NETWORK INTRUSION DETECTION NETWORK INTRUSION DETECTION SYSTEM SYSTEMUSING USING

GENETIC ALGORITHMGENETIC ALGORITHM

By:By:

S.MounikaS.Mounika

III-MCA(V-SEMIII-MCA(V-SEM))

091FD01036091FD01036

ABSTRACTABSTRACT

The Project “Network Intrusion Detection Systems Using Genetic Algorithm” contains a brief overview of Intrusion Detection System (IDS), Genetic Algorithm (GA), and related detection techniques. This is helpful for identification of complex anomalous behaviors.

EXISTING SYSTEMEXISTING SYSTEM

The rules in the dataset are static unless the network administrator manually enters the rules. It does not provide any option for generating dynamic rule set. It requires manual energy to monitor the Inflowing packets and analyze their behavior .

DISADVANTAGESDISADVANTAGES

They are complexThey are rules dependentThey are manual.It cannot take decisions in runtime.It cannot create its own rule depending on the

current situation.

PROPOSED SYSTEMPROPOSED SYSTEM

It is an artificial intelligence based problem-solving system. It includes both temporal and spatial information of the network traffic in the rule set.

ADVANTGESADVANTGES

It eliminates the need for an attack to be previously known to be detected because malicious behavior is different from normal behavior by nature.

It generates its own rules depending on the real-time behavior of the packet.

Using a generalized behavioral model is theoretically more accurate, efficient and easier to maintain.

• Processor : Intel Pentium III or above

• Memory : 128 MB or above

• Hard Disk Drive : 10 GB or above

Hardware RequirementsHardware Requirements

Software Requirements• OS Platform : Windows xp

• Software : JDK1.4.2 or later versions

Architectural Design

SOURCE

PASESR HOPCOUNT

IDS

CHROMOSOME CONVERT

GENETICRESTRICTED

USERS

ANOMOLOUSDATASET

NORMALDATASET

RULEGENERATION

DECISION

ModulesModules

• Client’s Communication

• IDS implementation

• Chromosome Conversion

• Implementation of Genetic Algorithm

• Creating rules in Dataset

Clients CommunicationClients Communication

This module is responsible for the client side communication system interface. It is used to communicate between the source and the destination. It receives the destination address, source address and the inflowing port no and binds them into a packet.

IDS ImplementationIDS Implementation

This is the server side interface which is preset

in the server system and is solely under the control of the administrator. Any transaction in the network will be monitored by the Server.

It sends each and every Inflowing packets header information’s to the chromo convert module and then receives the converted real-time Chromosomes. If the particular chromosomes matches with the rules provided in the rule set, it takes the decision of whether allow or block depending on which rule set it matches.

Chromosome ConversionChromosome Conversion

The collected attributes are converted into Chromosomes within the range and in the same behavior.

The process of a genetic algorithm usually begins with a randomly selected population of chromosomes. These chromosomes are representations of the problem to be solved.

. These positions are sometimes referred to as genes and are

changed randomly within a range during evolution.

The set of chromosomes during a stage of evolution are called a population.

Genetic AlgorithmGenetic Algorithm

The Genetic Algorithm is implemented, for selecting the best rule for matching with the connection.

During evaluation, the selection of chromosomes for survival and combination is biased towards the fittest chromosomes.

The Genetic Algorithm has 3 operations

1. Selection 2. Recombination 3. Mutation

Structure of GAStructure of GA

Basic Steps of Genetic Algorithm

1.Randomly create a population of individuals.

2. Evaluate the population to see which individuals will contribute the next generation.

3. To alter the new generation of individuals once they have been paired off.

4. To discard the old population and perform step two on the new population.

Source Destination

Sniffer ChromConvert

Chromosomes

GeneticAlgorithm Data Set

Decision taken byGenetic Algorithm

Router

PassingSystem

PassingSystem

PassingSystem

DATAFLOWDIAGRAM

Found Bad User Found Good User

SendsData

Hop Count

Finalize

Result

Check

ConvertedChromosomes

Real Time

Behavior

Monitors the connection

Client IDSChromoConverter

Genetic Algorithm

Generate DataSet

DataSet

NewRules

Packet Chromosomes Input

Data

Check in DataSet

DATA FLOW

DesignDesign

UseCase Diagram

Passer

ChromoConverter

Hopcount

Destination

Genetic Algorithm

extends

include

source

Enters data

extendsextends

Anomal DataNormalData

Usecase Diagram To Enter Usecase Diagram To Enter RulesRules

Anamoly

Normal

Restrict useradministrator

New entry

extends

extends

extends

gives information

Activity DiagramActivity DiagramClientlogin

EntersHop count

Enters into Chromoconverter

Decision taken by GA

Checks in dataset

message sent

found an intruder

[ yes ]

[ no ]

: SenderSystem Hopcount IDS Dataset

: Receiver

Check the availability of the user

Created rules are added in the dataset

Enter sys. addr., port no and msgcheck sys. addr., port no

Ask Inter Sys. no. and names

Enter Inter Sys no. and name

Check Sys. no. and name

Invalid System No. and name

New rules are created

Restricted User

Message Send

Sequence DiagramSequence Diagram

Output ScreensOutput Screens

New EntryNew Entry

To Enter AnomalDataSetTo Enter AnomalDataSet

To Enter Normal datasetTo Enter Normal dataset

Connecting To ServerConnecting To Server

Enter the Data into the client windowEnter the Data into the client window

Entering hopcountEntering hopcount

Message is sent to destinationMessage is sent to destination

Enter the hopcountEnter the hopcount

Found an intruderFound an intruder

Server sideServer side

Client sideClient side

ConclusionConclusion• We discussed a methodology of applying genetic algorithm

into network intrusion detection.

• This implementation of genetic algorithm is more helpful for identification of network anomalous behaviors.

• Future work includes creating a standard test data set for the genetic algorithm proposed in this paper and applying it to a test environment.

• Detailed specification of parameters to consider for genetic algorithm should be determined during the experiments.

THANK YOUTHANK YOU