ABSTRACT:
Attacks on the internet keep on increasing and it causes harm to our security system. In order
to minimize these threats, It is necessary to have a security system that has the ability to
detect these attacks and analyze them. This is where an intrusion detection system comes into
the picture. Intrusion detection system (IDS) monitors and collects data from a target system
that should be protected, processes and correlates the gathered initiates responses when
evidence of an intrusion is detected We need to suggest a proactive technique that helps to
monitor and take necessary action depending upon the behavior of the network. Our main
goal is to detect a method to protect our data from malicious activity.
Keywords: Intrusion, Intrusion Detection System, Attack, Wormhole Attack, Blackhole
Attack.
INTRODUCTION:
An Intrusion Detection System (IDS) monitors and collects data from a target system that should be protected, processes and correlates the gathered information, and initiates responses when evidence of an intrusion is detected. Depending on their source of information input, IDSs can be classified into Host-based Intrusion Detection System (HIDS), Networkbased Intrusion Detection System (NIDS) and Hybrid Intrusion Detection System. Networkbased intrusion detection system collects input data by monitoring network traffic. Hostbased intrusion detection system collects input data from the host it monitors. Hybrid Intrusion detection system collects input data from both of network traffic and hosts its monitors. “Anomaly” detection and “Misuse” detection are two main techniques that HIDS use. Anomaly detection refers to intrusions that can be detected based on anomalous behaviour and use of computer resources. Anomaly detection usually uses methods of statistical analysis methodology, artificial neural network technology, data mining technology, an artificial immune technology. Misuse intrusion detection refers to the detection of intrusions by precisely defining them ahead of time and watching for their
occurrences. Misuse intrusion detection usually use methods of expert system, TCP/IP protocol analysis, and pattern matching. In this paper, we designed and implemented a hostbased intrusion detection system, which uses pattern matching and BP neural network as its detection methods. Firstly, the HIDS uses log files as its primary sources of information, and through three steps of pre-decoding log file, decoding log file, and analysis log file, it can effectively identify various intrusions. Secondly, based on BP neural network analysis technology and through establishment of system behaviour characteristics profile in advance, the HIDS can identify intrusions by comparison with threshold. Experiment results show that
the HIDS can effectively improve the efficiency and accuracy of intrusion detection.In an increasingly interconnected environment, information is exposed to a wide range of variety of risks. So we have to provide security to the information. Information security is not all about securing information from unauthorized access, it is basically the practice of preventing unauthorized access, use, disclosure, modification. Implementing, maintaining and updating information security in an organization becomes a challenge. We need information security to reduce the risk to a level that is acceptable to the business. The proposed system mainly protects the information from unauthorized access. It protects the information from modification and destruction. The objectives of Information Security are CIA (confidentiality, integrity, availability). Information that is provided can be in any form. Information from social media, data on your laptops or computers, etc. are examples of information security.
Any malicious activity present in a system or in a network can be detected by an Intrusion Detection System. Set of rules are defined to prevent the intrusion with the help of IDS.
This set of rules generates alert messages or signals while detecting the intrusion in a system or a network. IDS is mainly classified into Host-Based Intrusion Detection System (HIDS), Network Intrusion Detection System (NIDS) based on the type of the systems the IDS protects. Signature Based Intrusion Detection System, Anomaly Based Intrusion Detection System are classified based on the method of working. HIDS analyses the incoming and outgoing packets from a system. This also monitors the operating system of the computer.
NIDS monitors traffic on an individual network by continuously performing traffic analysis and then comparing it with detected or known attacks in the library. However IDS monitors mischievous activities, they might also generate False Alarms. Therefore the rate of False Alarms should be less when an IDS is implemented. Detection of an intrusion starts where the firewall ends. Preventing unauthorized access is not in our hands. An intruder never leaves an opportunity to intrude into the network and cause damage to others information which leads to no privacy. These attacks are being increased every day.Thus an intrusion detection system is needed to avoid such attacks. Many types of attacks can be detected with this intrusion detection system hence an intrusion detection system that has been designed or implemented needs to work efficiently to detect the attacks. Log files record the behaviour of the computer system and aim at recording the action of the operating system, applications, and use behaviours. Log file is widely used for system debugging, monitoring, and security detection. Log system is particularly important in intrusion detection and log file analysis tools have become an indispensable tool for daily inspection and maintenance of the system running. In general, log analysis-based HIDS
includes the following several parts: collection of log file data, pre recording of log file, decoding of log file, analysis of log file and report events.
The HIDS combines two approaches of misuse detection and anomaly detection.Monitoring the log file, once the log changes, log monitor will send events to the log analyser immediately. Generally, we need to monitor three kinds of event logs: application log,security log and system log. We can add three XML nodes in the following configuration file.The node “local file” represents the local file when system initialization. The node “location” represents the file pathing the disk. The node “log format” represents what type of the log. Log type includes event log, firewall log, SQL log and so on. In this way, when initializing the HIDS, it will automatically load the above log files that need to be monitored. When
finished the initialization work, the HIDS will open a demon, and the demon will check every log file to find whether there are changes in the log file. If there really exists change, then the demon will report to the log.