using genetic algorithm for network intrusion detection
DESCRIPTION
Using Genetic algorithm for Network Intrusion Detection : Genetic Algorithm IDS involves detecting the intrusion based on the log history, possible intrusions that are likely to occur. In Genetic Algorithm, each connection will be considered as a chromosome” which consists of many “genes” ( properties of the connection like : sourceIP, targetIP, port no., protocol …), One has to find the fitness value of each such chromosomes to detect intrusion.TRANSCRIPT
PROJECT SEMINARPROJECT SEMINAR
OnOn
““Network Intrusion Detection Network Intrusion Detection using Genetic Algorithmusing Genetic Algorithm” ”
Presented byPresented by
Under the Guidance ofUnder the Guidance of Coordinators Coordinators
Chakrapani D.S Chakrapani D.S [ B.E, M.tech ] [ B.E, M.tech ]
Lecturer, Dept of CSELecturer, Dept of CSEChetanChetan K. R K. R [ B.E, M.Tech ][ B.E, M.Tech ]
Sr. Lecturer , Dept of CSESr. Lecturer , Dept of CSE
Poornima K.MPoornima K.M [ B.E, M.Tech ][ B.E, M.Tech ]
Asst. Professor, Dept of CSEAsst. Professor, Dept of CSE
Jawaharlal Nehru National College of Engineering, Jawaharlal Nehru National College of Engineering, ShimogaShimoga
HITESH KUMAR. P 4JN07CS027HITESH KUMAR. P 4JN07CS027SAGAR. USAGAR. U 4JN07CS070 4JN07CS070SANDEEP TANTRY. K 4JN07CS072SANDEEP TANTRY. K 4JN07CS072SHARATH KUMAR. K 4JN07CS078SHARATH KUMAR. K 4JN07CS078
Contents1. Introduction
1.1 Introduction to Intrusion Detection System(IDS).
1.2 Introduction to genetic algorithm.
2. Problem Specification
2.1 Major problems addressed.
2.2 Challenges faced.
2.3 Scope of the project.
3. Literature Survey
3.1 Features & Technology used.
3.2 Drawbacks & Solutions.
4. System Architecture
4.1 Workflow diagrams & Modules.
Introduction to Intrusion Introduction to Intrusion Detection SystemDetection System
Intrusion.Intrusion. ExternalExternal InternalInternal
Intrusion Detection System.Intrusion Detection System. Misuse vs Anomaly.Misuse vs Anomaly. Host-based vs Network-based.Host-based vs Network-based.
IDS - one piece of the whole Security puzzle.
Lots of people use Firewall and Router logs for Intrusion
Detection .
Important Security architecture but does not solve all
your problems .
Mostly signature based .
Example (Denial of Service [ DoS ] Attack).
Introduction-Genetic Algorithm
Definition.
Background Theory.
A simple Genetic Algorithm.
StartStart
Generate Generate random random
populationpopulation
Evaluation Evaluation FunctionFunction
Optimization Optimization Criteria met?Criteria met?
Best Best IndividualsIndividuals
ResultResult
SelectionSelection
CrossoverCrossoverMutationMutation
yesyes
nono
Generate Generate a new a new PopulationPopulation
Applications.
Military
Information security in some multinational agencies.
Intrusion Prevention System.
Significance.
Network traffic analysis .
Detection of various attacks.
Major problems
Security infrastructure.
Threats originating from outside.
Support Issues (OS, Platform)
Evaluation Parameters.
Challenges
Frequency vs Difficulty level.
Hacktivists or cyber terrorists
Deployment & Myths
Using IDS in fully switched networks
Interpreting all the data being presented
Encryption, VPN, Tunnels
Performance
Response team.
Scope
Combining knowledge from different sensors into a
Standard rule base.
Local Area Security.
Security purpose in main servers across the world.
Intelligence Intrusion Detection System(IIDS) is an
ongoing Project in Mississippi University.
Literature Survey
• “The Integration of security sensors into the Intelligent Intrusion Detection System (IIDS) in a cluster environment” by Li, Wei
– In this paper the author has described the some methods to detect Intrusion in Network.
• “Network Intrusion Detection” by Stephen Northcutt, Judy Novak
– In this book the author has described some concepts related to networks and concepts related to Intrusion Detection
• “Principles of Information Security” - Michel E. Whitman and Herbert J. Mattord
– In this paper the author has described about concepts in network security completely.
• “Genetic Algorithms with Dynamic Niche Sharing for Multimodal Function Optimization.” by Miller, Brad. L. and Michael J. Shaw.
– In this paper the author has described about the concepts of Genetic algorithm and its applications (usage).
Applying Genetic Algorithm to IDS
• Genetic algorithms can be used to evolve simple rules for network traffic.
