network security using data mining concepts
TRANSCRIPT
NETWORK SECURITY USINGDATA MINING CONCEPTS
ASEMINAR ON:
SUBMITTED TO:DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
INSTITUTE OF TECHNOLOGY AND MANAGEMENT, GIDA, GORAKHPUR
GUIDE: MR. NAFEES AKHTER FAROOQUI BY: JAIDEEP GHOSH
NETWORK SECURITYUSING
DATA MINING CONCEPTS
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
OUTLINEINTRODUCTIONSECURITY THREATSDATA MININGNETWORK SECURITYINTEGRATION OF DATA MINING CONCEPTS
WITH NETWORK SECURITYSYSTEM STRUCTUREADVANTAGESCONCLUSION
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
INTRODUCTION Network Security is a major part of a network that needs
to be maintained because information is being passed between computers etc. and is very vulnerable to attack.
Data Mining is the process of extraction of required/specific information from data in database.
Data mining is integrated with network security and can be used with various security tools as well as hacking tool.
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
SECURITY THREATS
TYPES OF ATTACK ON NETWORK
ACTIVE ATTACK PASSIVE ATTACK
An event which can target the security region with the intension to harm/access the system without authentication is called Security Threats.Attack is an action is taken against a target with the intension of doing harm.
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
SECURITY THREATS ACTIVE ATTACK: An active attack attempts to alter
system resources or affect their operations. PASSIVE ATTACK: A passive attack attempts to learn or
make use of information from the system but does not affects system resources.
Some other attacks are: DISTRIBUTED ATTACK INSIDER ATTACK CLOSE-IN ATTACK PHISHING ATTACK HIJACK ATTACK PASSWORD ATTACK
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
SECURITY THREATSMOST COMMON SECURITY THREATS
VIRUSES AND WORMSTROJAN HORSESSPAMPHISHINGPACKET SNIFFERSMALICIOUSLY CODED WEBSITESPASSWORD ATTACKSHARDWARE ATTACKS AND RESIDUAL DATA FRAGMENTSSHARED COMPUTERSZOMBIE COMPUTERS AND BOTNETS
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
DATA MINING Data Mining is the process of extraction of
required/specific information from data in database. Data Mining is the process of analysing data from
different perspectives and summarising it into useful information.
Data Mining is the process of finding co-relations or patterns among several fields in large relational database.
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
DATA MINING FOR NETWORK SECURITYData Mining is being applied to problems such as intrusion detection and auditing.
ANAMOLY DETECTION TECHNIQUES could be used to detect unusual patterns and behaviours.
LINK ANALYSIS may be used to trace self propagating malicious code to its authors.
CLASSIFICATION may be used to group various cyber attacks and then use the profiles to detect an attack when it occurs.
PREDICTION may be used to determine potential future attacks depending in a way on information learnt about terrorist through E-Mail and Phone conversations.
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
DATA MINING FOR INTRUSION DETECTION
An Intrusion can be defined as any set of action that attempt to compromise the integrity, confidentiality or availability of a resource.
TECHNIQUES OF IDS
Anomaly Detection System Misuse Detection System
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
DATA MINING FOR INTRUSION DETECTION
TYPES OF IDS:Host Based
Detects attacks against a single host.Distributed IDS
Detects attacks involving multiple hosts.Network Based IDS
Detects attacks from any network.
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
NETWORK SECURITY
Network Security consist of the policies adopted to prevent and monitor unauthorized access, misuse, modification or Daniel of computer networks and network accessible resources.
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
PASSWORD DISCOVERY TABLE# OF CHARACTER
POSSIBLE COMBINATION
1 36
2 1300
5 6 Crore
HUMAN COMPUTER
3 Min .000018 Sec
2 Hours .00065 Sec
10 Years 30 Sec
Possible character includes the letter A-Z and Numbers 0-9. Human discovery assumes 1 try in every second. Computer discovery assumes 1 Million tries per second. Average time assumes the password would be discovered in approximately half
the time it would take to try all possible combinations.
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
ARCHITECTURE OFDATAMINING IN ETHICAL HACKING TOOLS
DATA SOURCE 1
DATA SOURCE 2
DATA SOURCE 3
DATA WAREHOUSE
ETHICALHACKING
TOOLSETL
TOOL
Fig:1 WORKING ARCHITECTURE OF DATA MINING IN ETHICAL HACKING TOOLS
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
WORM DETECTION
Worms are self replicating program, that exploits software vulnerability on a victim or remotely infects other victims.
TYPES OF WORMS: E-mail Worms Instant Messaging Worms Internet Worms File Sharing Network Worms
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
ADVANTAGES Consumes very less time in various network tools for
decrypting password and other information. Easy to implement such system. Helps to record unwanted and unauthorized access on
any network.
INSTITUTE OF TECHNOLOGY AND MANAGEMENT
CONCLUSIONThe result of mining in network security may be to discover following type of new information.
Protection from unauthorized access. Blocking of IP in case when wrong password attempted several
times. Helps in prevention from various terrorist attacks by recording
their information. Concept can be implemented in various system like: IDS, WORM
DETECTION etc.
Helps in Brute Force attack, Password cracking etc.
THANK YOU