com
ijifr.journal@gmail.com
Abstract
From the last two decade it is very important and essential issue to maintain a high level
security to ensure safe and secure communication of information between various
organizations and business developments. But The Intrusion Detection System in Networking
is to identify the intruder (abuse data) and block the data from the intruder to avoid the
various types of system attack by the viruses. Secure data in the internet is not sure by
anywhere. Now the Intrusion Detection Systems have become a needful in terms of computer
and network security. This new system is a replacement of the existing system. In existing
system, at run time it will not create a set of rules means some hidden information that is
nothing but compulsory bits of information or some set of data. In the major components of
the system are creating new set of rules during run time of the system. Now in this
progression, here we present an Intrusion Detection System (IDS), by applying genetic
algorithm (GA) to very efficiently detect various types of network attacks viruses and abuse
data or intrusions. We propose effective and accuracy of an approach to generate rules for
different types of anomalous connection Parameters and evolution processes for Genetic
Algorithm are discussed in details and implemented.
Keywords: Intrusion Detection System, genetic algorithm, Networking, Technology Solutions, System Problems
1. Introduction
In 1987 DOROTHY E. DENNING (Distinguished Professor, Department of Defense
Analysis Naval Postgraduate School) proposed intrusion detection system as is an approach to find
out the computer and networking attacks and misuses. Intrusion detection is implemented by an
intrusion detection system. [1] Today there are many commercial intrusion detection systems
available in market. [5] I would like to present some IDS systems available in market. List Ana
Disk, Audit Track for Netware, by-Life Line (Bind View Development), CRCMd5 Data Validation
Tool etc. Like that hundreds of IDS tools are currently working in market place. However tools are
available in market but some expert system hackers and some professional system designers are able
to break the information that are passes in various communication systems, but it is illegally. [1] The
Copyright IJIFR 2014
Authors Subject Area: Computer Networks
Available Online at: - http://www.ijifr.com/searchjournal.aspx
14
Intrusion Detection System in Networking Using Genetic Algorithm (IDS) is used for Global
Technology Solutions. Monitors the security systems and facilities that protect critical data and other
resources on your mainframe 24 hours a day seven days a week. Enforcer makes certain that the
standards, policies, rules and settings defined by your security experts are in force and stay in force.
With Vanguard Enforcer, you will never have to wonder whether the security implementation on your
mainframe is protecting your critical resources effectively. This technology ensures that security on
your mainframe systems continuously adheres to "best practices" standards and your own security
policies. [5] One more application to find hidden or deleted data on computer diskettes regardless of
format. Search any diskette by user-defined values, print data on a physical sector or file basis, and
copy almost any kind of diskette without regard to format or type.
System based IDS that has the ability to detect network reconnaissance stealth port scanning over
many months, warning against even the most determined attacks. Cyber Cop Monitor's unique system
based Intrusion Detection architecture provides both real-time packet analysis and system event
analysis. [5] Advanced security features include the detection and alerting of attacks destined not only
to the system it is trying to protect, but also when that system is being used as a "jumping off point" to
launch attacks against other network assets. Monitor's C2 auditing capabilities produce a more
detailed audit report and can create audit logs by user, event and class to integrate with the Solaris
Basic Security Mode (BSM) functionality. This capability enables powerful logging of events down
to the system call level to counter even the most skillful system misuse. [13]
Denial
of Service (DOS): A DOS attack is a type of attack in which the hacker makes a
computing or memory resources too busy or too full to serve legitimate networking requests
and hence denying users access to a machine e.g. apache, smurf, neptune, ping of death, back,
mail bomb, UDP storm etc. are all DOS attacks. [1]
Remote to User Attacks (R2L): A remote to user attack is an attack in which a user sends
packets to a machine over the internet, which s/he does not have access to in order to expose
the machines vulnerabilities and exploit privileges which a local user would have on the
computer e.g. xlock, guest, xnsnoop, phf, send mail dictionary etc. [1]
User to Root Attacks (U2R): These attacks are exploitations in which the hacker starts off
on the system with a normal user account and attempts to abuse vulnerabilities in the system
in order to gain super user privileges e.g. Perl, xterm. [5]
