Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
0Activity
0 of .
Results for:
No results containing your search query
P. 1
ijnsa050305

ijnsa050305

Ratings: (0)|Views: 53|Likes:
Published by AIRCC - IJNSA
HYBRID ARCHITECTURE FOR DISTRIBUTED
INTRUSION DETECTION SYSTEM IN WIRELESS
NETWORK
HYBRID ARCHITECTURE FOR DISTRIBUTED
INTRUSION DETECTION SYSTEM IN WIRELESS
NETWORK

More info:

Categories:Types, Research
Published by: AIRCC - IJNSA on Jun 05, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/05/2013

pdf

text

original

 
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.3, May 2013
 
DOI : 10.5121/ijnsa.2013.5305 45
H
 YBRID
 A 
RCHITECTURE FOR 
D
ISTRIBUTED
I
NTRUSION
D
ETECTION
S
 YSTEM IN
 W
IRELESS
N
ETWORK 
 
Seyedeh Yasaman Rashida
1Department of Computer Engineering, Shirgah Branch, Islamic Azad UniversityShirgah, Mazandaran, Iran
s. y. rashi da@gmai l . com
 A
 BSTRACT 
 
 In order to the rapid growth of the network application, new kinds of network attacks are emergingendlessly. So it is critical to protect the networks from attackers and the Intrusion detectiontechnology becomes popular. Therefore, it is necessary that this security concern must be articulateright from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work hasbeen done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose anovel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.
 K 
 EYWORD
 
 Intrusion Detection, Agent, Architecture, Misuse detection, Signature-based 
1.
 
I
NTRODUCTION
 
With the evolution of computer networks, computer security has also revolted from securinggiant mainframes in the past to securing large scale unbounded computer networks. The needfor computer security has become even critical with the proliferation of information technologyin everyday life. The nature of threat has changed from physical in
ltration and password breaking to computer viruses, self-propagating and self-replicating worms, backdoor software,Trojan horses, script kiddies, computer criminals, terrorists and the list is long.The increase in dependability on computer systems and the corresponding risks and threats hasrevolutionized computer security technologies. New concepts and paradigms are being adopted,new tools are being invented and security conscious practices and policies are beingimplemented. There is a clear need for novel mechanisms to deal with this new level of complexity. Network intrusion-detection systems (NIDSs) are considered an effective second line of defenceagainst network-based attacks directed to computer systems [4, 3], and – due to the increasingseverity and likelihood of such attacks – are employed in almost all large-scale ITinfrastructures [2]. Intrusion Detection System (IDS) must analyse and correlate a large volumeof data collected from different critical network access points. This task requires IDS to be ableto characterize distributed patterns and to detect situations where a sequence of intrusion eventsoccurs in multiple hosts. . In this paper, we propose a novel Distributed Intrusion DetectionSystem using Multi Agent In order to decrease false alarms and manage misuse and anomalydetects.
 
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.3, May 201346
 
The rest of this paper is organized as follows: in Section 2 reviews literature of related works.Section 3 presents an architecture of our hybrid IDS; While section 4 and 5 present uniquecharacteristics and disadvantages of our hybrid IDS. In section 6, we have evaluated the performance of proposed scheme. And Section 7 and 8 concludes the paper with future researchdirections and challenges in IDS.
2.
 
R
ELATED WORKS
 
Generally, the deployment of WSN in an unattended environment and the use of wirelesssignals as the media for communication make it easy for eavesdroppers to get the signals.Moreover, the limitations in processing, storage and battery lifetime make the security issues of these networks difficult. Different types of attacks against WSN have been explored in theliterature like, attacks on sensed data, selective forwarding attacks, sinkhole attacks, helloflood attack and many more[5]. In the following we provide a review of some relevant prior work. In [6], the mobile agent based intrusion detection system were developed which uses thetrace gray technique to detect the intrusions. A proposed efficient anomaly intrusion detectionsystem in Ad-hoc by mobile agents[7] which uses the data mining algorithm to detectthe attacks exploited by the intruders. Mobile agent based intrusion detection system for MANET [9] proposed by yinan Li which uses the clustering and joint detection techniqueto identify the intruders. In [21], Focus of the paper is on the clustering WSNs, designingand deploying Cluster-based Intrusion Detection System (CIDS) on cluster-heads andWireless Sensor Network wide level Intrusion Detection System (WSNIDS) on thecentral server. In [8], intrusion detection in distributed networks is studied. They consider agent and data mining independently and their mutual benefits. M. Saiful Islam Mamun andA.F.M. Sultanul Kabir propose a hierarchical architectural design based intrusion detectionsystem that fits the current demands and restrictions of wireless ad hoc sensor network.In the proposed intrusion detection system architecture they followed clusteringmechanism to build a four level hierarchical network which enhances network scalabilityto large geographical area and use both anomaly and misuse detection techniques for intrusion detection. They introduce policy based detection mechanism as well as intrusionresponse together with GSM cell concept for intrusion detection architecture [22]. The paper [10] presents the preliminary architecture of a network level IDS. The proposed systemmonitors information in network packets and learning normal patterns and announcinganomalies. Another approach is presented in [13], in which Cooperative Security Managers(CSM) are employed to perform distributed intrusion detection that does not need a hierarchicalorganization or a central coordinator. Each CSM performs as local IDS for the host in which itis running, but can additionally exchange information with other CSMs. The architecture alsoallows for CSMs to take reactive actions when an intrusion is detected. Unclear aspects are themechanisms through which CSMs can be updated or recon
gured, and the intrusion detectionmechanisms that are used locally by each CSM.The idea of employing widely distributed elements to perform intrusion detection, by emulatingto some extent the biological immune systems, and by giving the system a sense of “self”, hasalso been explored [12].Intrusion detection is the process of monitoring and analyzing the data and events occurring in acomputer and/or network system in order to detect attacks, vulnerabilities and other security problems [16]. IDS can be classified according to data sources into host-baseddetection and network-based detection. In host-based detection, data files and OS processes of the host are directly monitored to determine exactly which host resources
 
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.3, May 201347
 
are the targets of a particular attack. In contrast, network-based detection systems monitor network traffic data using a set of sensors attached to the network to capture any maliciousactivities. Networks security problems can vary widely and can affect different security requirementsincluding authentication, integrity, authorization, and availability. Intruders can causedifferent types of attacks such as Denial of Services (DoS), scan, compromises, and worms andviruses [17, 18]. The approach for using Agents in ID that was the foundation for our work was proposed in [4, 3]. These papers introduced the idea of lightweight, independent entitiesoperating in concert for detecting anomalous activity, prior to most of the approaches mentioned previously.
3.
 
S
YSTEM
A
RCHITECTURE
 
We propose new architecture for building IDSs that uses agents as their lowest-level element for data collection and analysis and employs a structure to allow for scalability. In general, there aremainly two techniques for intrusion detections: i) misuse (signature-based) detection and ii)anomaly (behavior-based) detection [20]. In the paper, we apply both techniques. Purpose of applying both techniques is in attempting to detect any attacks or intrusions in a system. Asshown in the Fig. 1, the proposed IDS architecture consists of seven modules – Tracker,Anomaly Detection Module, Misuse Detection Module, Monitor, Signature Generator,Inference Detection Module and Countermeasure Module combining the results of the threedetection modules.
Figure1. The proposed Architecture for Intrusion Detection System

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->