14-12-2012, 04:04 PM
Agent Based Efficient Anomaly Intrusion Detection System in Adhoc Networks
Agent Based Efficient Anomaly.pdf (Size: 1.99 MB / Downloads: 46)
PROBLEM DEFINITION
Networks are protected using many firewalls and encryption software’s. But many of them are not sufficient and effective. Most intrusion detection systems for mobile ad hoc networks are focusing on either routing protocols or its efficiency, but it fails to address the security issues. Some of the nodes may be selfish, for example, by not forwarding the packets to the destination, thereby saving the battery power. Some others may act malicious by launching security attacks like denial of service or hack the information. The ultimate goal of the security solutions for wireless networks is to provide security services, such as authentication, confidentiality, integrity, anonymity, and availability, to mobile users. This paper incorporates agents and data mining techniques to prevent anomaly intrusion in mobile adhoc networks. Home agents present in each system collects the data from its own system and using data mining techniques to observed the local anomalies. The Mobile agents monitoring the neighboring nodes and collect the information from neighboring home agents to determine the correlation among the observed anomalous patterns before it will send the data. This system was able to stop all of the successful attacks in an adhoc networks and reduce the false alarm positives.
Current system
Firewall and encryption methods are not sufficient to provide security in an adhoc networks. Countering threats to an organization's wireless adhoc network is an important area of research. Intrusion detection means identifying any set of actions that attempt to compromise the integrity, confidentiality or availability of resource [1]. Many techniques have been discussed to prevent attacks in an wireless adhoc networks as follows. Ricardo Puttini et al [2], propose design and develo Traditional security mechanism such as intrusion detection system, pment of the IDS are considered in 3 main stages. A parametrical mixture model is used for behavior modeling from reference data. The associated Bayesian classification leads to the detection algorithm [3]. MIB variables are used to provide IDS needed information. Experiments of DoS and scanner attacks validating the model are presented as well. João B. D. Cabrera Et al [4] provides the solution of intrusion detection in Mobile Ad-Hoc Networks (MANETs), utilizing ensemble methods.
Overcoming the traditional method
Our approach is entirely based on anomaly based method, which has been used to address security problems related to attacks in a wireless networks. This paper incorporates new methodology such as mining and agents to provide solutions against wireless networks. Our Proposal provides the three different techniques to provide suffice security solution to current node, Neighboring Node and Global networks. The following figure clearly depicts the architecture of the system to prevent the attacks in wireless networks. The following section outlines each module’s work in detail.
Data clustering
Clustering can be performed to find hidden patterns in data and significant features for use in detection. Clustering can also be used as a reduction technique by storing the characteristics of the clusters instead of the individual data. In previous work a number of experiments have been performed to measure the performance of different machine-learning paradigms as mentioned in the previous section. Classifications were performed on the binary (normal/attack) as well as five-class classifications (normal, and four classes of attacks. It has been demonstrated that a large number of the input features are unimportant and may be eliminated, without significantly lowering the performance of the IDS In terms of the five class classification, found that by using only 19 of the most important features, instead of the entire 41-feature set, the change in accuracy of intrusion detection was statistically insignificant. applied the technique of deleting one feature at time. Each reduced feature set was then tested on Support Vector Machines and Neural Networks to rank the importance of input features. The reduced feature set that yielded the best detection rate in the experiments was considered to be the set of important features. Unlike the work reported in which employed a trial-and-error based approach, we investigate feature reduction using data mining techniques.
Automated Evidence Gathering
Currently, it is impractical to automatically gather evidence for an attack from many different sources. The problem is having the right software running at the right place at the right time. MAs offer the ability to run anything, anywhere, at any time. It is therefore conceivable that evidence may be gathered from different hardware platforms, different
operating systems, and even different applications such as web servers. It is very easy to audit so much information on a host that the capacity to store the logs fills up quickly.
MA Operations on an Attacker’s Host
In the event of an attack, automated responses normally occur in the network at routers or firewalls. These elements typically try to separate the attacker from the target. However, if possible it would also be beneficial to launch automated responses on the attacker's host. Such a counter-attack may not succeed as the attacker has control of his own host and so this technique would not replace router or firewall based responses. However, responding on the attacker’s host gives an IDS a much greater power to restrict the attacker’s actions. Without MAs, it is unlikely that an IDS could get enough access to an attacker’s host in order to initiate responses. Because of this, the field of responding to an attacker on his own host has not been researched. Having MA platforms installed throughout a network will enable IDSs to initiate these kinds of responses and thereby necessitate this type of research.