NETWORK SECURITY USINGDATA MINING CONCEPTS

ASEMINAR ON:

SUBMITTED TO:DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

INSTITUTE OF TECHNOLOGY AND MANAGEMENT, GIDA, GORAKHPUR

GUIDE: MR. NAFEES AKHTER FAROOQUI BY: JAIDEEP GHOSH

NETWORK SECURITYUSING

DATA MINING CONCEPTS

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

OUTLINEINTRODUCTIONSECURITY THREATSDATA MININGNETWORK SECURITYINTEGRATION OF DATA MINING CONCEPTS

WITH NETWORK SECURITYSYSTEM STRUCTUREADVANTAGESCONCLUSION

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

INTRODUCTION Network Security is a major part of a network that needs

to be maintained because information is being passed between computers etc. and is very vulnerable to attack.

Data Mining is the process of extraction of required/specific information from data in database.

Data mining is integrated with network security and can be used with various security tools as well as hacking tool.

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

SECURITY THREATS

TYPES OF ATTACK ON NETWORK

ACTIVE ATTACK PASSIVE ATTACK

An event which can target the security region with the intension to harm/access the system without authentication is called Security Threats.Attack is an action is taken against a target with the intension of doing harm.

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

SECURITY THREATS ACTIVE ATTACK: An active attack attempts to alter

system resources or affect their operations. PASSIVE ATTACK: A passive attack attempts to learn or

make use of information from the system but does not affects system resources.

Some other attacks are: DISTRIBUTED ATTACK INSIDER ATTACK CLOSE-IN ATTACK PHISHING ATTACK HIJACK ATTACK PASSWORD ATTACK

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

SECURITY THREATSMOST COMMON SECURITY THREATS

VIRUSES AND WORMSTROJAN HORSESSPAMPHISHINGPACKET SNIFFERSMALICIOUSLY CODED WEBSITESPASSWORD ATTACKSHARDWARE ATTACKS AND RESIDUAL DATA FRAGMENTSSHARED COMPUTERSZOMBIE COMPUTERS AND BOTNETS

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

DATA MINING Data Mining is the process of extraction of

required/specific information from data in database. Data Mining is the process of analysing data from

different perspectives and summarising it into useful information.

Data Mining is the process of finding co-relations or patterns among several fields in large relational database.

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

DATA MINING FOR NETWORK SECURITYData Mining is being applied to problems such as intrusion detection and auditing.

ANAMOLY DETECTION TECHNIQUES could be used to detect unusual patterns and behaviours.

LINK ANALYSIS may be used to trace self propagating malicious code to its authors.

CLASSIFICATION may be used to group various cyber attacks and then use the profiles to detect an attack when it occurs.

PREDICTION may be used to determine potential future attacks depending in a way on information learnt about terrorist through E-Mail and Phone conversations.

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

DATA MINING FOR INTRUSION DETECTION

An Intrusion can be defined as any set of action that attempt to compromise the integrity, confidentiality or availability of a resource.

TECHNIQUES OF IDS

Anomaly Detection System Misuse Detection System

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

DATA MINING FOR INTRUSION DETECTION

TYPES OF IDS:Host Based

Detects attacks against a single host.Distributed IDS

Detects attacks involving multiple hosts.Network Based IDS

Detects attacks from any network.

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

NETWORK SECURITY

Network Security consist of the policies adopted to prevent and monitor unauthorized access, misuse, modification or Daniel of computer networks and network accessible resources.

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

PASSWORD DISCOVERY TABLE# OF CHARACTER

POSSIBLE COMBINATION

1 36

2 1300

5 6 Crore

HUMAN COMPUTER

3 Min .000018 Sec

2 Hours .00065 Sec

10 Years 30 Sec

Possible character includes the letter A-Z and Numbers 0-9. Human discovery assumes 1 try in every second. Computer discovery assumes 1 Million tries per second. Average time assumes the password would be discovered in approximately half

the time it would take to try all possible combinations.

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

ARCHITECTURE OFDATAMINING IN ETHICAL HACKING TOOLS

DATA SOURCE 1

DATA SOURCE 2

DATA SOURCE 3

DATA WAREHOUSE

ETHICALHACKING

TOOLSETL

TOOL

Fig:1 WORKING ARCHITECTURE OF DATA MINING IN ETHICAL HACKING TOOLS

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

WORM DETECTION

Worms are self replicating program, that exploits software vulnerability on a victim or remotely infects other victims.

TYPES OF WORMS: E-mail Worms Instant Messaging Worms Internet Worms File Sharing Network Worms

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

ADVANTAGES Consumes very less time in various network tools for

decrypting password and other information. Easy to implement such system. Helps to record unwanted and unauthorized access on

any network.

INSTITUTE OF TECHNOLOGY AND MANAGEMENT

CONCLUSIONThe result of mining in network security may be to discover following type of new information.

Protection from unauthorized access. Blocking of IP in case when wrong password attempted several

times. Helps in prevention from various terrorist attacks by recording

their information. Concept can be implemented in various system like: IDS, WORM

DETECTION etc.

Helps in Brute Force attack, Password cracking etc.

THANK YOU