Bogdan Ivascu, SSA

About the paper

ACO based Distributed Intrusion Detection System Authors: S. Janakiraman1, V. Vasudevan2
 1 PSR

Engineering College, Sivakasi, India  2 A.K. College of Engineering, Krishnankoil, India

International Journal of Digital Content Technology and its Applications, Volume 3, Number 1, March 2009

Contents      Intrusion detection Distributed Intrusion Detection Systems ACO algorithm Experimental results Conclusions .

Intrusion detection (1)  Problem: exposing sensitive information to intruders  compromise confidentiality  denial of resources  unauthorized use of resources  Solution: Intrusion Detection Systems (IDS)  identifies all possible intrusions and recommends actions to stop the attacks .

Intrusion detection (2)  Techniques in traditional IDS  log files  network traffic  Must develop fast machine learning based intrusion detection algorithms  high detection rates  low false alarm rates  Ideal response: stop the activity .

Intrusion detection (3) .

IDS Classification (1)  Misuse intrusion detection  uses signatures or rules that describe undesirable events  perform some action when the pattern matches an event or data  Anomaly intrusion detection  detect general misuse and attacks for which no signature exists  constructs a model according to the statical knowledge about the normal activity .

file-system modifications etc. . application logs.IDS Classification (2)  Network-based system (NIDS)  individual packets flowing through a network are analyzed  are placed at a strategic points within the network to monitor traffic to and from all devices  Host-based system (HIDS)  examines all the activity on each individual computer (host)  analyzes host activities: system calls.

logs the information and signal an alert  alerts are sent to the administrator and it is up to them to take action  Reactive system  IDS respond to the suspicious activity  log off a user  reprogram the firewall to block network traffic from the suspected malicious source .IDS Classification (3)  Passive system  detect a potential security breach.

IDS Requirements            Adaptability Concurrency Efficiency and Reliability Escalating Behavior Extensibility Flexibility Manual Control Recognition Resistance to compromise Software Response Scalability .

Distributed Intrusion Detection Systems .

Communication architecture .

On the way ants deposit pheromone to mark the route taken. . The concentration of pheromone on a certain path is an indication of the path’s length.Ant Colony Optimization (1)     Ants are capable of finding the shortest path from a food source to their nest. They are adaptive to changes in the environment for finding a new shortest path once the old path is no longer feasible.

Ant Colony Optimization (2)  Route selection .

ACO Algorithm input: an instance x of a Combinatorial Optimization problem while termination conditions not met do Schedule Activities Ant based Solution Construction() Pheromone Update() Daemon Actions() end Schedule Activities Sbest← best solution in the population of solutions end while output: Sbest . candidate to optimal solution for x .

protocol. source port.Experimental results (1)   Dataset: 1998 DARPA intrusion detection evaluation program by MIT Lincoln Labs 6 features are used in ACO algorithm:  connection duration.000 normal data records are prepared for training 22. destination port.000 attack instances and 10. source IP address and destination IP address    24 attack types 22.000 normal data are selected as testing data .000 attack data records & and 10.

Experimental results (2) .

Experimental results (3) .

Experimental results (4) .

Conclusions  Meta-heuristic DIDS architecture for scalable intrusion detection and prevention in distributed networks  Ant based DIDS can significantly improve the overall performance of existing DIDS  High detection rate  Low false positive rate – can recognize normal network traffic .

Thank you! .

Sign up to vote on this title
UsefulNot useful