDetector simultaneously captures, inspects, mines, correlates, and stores every packet traversing the network at multi-gigabit rates, using both anomaly and signature-based approaches, while time stamping, linking, and indexing each packet to a unique user. Against disguised attack attempts, NetDetector implements a Dynamic Application Recognition (DAR) using DPI mechanisms, which recog- nizes malicious payloads on the packets [Nika, Nikb].
Mostrar mais

82 Ler mais

Intrusion Detection in Wireless Body Sensor Networks

Intrusion Detection in Wireless Body Sensor Networks

Wireless sensor network (WSN) consists in utilizing homo- geneous or heterogeneous sensor nodes, capable of communi- cating wirelessly in order to forward packets to a centralized base station [1]. A sensor nodes can be either static or dynamic dependently on the application in use [2][3]. In fact, the type of application defines as well the rhythm of data collection which can be performed periodically or upon occurrence of an event. A set of biosensors deployed or implanted in the human body constitutes a subtype of WSN named Wireless Body Area Networks (WBANs) also known as Wireless Body Sensor Networks (WBSNs).The main purpose of this type of network is to measure physiological parameters and for- ward it to the local base station (PDA), which handles the retransmission of data packets to medical centers for analysis and treatment. WBAN has many constraints inherited from Adhoc networks such as: limited energy resource, reduced memory size, small transmission power etc. The biosensor is low-powered devices with miniaturized size that are able to detect medical signal such as: electroencephalography (EEG), electrocardiogram (ECG), blood pressure, insulin etc...(See Fig.1).There exist a various types of monitoring systems being currently used in medical applications. Most of them are based on wired connection which restricts the mobility of the patient [4][5]. To this end, WBAN requires wireless sensor devices communicating wirelessly to a control unit followed with a remote healthcare centers for diagnostic purposes [6][7]. The remainder of this paper is organized as follows: In Section 2, we presented the IEEE 802.15.6 standard. Our proposed intrusion detection schema for 802.15.6 standard was presented in Section 3. The simulation results are depicted and analyzed
Mostrar mais

6 Ler mais

Feature Extraction based Approaches for Improving the Performance of Intrusion Detection Systems

Feature Extraction based Approaches for Improving the Performance of Intrusion Detection Systems

nformation and communication technology (ICT) has become an indispensable part of human life based on well-built infrastructure. No matter government, business or a variety of academic, medical, and other organizations, they increasingly rely on ICT. But, it also brings lots of security problems and crisis. Lots of network attack tools can easily be found and downloaded on the Internet. Through a variety of network vulnerabilities and continuously developed new attack techniques and tools, it leads to cyber-attacks continue to evolve. So, this problem cannot be underestimated (Feng et al, 2014; Hubballi and Suryanarayanan, 2014; Govindarajan and Chandrasekaran, 2012).
Mostrar mais

6 Ler mais

Advanced persistent threats

Advanced persistent threats

Despite their huge rate of false positives and the never ending amount of logs, anomaly based intrusion detection systems could be of help in preventing novel attacks [111], with some researchers using them to try and predict a compromise [77] but as we have seen before, they have problems in their basic assumptions. Another problem that remains even with all this technology is insider attacks, specifically intentional ones (uninten- tional insider threats happen when people unknowingly fall for a phishing attack). Some frameworks have been proposed to detect insider attacks [70, 120, 87, 108], but employ- ers should be alert, conduct proper interviews, both in hiring and on contract termination, as well as background checks. Administrators should also make sure that the principle of least privilege 2 is enforced by security policies and they should have continued training, especially in log analysis. It is important, against APT attacks, that administrators are ex- perienced in analysing logs and do it regularly since one unknown infection in the network can propagate and cause more damage, [88] proposed a search engine to discover other victims inside a network during an APT investigation based on attributes acquired from a known APT victim. Finally, and the best overall defence strategy, pioneered by Lockheed Martin in 2011, the Intelligence driven defence [62], a defence framework informed by adversary campaigns and intrusion kill-chains. As stated by the Intelligence and National Security Alliance [9]: ”A kill chain is a sequence of activities and overall operations that a threat vector must traverse in order to cause an effect. If the sequence can be interrupted or defeated at any point, the threat actor cannot inflict the effect that he intends”, i.e., not only we should think like an attacker and try to predict what they will do next, we should
Mostrar mais

94 Ler mais

Cognitive Approach Based User Node Activity Monitoring for Intrusion Detection in Wireless Networks

Cognitive Approach Based User Node Activity Monitoring for Intrusion Detection in Wireless Networks

