Professional Documents
Culture Documents
Abstract— Internet today is used by almost all the people, the system that will provide the users the information about
organizations etc. With this vast usage of internet, a lot of the reasons of the problem (due to attack) and how the
information is exposed on the internet. This information is problem can be solved. For this an expert system CSAAES is
available to the hackers. So a lot of attacks occur in the computer designed that will provide the required information from its
systems through internet. These attacks may destroy the rules and databases by querying it. The aim of the expert
information present on a particular system or use the system to
system is twofold. To make the user know about important
perform other type of attacks. We need to provide protection
from these attacks. User faces some problem in the functioning of information about various cyber attacks and also to provide
the computer but has no means of identifying and solving the awareness about all possible symptoms and countermeasures.
problems. Knowledge about different type of attacks and their
effects on the system is available from various sources. The II. LITERATURE REVIEW
handling of various attacks is also available, but the way to
identify which attack is being performed on the computer system As proposed by [1] an expert system called OPENSke that
is difficult. The expert system designed here can identify which was designed by using Drool’s tool. This system took system
type of attack is being performed on the system, their symptoms information as input and identified the vulnerability found.
and ways to solve these attacks i.e. countermeasures. It is a System information was the information of the network such
platform for cyber attacks security awareness among internet as hosts present in the system, user account, assets and
users. applications running on them. Vulnerabilities found was the
output of any vulnerability scanner such as OVAL scanner or
Keywords—expert system; security; attacks; countermeasures; NESSUS etc. that provides the vulnerability found in the
security framework. system [1]. This gave as output weaknesses found
compromised software or assets and executed attack pattern.
Weaknesses found in described by the CWE (Common
I. INTRODUCTION Weakness Enumeration) that have satisfied current
With the development of internet and communication vulnerability in the system. It also told about the software or
system cyber movement started into new era. Internet is used the assets that have been compromised were risky to use.
by all people and government agencies for their business Executed attack pattern constitute a list of CAPEC (Common
activities, personal affairs etc. this information system has Attack Pattern Enumeration and Classification) attack
improved the efficiency to a large extent but the risk of cyber patterns. This system was experimented on several different
threats and computer security attacks is increased. The systems and identified the vulnerability present. The major
attackers find the vulnerabilities present in the system drawback of the system was that it had not taken into
application or operating system and use that to exploit the consideration the role of time in execution of attacks. In this
system. system information about the network needed to be entered
manually, so could also be automated to detect the network
topology and run the system on frequent basis. Rules in this
Most of these attacks occur due to misconfigured software, system were executed arbitrarily and this could be improved
vulnerable software or open ports present in the system. This by going through the workflow process.
led the computer user and organization to use security tools to
prevent the system from the security attacks. They provide the Kerim Goztepe[2] designed fuzzy rule based expert system
information but that is scattered. When user faces problems in for cyber security named as Fuzzy Rule Based Cyber Expert
the computer he/she does not know the reason due to which System(FRBCES). Major parts in this were data collection,
the problems is occurring and what should be done to remove defining variables i.e. input and output and then
the problems from the computer. For removing the attack we implementation. Input variables used in this were cyber
need to identify the attack and then apply the appropriate technique, cyber intruder’s target, cyber intruder, aim of cyber
countermeasure to remove that. So there is a need to design intruder. Techniques used for this were DOS attack, network
243
International Conference on Computing, Communication and Automation (ICCCA2015)
• Remedies: These refer to the countermeasures to or the problems faced while using the system. The problems
be used for handling attacks proactively as well listed are abnormal program termination, computer shutdown
as reactively. abruptly, loss of access to the network, cannot get information,
get false information etc. These are the problems faced while
working on the computer system or network. The expert
system asks for entering the observed symptoms by clicking
the checkboxes against the problem you faced. In figure 4 two
symptoms are selected these are abnormal program
termination and computer shutdown.
D. Data collection
Data for this system is collected from different sources
like books, paper from journals and conferences and
online sources. Various cyber attacks about which
awareness is provided in CSAAES is shown in figure 3.
244
International Conference on Computing, Communication and Automation (ICCCA2015)
In future this system can be modified to provide the
attacks based upon frequency that is problem that is faced
more by the users will be asked first and based upon the
symptom that user has entered it will ask for the next
symptom. The system can be made dynamic as the user can
enter problem faced by him if that is not present in the list.
That symptom will be later analyzed and user is provided with
the solution of that problem. This way the system can be
improved further.
REFERENCES
Fig. 6. Countermeasures of DOS attack. [1] M.M. Gamal, B. Hasan, and A.F. Hegazy, “A Security Analysis
Framework Powered by an Expert System,” International Journal of
Computer Science and Security (IJCSS), Vol. 4, no. 6, pp. 505-527, Feb.
V. CONCLUSION 2011.
[2] K. Goztepe, “Designing a Fuzzy Rule Based Expert System for Cyber
Security is essential for safe working of any system. Many Security,” International Journal Of Information Security Science, vol.1,
types of attacks have been identified by various researchers at no.1, 2012
various levels. Though users know about the attacks, seldom [3] K. Ahmad, S. Verma, N. Kumar, and J. Shekhar, “Classification of
they know the symptoms by which they can identify the attack Internet Security Attacks,” Proceedings of the 5th National Conference,
being performed on their systems. The expert system designed March 2011.
here can provide this information in detail to the user. [4] D. Welch, “Wireless Security Threat Taxonomy,” Information
Moreover, the knowledge about different type of attacks, their Assurance Workshop. IEEE Systems, Man and Cybernetics Society, pp
76-83, June 2003.
symptoms, their effects on the system and how these can be
handled is collected and included in the expert system. This [5] G. Kulkarni, R. Shelk , K. Gaikwad, V. Solanke , S. Gujar, and P.
Khatawkar, “Wireless Sensor Network Security Threats,”
system takes two types of input from the users namely
[6] M. Panda “Security Threats at Each Layer of Wireless Sensor
observed symptoms and the attack type. It provides the Networks,” International Journal of Advanced Research in Computer
possible suspects for attacks based on the observed symptoms. Science and Software Engineering, vol. 3, no. 11, Nov. 2013.
It also provides the remedies for the identified attack if [7] C. Wilson, “Computer Attack and Cyber Terrorism: Vulnerabilities and
required by the user. Users can also select an attack type and Policy Issues for Congress”, Congressional Research Service Report for
get detailed information about it. The system is tested against Congress, Oct. 17 2003.
various inputs and is identifying various attacks correctly. The [8] J. Moteff, and P. Parfomak, “Critical Infrastructure and Key Assets:
expert system is capable of identifying many possible security Definition and Identification”, Congressional Research Service Report
for Congress, Oct. 1, 2004.
attacks based on observed symptoms. By also providing the
countermeasures for all the attacks, it is surely a platform for [9] J. A. Chandler, “Security in Cyberspace: Combatting Distributed Denial
of Service Attacks,” University of Ottawa Law & Technology Journal,
security awareness. pp. 231-261, 2004.
245