01-10-2016, 09:56 AM
1457145764-JOURANAL.docx (Size: 124.67 KB / Downloads: 3)
Abstract - Nowadays it is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations. But secured data communication over internet and any other network is always under threat of intrusions and misuses. So Intrusion Detection Systems have become a needful component in terms of computer and network security. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. So, the quest of betterment continues. In this progression, here we present an Intrusion Detection System (IDS), by applying genetic algorithm (GA) to efficiently detect various types of network intrusions. Parameters and evolution processes for GA are discussed in details and implemented. If we can use a better equation or heuristic in this detection process we believe the detection rate and process will improve a great extent, especially false positive rate will surely be much lower. In near future we will try to improve our intrusion detection system with the help of more statistical analysis and with better and may be more complex equations.
INTRODUCTION
The popularity of mobile consumer electronics, like laptop computers, PDAs, and more recently and prominently, smartphones, revives the delay-tolerant-network (DTN) model as an alternative to the traditional infrastructure model. The widespread adoption of these devices, coupled with strong economic incentives, induces a class of malware that specifically targets DTNs. We call this class of malware proximity malware.
An early example of proximity malware is the Symbian-based Cabir worm, which propagated as a Symbian Software Installation Script (.sis) package through the Bluetooth link between two spatially proximate devices. A later example is the iOS-based Ikee worm, which exploited the default SSH password on jailbroken iPhones to propagate through IP-based Wi-Fi connections. Previous researches quantify the threat of proximity malware attack and demonstrate the possibility of launching such an attack, which is confirmed by recent reports on hijacking hotel Wi-Fi hotspots for drive-by malware attacks. With the adoption of new short-range communication technologies such as NFC and Wi-Fi Direct that facilitate spontaneous bulk data transfer between spatially proximate mobile devices, the threat of proximity malware is becoming more realistic and relevant than ever.
II. SCOPE OF THE PROJECT
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces electronic reports to a management station. IDS come in a variety of "flavors" and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. NIDS is a network security system focusing on the attacks that come from the inside of the network (authorized users). Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization.
RELATED WORK
Proximity malware and mitigation schemes. Su et al. collected Bluetooth traces and demonstrated that malware could effectively propagate via Bluetooth with simulations.
Yan et al. developed a Bluetooth malware model. Bose and Shin showed that Bluetooth can enhance malware propagation rate over SMS/MMS. Cheng et al. analyzed malware propagation through proximity channels in social networks. Akritidis et al. quantified the threat of proximity malware in wide-area wireless networks. Li et al. discussed optimal malware signature distribution in heterogeneous, resource-constrained mobile networks. In traditional, non-DTN, networks, Kolbitsch et al. and Bayer et al. proposed to detect malware with learned behavioral model, in terms of system call and program flow. We extend the Naive Bayesian model, which has been applied in filtering email spams detecting botnets and designing IDSs and address DTN-specific, malware-related, problems. In the context of detecting slowly propagating Internet worm, Dash et al. presented a distributed IDS architecture of local/global detector that resembles the neighborhood-watch model, with the assumption of attested/honest evidence, i.e., without liars.
SYSTEM ANALYSIS
4.1 EXISITING WORK
Existing work only considered specification-based state machines for intrusion detection of communication protocol misbehaving patterns.
Proximity malware based on the DTN model brings unique security challenges that are not present in the infrastructure model. In the infrastructure model, the cellular carrier centrally monitors networks for abnormalities; moreover, the resource scarcity of individual nodes limits the rate of malware propagation.
4.2 DRAWBACKS OF EXISTING SYSTEM:
• Trust management problems
• Security challenges
• Efficiency
4.3 PROPOSED WORK
In our proposed work, genetic algorithm to detect malware with learned behavioral model, in terms of system call and program flow. We exemplified the utility with VSMs and demonstrated that the detection probability of the medical device approaches one (that is, we can always catch the attacker without false negatives) while bounding the false alarm probability to below 5% for reckless attackers and below 25% for random and opportunistic attackers over a wide range of environment noise levels.
4.4 ADVANTAGES OF PROPOSED SYSTEM
• Malware-infected nodes’ behaviors are observed
• Detect malware functions
• Security
• Trust maintained
5. SYSTEM ARCHITECTURE
System architecture is a conceptual model that defines the structure, behavior, and more views of a system. An architecture description is a formal description and representation of a system, organized in a way that supports reasoning about the structures and behaviors of the system.
CONCLUSION
From this study we conclude that the malware detection system model is very useful as compare to the existing model. We can provide security to our data during its distribution or transmission and even we can detect if that gets leaked and who is the leaker. Thus, using this model security as well as tracking system is developed. This model is very helpful in various industries, where data is distribute through any public or private channel and shared with third party. Now, industry & various offices can rely on this security & detection model.