College of Engineering. He received his Masters degree in Computer Science and Automation from Indian Institute of Science Bangalore. He was awarded Ph.D. in Economics from Bangalore University and Ph.D. in Computer Science from Indian Institute of Technology, Madras. He has a distinguished academic career and has degrees in Electronics, Economics, Law, Business Finance, Public Relations, Communications, Industrial Relations, Computer Science and Journalism. He has authored 31 books on Computer Science and Economics, which include Petrodollar and the World Economy, C Aptitude, Mastering C, Microprocessor Programming, Mastering C++ and Digital Circuits and Systems etc.. During his three decades of service at UVCE he has over 250 research papers to his credit. His research interests include Computer Networks, Wireless Sensor Networks, Parallel and Distributed Systems, Digital Signal Processing and Data Mining.
Mostrar mais

8 Ler mais

Secured UAV based on multi-agent systems and embedded Intrusion Detection and Prevention Systems

Secured UAV based on multi-agent systems and embedded Intrusion Detection and Prevention Systems

The main goal of the project is to create a secure UAV (Unmanned Aerial Vehicle), stable and efficient, operating in several modes: full autonomy (Autopilot), partial autonomy (planning instant flight) or instant driving.The UAV includes a set of features and equipment, enabling it to undertake different kind of tasks like flying in tactical or strategic objective, recognition, monitoring objectives or inspection. Furthermore, our drone must be secured against all types of attacks that may arise. However, some security techniques do not translate well to embedded systems, where constraints such as low-power, low-memory, and real-time operations may impact the computational capability of the system. The need to secure systems that express complex logic is well understood and presents many challenges –strict timing requirement, computational and storage limitation, adaptability and ubiquitous presence. Our security model is characterized by its board and lightweight nature insofar as it helps to ensure a level of security - confidentiality, integrity and availability- without soliciting too many computational resources.Existing intrusion detection and prevention systems undergo the following problems: intrusion detection system cannot detect and block all the malicious traffic; signature database are not updated on a regular basis; different intrusion detection and prevention systems are not interoperable; and most of all they are not suitable to protect embedded systems because due to structural problems, in other aspects of the architectures can not meet the strict timing and restriction in resources. In this paper, we present a modular and extensible approach to building a system helps solve the complex problems in an embedded intrusion and detection system. It divides the problem into the aspects of information gathering, pre-processing and classification, analysing and configuration. Lightweight agents have been developed to retrieve information from the ground control station, classify and analyse the data and prevents threats, and stores the logs into a database. We also demonstrate how dynamic agents provides a convenient mechanism for extending existing objects and allows us to quickly add new features to the system.
Mostrar mais

5 Ler mais

Diverse Intrusion-tolerant Systems

Diverse Intrusion-tolerant Systems

Firewalls are used as the primary protection against external threats, controlling the traffic that flows in and out of a network. Typically, they decide if a packet should go through (or be dropped) based on the analysis of its contents. Most generic firewall solutions suffer from two inherent problems: First, they have vulnerabilities as any other system, and as a consequence, they can also be the target of attacks. For example, NVD shows that many security issues have been observed in commonly used firewalls. The following numbers of security issues are reported by NVD for the interval between 2010 and 2018: 3 205 for the Cisco Adaptive Security Appliance; 123 in Juniper Networks solutions; and 50 related to iptables/netfilter. Moreovoer, common protection solutions often have been the target of malicious actions as part of a wider scale attack (e.g., anti-virus software [34], Intrusion Detection System (IDS) [7] or firewalls [37, 38, 97, 175]). Second, firewalls are typically a single point of failure, which means that when they crash, the ability of the protected system to communicate may be compromised, at least momentarily. Therefore, ensuring the correct operation of the firewall under a wide range of failure scenarios becomes imperative. In the last decade, several significant advances occurred in the development of intrusion-tolerant systems. However, to the best of our knowledge, very few works proposed intrusion-tolerant protection devices, such as firewalls. Performance reasons might explain this gap, as BFT replication protocols are usually associated with significant overheads and limited scalability. Additionally, achieving complete transparency to the rest of the system can be challenging to reconcile with the objective of having fast message filtering under attack.
Mostrar mais

167 Ler mais

A Microcontroller Based Car-Safety System Implementing Drowsiness Detection And Vehicle-Vehicle Distance Detection In Parallel.

A Microcontroller Based Car-Safety System Implementing Drowsiness Detection And Vehicle-Vehicle Distance Detection In Parallel.

Abstract: Accidents due to drowsiness can be controlled and prevented with the help of eye blink sensor using IR rays. It consists of IR transmitter and an IR receiver. The transmitter transmits IR rays into the eye. If the eye is shut, then the output is high. If the eye is open, then the output is low. This output is interfaced with an alarm inside and outside the vehicle. This module can be connected to the braking system of the vehicle and can be used to reduce the speed of the vehicle. The alarm inside the vehicle will go on for a period of time until the driver is back to his senses. If the driver is unable to take control of the vehicle after that stipulated amount of time, then the alarm outside the vehicle will go on to warn and tell others to help the driver.
Mostrar mais

3 Ler mais

Show all 10000 documents...