The rules stored in the rule base are usually in the following form
if { condition } then { act }
Eg. if {the connection has following information: source IP address 124.12.5.18; destination IP address:130.18.206.55; destination port number: 21; connection time: 10.1 seconds }
then {stop the connection}
Rule definition for connection and range of values of each field AttributeAttribute Range Eg. Value Descriptions Range Eg. Value Descriptions
0.0.0.0 – 255.0.0.0.0 – 255. d1.0b.**.** A subnet with d1.0b.**.** A subnet with resperespe Source IPSource IP 255.255.255 255.255.255 (209.11.??.??) -ctive range of IP (209.11.??.??) -ctive range of IP
Destination IP 0.0.0.0 – 255.Destination IP 0.0.0.0 – 255. 82.12.b*.** 82.12.b*.** A subnet with respA subnet with resp
255.255.255 255.255.255 -ective range of IP-ective range of IP Source Port no 0 - 65535Source Port no 0 - 65535 42335 42335 Source Port noSource Port no
Dest Port no 0 - 65535 00080Dest Port no 0 - 65535 00080 HTTP ServiceHTTP Service Duration 0 - 99999999 00000482 Connection Duration 0 - 99999999 00000482 Connection DurationDuration
StateState 1 – 12 1 – 12 11 11 (Internal Use)(Internal Use) ProtocolProtocol 1 – 9 1 – 9 2 2 TCP TCP ProtocolProtocol Bytes sent 0 – 9999999999 0000007320Bytes sent 0 – 9999999999 0000007320 Originator sends reOriginator sends re by Originator by Originator -spective bytes -spective bytes by Receiverby Receiver 0 – 9999999999 00000388910 – 9999999999 0000038891 Receiver receivesReceiver receives
Chromosome structure for example
( d, 1, 0, b, -1, -1, -1, -1, 8, 2, 1, 2, 1, 2, b, -1, -1, ( d, 1, 0, b, -1, -1, -1, -1, 8, 2, 1, 2, 1, 2, b, -1, -1, -1, 4, 2, 3, 3, 5, 0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 4, 8, 2, -1, 4, 2, 3, 3, 5, 0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 4, 8, 2, 1, 1, 2, 0, 0, 0, 0, 0, 0, 7, 3, 2, 0, 0, 0, 0, 0, 0, 3, 1, 1, 2, 0, 0, 0, 0, 0, 0, 7, 3, 2, 0, 0, 0, 0, 0, 0, 3, 8, 9, 1, 1 )8, 9, 1, 1 )
Drawbacks of other existing system
All the internal rules should be defined.
complex or loosely defined problems.
Monitoring systems.
Exact match for rules.
About 400 different IDS on the market-Only a few are
scalable, and easy to maintain.
System Architecture
StartStart
Generate Generate random random
populationpopulation
Evaluation Evaluation FunctionFunction
Optimization Optimization Criteria met?Criteria met?
Best Best IndividualsIndividuals
ResultResult
SelectionSelection
CrossoverCrossoverMutationMutation
yesyes
nono
Generate Generate a new a new PopulationPopulation
Data setData set Network Network sniffersniffer GAGA
Rule SetRule Set
Rule Rule BaseBase
Rule Base ModuleRule Base Module
Evaluation Function
= Outcome – Suspicious level= Outcome – Suspicious level
5757
Outcome =Outcome = Matched * Weight(i) Matched * Weight(i) i=1i=1
Fitness = 1 - PenaltyFitness = 1 - Penalty
Penalty = ( Penalty = ( * ranking ) * ranking ) 100100
Father
Mother
Crossover offspring
Point
Child 1
Child 2
Crossover
• For example,
209.103.51.134 and 101.1.25.193
209.103.25.193 and 101.1.51.134.
11 1 0 1 0 1 1 0 1 0 1 Before MutationBefore Mutation
1 0 0 0 0 11 0 0 0 0 1 After MutationAfter Mutation
MutationMutation
Preferred Language
Java
Platform
Windows
Li, Wei. 2002. “The integration of security sensors into Li, Wei. 2002. “The integration of security sensors into the Intelligent Intrusion Detection System (IIDS) in a the Intelligent Intrusion Detection System (IIDS) in a cluster environment.” Master’s Project Report. Department cluster environment.” Master’s Project Report. Department of Computer Science, Mississippi State University.of Computer Science, Mississippi State University.
Miller, Brad. L. and Michael J. Shaw. 1996. “Genetic Miller, Brad. L. and Michael J. Shaw. 1996. “Genetic Algorithms with Dynamic Niche Sharing for Multimodal Algorithms with Dynamic Niche Sharing for Multimodal Function Optimization.” Function Optimization.” In Proceedings of IEEE In Proceedings of IEEE International Conf. on Evolutionary Computation.International Conf. on Evolutionary Computation.
“ “Network Intrusion Detection” by Stephen Northcutt, Network Intrusion Detection” by Stephen Northcutt, Judy Novak ( 3Judy Novak ( 3rdrd edition). edition).
“ “Principles of Information SecurityPrinciples of Information Security” - Michel E. Whitman and ” - Michel E. Whitman and Herbert J. Mattord, (2Herbert J. Mattord, (2ndnd Edition) Edition)
REFERENCESREFERENCES
Thanking youThanking you