Probing: Probing is an attack in which the hacker scans a machine or a networking device in
order to determine weaknesses or vulnerabilities that may later be exploited so as to
compromise the system. This technique is commonly used in data mining e.g. saint, port
15
S. Udayabaskaran, M. Reni Sagayaraj, C. Bazil Wilfred : Computation of service time distribution of Beacon
Message Dissemination in the DSRC using SMP Model
www.ijifr.com
Email: ijifr.journal@gmail.com
IJIFR 2014
Hijack attack:
Hijack attack in a hijack attack, a hacker takes over a session between you
and another individual and disconnects the other individual from the communication. You
16
S. Udayabaskaran, M. Reni Sagayaraj, C. Bazil Wilfred : Computation of service time distribution of Beacon
Message Dissemination in the DSRC using SMP Model
www.ijifr.com
Email: ijifr.journal@gmail.com
IJIFR 2014
still believe that you are talking to the original party and may send private information to the
hacker by accident. [10]
Spoof attack: Spoof attack in a spoof attack, the hacker modifies the source address of the
packets he or she is sending so that they appear to be coming from someone else. This may be
an attempt to bypass your firewall rules. [5]
Buffer overflow: Buffer overflow a buffer overflow attack is when the attacker sends more
data to an application than is expected. A buffer overflow attack usually results in the attacker
gaining administrative access to the system in a command prompt or shell. [10]
Exploit attack: Exploit attack in this type of attack, the attacker knows of a security problem
within an operating system or a piece of software and leverages that knowledge by exploiting
the vulnerability. [10]
Password attack: Password attack an attacker tries to crack the passwords stored in a
network account database or a password-protected file. There are three major types of
password attacks: a dictionary attack, a brute-force attack, and a hybrid attack. A dictionary
attack uses a word list file, which is a list of potential passwords. A brute-force attack is when
the attacker tries every possible combination of characters. [5]
Misuse/Signature-Based
Anomaly/Statistical
Response
17
S. Udayabaskaran, M. Reni Sagayaraj, C. Bazil Wilfred : Computation of service time distribution of Beacon
Message Dissemination in the DSRC using SMP Model
www.ijifr.com
Email: ijifr.journal@gmail.com
IJIFR 2014
Noisy:
In 2009, Noisy/Snort entered Open Source Programming as one of the greatest open
source software of all time. Through protocol analysis, content searching, content sorting
and various pre-processors, Noisy detects thousands of vulnerability exploit attempts, worms
etc.
OSSEC:
18
S. Udayabaskaran, M. Reni Sagayaraj, C. Bazil Wilfred : Computation of service time distribution of Beacon
Message Dissemination in the DSRC using SMP Model
www.ijifr.com
Email: ijifr.journal@gmail.com
IJIFR 2014
5 References
[1] Denning, P. J. and Denning, D. E., "Discussing Cyber Attack," Comm. of the ACM, Vol. 53, No. 9,
2010.
[2] Sept.
Zhang,
D., Zeng, S., Huang, C-N, Fan, L., Yu, X., Dang, Y., Larson, C., Denning, D.,
[3] Denning, D. E., Barriers to Entry: Are They Lower for Cyber Warfare? IO Journal, April 2009.
[4] Denning, D. E., Assessing the CNO Threat of Foreign Countries, in Information Strategy and
Warfare (J. Arquilla and D. Borer eds.), Routledge, 2007. of pre-publication version)
[5] Denning, D. E., The Ethics of Cyber Conflict, in Information and Computer Ethics (K. E. Himma
and H. T. Tavani eds.), Wiley, 2007.
[6] Kinniburgh, J. and Denning, D. E., Blogs and Military Information Strategy, IO Sphere, Joint
Information Operations Center, Summer 2006, pp. 5-13. Also issued as JSOU Report 06-05, Joint
Special Operations University, June 2006. Also in Information Strategy and Warfare (J. Arquilla and
D. Borer eds.), Routledge, 2007.
[7] Yuill, J., Denning, D., and Feer, F.,
[8] Psychological Vulnerabilities to Deception for Use in Computer Security, DoD Cyber Crime
Conference 2007, St. Louis, MO, January 2007.
[9] Denning, D. E., A View of Cyberterrorism Five Years Later, Readings in Internet Security: Hacking,
Counterhacking, and Society (K. Himma ed.), Jones and Bartlett Publishers, Boston, 2006. Yuill, J.,
Denning,
[10] D., and Feer, F., Using Deception to Hide Things from Hackers, Journal of Information Warfare,
Vol. 5, No. 3, 2006, pp. 26-40
[11] Designing Deception Operations for Computer Network Defense, DoD Cybercrime Conference
2005, Palm Harbor, FL, January 2005.
[12] Denning, D. E., Key Concerns, Information Security, Vol. 4, No. 11, November 2001, p. 120.
[13] Denning, D. E., Cyberwarriors, Harvard International Review, Summer 2001, pp.
[14] Denning, D. E., Obstacles and Options for Cyber Arms Control, proceedings of Arms Control in
Cyberspace, Heinrich Bll Foundation, Berlin, Germany, June 29-30, 2001.
[15] Denning, D. E., Why I Love Biometrics, Information Security, Vol. 4, No. 1, January 2001, p. 96.
19
S. Udayabaskaran, M. Reni Sagayaraj, C. Bazil Wilfred : Computation of service time distribution of Beacon
Message Dissemination in the DSRC using SMP Model
www.ijifr.com
Email: ijifr.journal@gmail.com
IJIFR 2014