A MAIN PROJECT ON INTRUSION DETECTION SYSTEM

UNDER THE EXTREME GUIDANCE OF K.VASU ASST.PROFESSOR(CSIT)

BY A.ANJANEYULU 08E21A0567 K.RAJASHEKAR 08E21A0586 MD.SIDDIQ PASHA 08E21A0596

ABSTRACT
This project describes a technique of applying Genetic Algorithm (GA) to Firewall Tools System (FTSs). A brief overview of the Firewall Tools System, genetic algorithm, and related detection techniques is presented here. Unlike other implementations of the same problem, this implementation considers both temporal and spatial information of network connections in encoding the network connection information into rules in FTS. This is helpful for identification of complex anomalous behaviors. This work is focused on the TCP/IP network protocols. AI techniques help to identify incoming and outgoing traffic and intrusive behavior. Genetic Algorithm (GA) has been used in different ways in FTSs. One network connection and its related behavior can be translated to represent a rule to judge whether or not a real-time connection is considered an a security breach. These rules can be modeled as chromosomes inside the population. The population evolves until the evaluation criteria are met. The generated rule set can be used as knowledge inside the FTS for judging whether the network connection and related behaviors are potential security breach. Genetic algorithm is a family of computational models based on principles of evolution and natural selection.

INTRODUCTION
The project titled Intrusion Detection System In Networking Using Genetic Algorithm (IDS) is for identify the intruder and block the data from the intruder to avoid the system attack by the virus. The user enters the source IP address, destination IP address, port number and the message. The source IP address, destination IP address and the port number are the real time network connections. These connections are converted into chromosomes within the range and in the same behavior. There are two types of connections. The connections are anomalous connection and normal connection. In the anomalous connection, the rules are created in the dataset, as the chromosomes for matching with the real time connection. In the normal connection, the chromosomes are match with the real time connection. During run time, the new rules are added in the dataset. After checking the condition, the IDS will allow to send the data to the user or block the data. By using this algorithm, the intruder cannot able to attack the system by virus. The main objective of this project shows how network connection information can be modeled as chromosomes. The objective of the new system is to create a new set of rules during run time so the user can send the data to the destination. So the intruder cannot able to attack the system with virus.

EXISTING AND PROPOSED SYSTEM

Existing System:
Traditional systems in place for intrusion detection primarily use a method known as fingerprinting to identify malicious users. They are complex. The rules in the dataset are static unless the network administrator manually enters the rules. It does not provide any option for generating dynamic rule set. It cannot create its own rule depending on the current situation. It cannot take decisions in runtime.

Proposed System:
It uses Genetic algorithm, which an artificial intelligence problem-solving is based on the theory of Darwinian evaluation applied to mathematical models. IDS compare learned user characteristics from an empirical model to all users of a system. It includes both temporal and spatial information of the network traffic in the rule set. It is both network based and host based system. It can take decisions in runtime.

ENVIRONMENT
Hardware Processor Memory Hard Disk Drive Keyboard Software OS Platform Software

: : : :

Intel Pentium II or above 128 MB or above 80 GB or above 108 Keys

: Windows xp 2000 or More : Java and swing

MODULE DESCRIPTION
CLIENT MODULE:This module is responsible for the client side communication systemInterface. This module has the client program and the hop count program referred by in it. HOP-COUNT MODULE:This module deals with the routing of the internal message within the network.it specifies the intermediate systems. PASSER MODULE:This module deals with handling the messages received from and external network and in is routing to the mentioned system. SERVER MODULE:This is the server side interface which is preset in the server system and is solely under the control of the administrator.Any transaction in the network will be monitored by the server.

Intrusion Detection System using Genetic Algorithm

LEVEL 0
Sends Data
Source

Server (Detection )

Receives Data
Destination

LEVEL - 1

Monitors the connection

Sniffer
Send Data Source Passes the Real Time Behavior Genetic Algorith m

Destination

Found Bad User

Decision taken by GeneticAlgorithm Found Good User

Server

LEVEL-2 Monitors The Connections Real Time Behavior

Chromosomes

Sniffer

Chrom Convert

Sends Data

Source Genetic Algorith m

Converted Chromosomes
Check Data Set

Destination

Result Finalize
Decision taken by Genetic Algorithm

Found Bad User Server

Found Good User

LEVEL-3
Router

Monitors the connection

Sniffer

Real Time Behavior

Chrom Convert

Chromosomes Source
Passing System

Converted Chromosomes
Genetic Algorith m

Destination

Check
Data Set

Sends Data

Passing System

Result Finalize
Decision taken by Genetic Algorithm

Passing System

Hop Count

Found Bad User

Found Good User

UML DIAGRAMS
Class Diagram

Class Sequence Diagram

: Sender System Hopcount IDS Dataset : Receiver

Enter sys. addr., port no and msg check sys. addr., port no

Ask Inter Sys. no. and names

Enter Inter Sys no. and name

Check Sys. no. and name Invalid System No. and name

Check the availability of the user Restricted User

New rules are created

Created rules are added in the dataset Message Send

Activity Diagram

OUTPUT SCREEN

CONCLUSIONS
The software development is very flexible and much functionality can be added to it, to enhance performance of this project titled Intrusion Detection System In networking Using Genetic Algorithm. By using genetic algorithm, during run time the new set of rules will added in the dataset. A brief overview of Intrusion Detection System, Genetic algorithm, and related detection techniques are discussed. This implementation of genetic algorithm is unique as it considers both temporal and spatial information of network connections during the encoding of the problem; therefore, it should be more helpful for identification of network anomalous behaviors. The project was successfully completed within the time span allotted.

REFERENCES
[1] Larry J. Hughes, Jr. Actually Useful Internet Security Techniques, New Riders Publishing, Indianapolis, IN, 1995. [2] R. Heady, G. Luger, A. Maccabe, and B. Mukherjee. A Method To Detect Intrusive Activity in a Networked Environment. In Proceedings of the 14th National Computer Security Conference, pages 362-371, October 1991. [3] Abdelaziz Monnji. Languages and Tools for Rule-Based Distributed Intrusion Detection, PhD thesis, Facultes Universitaires, Notre-Dame de la Paix, Belgium, September 1997. [4] W. R. Stevens. TCP/IP Illustrated Vol. 1 The Protocols, Addison-Wesley Publishing Company, Inc. Reading, MA, 1994. [5] S. M. Bellovin. Security Problems in the TCP/IP Protocol Suite, Computer Communications Review, Vol. 19, No. 2, pp. 32-48, April 1989. [6] Morris R. A Weakness in the 4.2 BSD UNIX TCP/IP Software, Computer Science Technical Report No 117, AT&T Bell Laboratories, Murray Hill, NJ, 1985. [7] CERT. TCP SYN Flooding and IP Spoofing Attacks, Carnegie Mellon University, Pittsburgh, PA, September 1996.