ABSTRACT

Intrusion detection faces a number of challenges; an intrusion detection

system must reliably detect malicious activities in a network and must perform

efficiently to cope with the large amount of network traffic. In this project, we

address these two issues of Accuracy and Efficiency using Conditional Random

Fields and Layered Approach. We demonstrate that high attack detection accuracy

can be achieved by using Conditional Random Fields and high efficiency by

implementing the Layered Approach. Finally, we show that our system is robust

and is able to handle noisy data without compromising performance.

An Intrusion Detection System or IDS is a software tool used to detect

unauthorized access to a computer system or network. This may take the form of

attacks by skilled malicious hackers, or Script kiddies using automated tools. An

IDS is required to detect all types of malicious network traffic and computer usage.

This includes network attacks against vulnerable services, data driven attacks on

applications, host based attacks such as privilege escalation, unauthorized logins

and access to sensitive files, and malware (viruses, Trojan horses, and Worms).

An IDS is composed of several components, Sensors which generate

security events, a Console to monitor events and alerts and control the sensors, and

a central Engine that records events logged by the sensors in a database and uses a

system of rules to generate alerts from security events received.

i
 TABLE OF CONTENTS

CHAPTER.NO TITLE PAGE.NO

ABSTRACT i
LIST
OF TABLES iv
LIST OF FIGURES v
1
INTRODUCTION 1
1.1 Problem specification 2
1.1.1 Objectives 2
1.1.2 Layered approach for intrusion detection 3
1.1.3 Conditional random fields 5
1.1.4 Integrating layered approach with
Conditional random fields 5
2 LITERATURE SURVEY 6
3 SYSTEM STUDY 12
3.1 Existing system 13
3.2 Proposed system 13
4 SYSTEM DESIGN AND IMPLEMENTATION 14
4.1 Login 15
4.2 Probe layer 15
4.3 DOS layer 16
4.4 R2L layer 16
4.5 U2R layer 16
4.6 Layered framework for intrusion detection 17

ii
 4.7 Layered CRF for network intrusion detection 18

5 FEATURE SELECTION 20
6.1 Feature selection for probe layer 21
6.2 Feature selection for DOS layer 21
6.3 Feature selection for R2L layer 22
64 Feature selection for U2R layer 23
6.5Algorithm 25
6 TESTING 26
7.1 Unit testing 27
7.2 Acceptance testing 27
7.3 Integration testing 27
7 CONCLUSION & FUTURE ENHANCEMENT 28
8 APPENDICES 31
9 REFERENCES 48

iii
 LIST OF TABLES

TABLE.NO TITLE PAGE.NO

6.1 Probe layer Features 20
6.2 DOS layer Features 21
6.3 R2L layer Features 22
6.4 U2R layer Features 23

iv
 LIST OF FIGURES

FIGURE.NO TITLE PAGE.NO

1.1 Real-time representation of system 3
1.2 Graphical representation of CRF 4
4.1 Behavior of intruding system 12
5.1 Data flow diagram 16