Академический Документы
Профессиональный Документы
Культура Документы
ABSTRACT
This project describes a technique of applying Genetic Algorithm (GA) to Firewall Tools System (FTSs). A brief overview of the Firewall Tools System, genetic algorithm, and related detection techniques is presented here. Unlike other implementations of the same problem, this implementation considers both temporal and spatial information of network connections in encoding the network connection information into rules in FTS. This is helpful for identification of complex anomalous behaviors. This work is focused on the TCP/IP network protocols. AI techniques help to identify incoming and outgoing traffic and intrusive behavior. Genetic Algorithm (GA) has been used in different ways in FTSs. One network connection and its related behavior can be translated to represent a rule to judge whether or not a real-time connection is considered an a security breach. These rules can be modeled as chromosomes inside the population. The population evolves until the evaluation criteria are met. The generated rule set can be used as knowledge inside the FTS for judging whether the network connection and related behaviors are potential security breach. Genetic algorithm is a family of computational models based on principles of evolution and natural selection.
INTRODUCTION
The project titled Intrusion Detection System In Networking Using Genetic Algorithm (IDS) is for identify the intruder and block the data from the intruder to avoid the system attack by the virus. The user enters the source IP address, destination IP address, port number and the message. The source IP address, destination IP address and the port number are the real time network connections. These connections are converted into chromosomes within the range and in the same behavior. There are two types of connections. The connections are anomalous connection and normal connection. In the anomalous connection, the rules are created in the dataset, as the chromosomes for matching with the real time connection. In the normal connection, the chromosomes are match with the real time connection. During run time, the new rules are added in the dataset. After checking the condition, the IDS will allow to send the data to the user or block the data. By using this algorithm, the intruder cannot able to attack the system by virus. The main objective of this project shows how network connection information can be modeled as chromosomes. The objective of the new system is to create a new set of rules during run time so the user can send the data to the destination. So the intruder cannot able to attack the system with virus.
Proposed System:
It uses Genetic algorithm, which an artificial intelligence problem-solving is based on the theory of Darwinian evaluation applied to mathematical models. IDS compare learned user characteristics from an empirical model to all users of a system. It includes both temporal and spatial information of the network traffic in the rule set. It is both network based and host based system. It can take decisions in runtime.
ENVIRONMENT
Hardware Processor Memory Hard Disk Drive Keyboard Software OS Platform Software
: : : :
MODULE DESCRIPTION
CLIENT MODULE:This module is responsible for the client side communication systemInterface. This module has the client program and the hop count program referred by in it. HOP-COUNT MODULE:This module deals with the routing of the internal message within the network.it specifies the intermediate systems. PASSER MODULE:This module deals with handling the messages received from and external network and in is routing to the mentioned system. SERVER MODULE:This is the server side interface which is preset in the server system and is solely under the control of the administrator.Any transaction in the network will be monitored by the server.
LEVEL 0
Sends Data
Source
Server (Detection )
Receives Data
Destination
LEVEL - 1
Sniffer
Send Data Source Passes the Real Time Behavior Genetic Algorith m
Destination
Server
Sniffer
Chrom Convert
Sends Data
Converted Chromosomes
Check Data Set
Destination
Result Finalize
Decision taken by Genetic Algorithm
LEVEL-3
Router
Chrom Convert
Chromosomes Source
Passing System
Converted Chromosomes
Genetic Algorith m
Destination
Check
Data Set
Sends Data
Passing System
Result Finalize
Decision taken by Genetic Algorithm
Passing System
Hop Count
UML DIAGRAMS
Class Diagram
Enter sys. addr., port no and msg check sys. addr., port no
Check Sys. no. and name Invalid System No. and name
Activity Diagram
OUTPUT SCREEN
CONCLUSIONS
The software development is very flexible and much functionality can be added to it, to enhance performance of this project titled Intrusion Detection System In networking Using Genetic Algorithm. By using genetic algorithm, during run time the new set of rules will added in the dataset. A brief overview of Intrusion Detection System, Genetic algorithm, and related detection techniques are discussed. This implementation of genetic algorithm is unique as it considers both temporal and spatial information of network connections during the encoding of the problem; therefore, it should be more helpful for identification of network anomalous behaviors. The project was successfully completed within the time span allotted.
REFERENCES
[1] Larry J. Hughes, Jr. Actually Useful Internet Security Techniques, New Riders Publishing, Indianapolis, IN, 1995. [2] R. Heady, G. Luger, A. Maccabe, and B. Mukherjee. A Method To Detect Intrusive Activity in a Networked Environment. In Proceedings of the 14th National Computer Security Conference, pages 362-371, October 1991. [3] Abdelaziz Monnji. Languages and Tools for Rule-Based Distributed Intrusion Detection, PhD thesis, Facultes Universitaires, Notre-Dame de la Paix, Belgium, September 1997. [4] W. R. Stevens. TCP/IP Illustrated Vol. 1 The Protocols, Addison-Wesley Publishing Company, Inc. Reading, MA, 1994. [5] S. M. Bellovin. Security Problems in the TCP/IP Protocol Suite, Computer Communications Review, Vol. 19, No. 2, pp. 32-48, April 1989. [6] Morris R. A Weakness in the 4.2 BSD UNIX TCP/IP Software, Computer Science Technical Report No 117, AT&T Bell Laboratories, Murray Hill, NJ, 1985. [7] CERT. TCP SYN Flooding and IP Spoofing Attacks, Carnegie Mellon University, Pittsburgh, PA, September 1996.