This document summarizes a seminar presentation on using genetic algorithms for network intrusion detection. It introduces network intrusion detection systems and genetic algorithms. It discusses problems addressed like security threats, challenges like new attack types, and the scope of applying genetic algorithms to intrusion detection. It reviews related literature and detection techniques. It outlines the proposed system architecture, which would generate a random rule population, evaluate it using a fitness function, and use genetic operators like selection, crossover and mutation to optimize the rule set over generations.
How to Troubleshoot Apps for the Modern Connected Worker
Network Intrusion Detection Using Genetic Algorithms
1. PROJECT SEMINARPROJECT SEMINAR
OnOn
““Network Intrusion DetectionNetwork Intrusion Detection
using Genetic Algorithmusing Genetic Algorithm””
Presented byPresented by
Under the Guidance ofUnder the Guidance of CoordinatorsCoordinators
Chakrapani D.SChakrapani D.S [ B.E, M.tech ][ B.E, M.tech ]
Lecturer, Dept of CSELecturer, Dept of CSE
ChetanChetan K. RK. R [ B.E, M.Tech ][ B.E, M.Tech ]
Sr. Lecturer , Dept of CSESr. Lecturer , Dept of CSE
Poornima K.MPoornima K.M [ B.E, M.Tech ][ B.E, M.Tech ]
Asst. Professor, Dept of CSEAsst. Professor, Dept of CSE
Jawaharlal Nehru National College of Engineering,Jawaharlal Nehru National College of Engineering,
ShimogaShimoga
HITESH KUMAR. P 4JN07CS027HITESH KUMAR. P 4JN07CS027
SAGAR. USAGAR. U 4JN07CS0704JN07CS070
SANDEEP TANTRY. K 4JN07CS072SANDEEP TANTRY. K 4JN07CS072
SHARATH KUMAR. K 4JN07CS078SHARATH KUMAR. K 4JN07CS078
2. Contents
1. Introduction
1.1 Introduction to Intrusion Detection System(IDS).
1.2 Introduction to genetic algorithm.
2. Problem Specification
2.1 Major problems addressed.
2.2 Challenges faced.
2.3 Scope of the project.
3. Literature Survey
3.1 Features & Technology used.
3.2 Drawbacks & Solutions.
4. System Architecture
4.1 Workflow diagrams & Modules.
3. Introduction to IntrusionIntroduction to Intrusion
Detection SystemDetection System
Intrusion.Intrusion.
ExternalExternal
InternalInternal
Intrusion Detection System.Intrusion Detection System.
Misuse vs Anomaly.Misuse vs Anomaly.
Host-based vs Network-based.Host-based vs Network-based.
4. IDS - one piece of the whole Security puzzle.
Lots of people use Firewall and Router logs for Intrusion
Detection .
Important Security architecture but does not solve all
your problems .
Mostly signature based .
Example (Denial of Service [ DoS ] Attack).
7. Major problems
Security infrastructure.
Threats originating from outside.
Support Issues (OS, Platform)
Evaluation Parameters.
8. Challenges
Frequency vs Difficulty level.
Hacktivists or cyber terrorists
Deployment & Myths
Using IDS in fully switched networks
Interpreting all the data being presented
Encryption, VPN, Tunnels
Performance
Response team.
9. Scope
Combining knowledge from different sensors into a
Standard rule base.
Local Area Security.
Security purpose in main servers across the world.
Intelligence Intrusion Detection System(IIDS) is an
ongoing Project in Mississippi University.
10. Literature Survey
• “The Integration of security sensors into the
Intelligent Intrusion Detection System (IIDS) in
a cluster environment” by Li, Wei
– In this paper the author has described the some
methods to detect Intrusion in Network.
11. • “Network Intrusion Detection” by Stephen
Northcutt, Judy Novak
– In this book the author has described some concepts
related to networks and concepts related to Intrusion
Detection
12. • “Principles of Information Security” - Michel E.
Whitman and Herbert J. Mattord
– In this paper the author has described about concepts
in network security completely.
13. • “Genetic Algorithms with Dynamic Niche
Sharing for Multimodal Function Optimization.”
by Miller, Brad. L. and Michael J. Shaw.
– In this paper the author has described about the
concepts of Genetic algorithm and its applications
(usage).
14. Applying Genetic Algorithm to IDS
• Genetic algorithms can be used to evolve simple rules for
network traffic.
The rules stored in the rule base are usually in the
following form
if { condition } then { act }
Eg. if {the connection has following information: source
IP address 124.12.5.18; destination IP
address:130.18.206.55; destination port number: 21;
connection time: 10.1 seconds }
then {stop the connection}
15. Rule definition for connection and range
of values of each field
AttributeAttribute Range Eg. Value DescriptionsRange Eg. Value Descriptions
0.0.0.0 – 255.0.0.0.0 – 255. d1.0b.**.** A subnet withd1.0b.**.** A subnet with
resperespe
Source IPSource IP 255.255.255255.255.255 (209.11.??.??) -ctive range of IP(209.11.??.??) -ctive range of IP
Destination IP 0.0.0.0 – 255.Destination IP 0.0.0.0 – 255. 82.12.b*.**82.12.b*.** A subnet with respA subnet with resp
255.255.255255.255.255 -ective range of IP-ective range of IP
Source Port no 0 - 65535Source Port no 0 - 65535 4233542335 Source Port noSource Port no
Dest Port no 0 - 65535 00080Dest Port no 0 - 65535 00080 HTTP ServiceHTTP Service
Duration 0 - 99999999 00000482 ConnectionDuration 0 - 99999999 00000482 Connection
DurationDuration
StateState 1 – 121 – 12 1111 (Internal Use)(Internal Use)
ProtocolProtocol 1 – 91 – 9 22 TCPTCP
ProtocolProtocol
Bytes sent 0 – 9999999999 0000007320Bytes sent 0 – 9999999999 0000007320 Originator sends reOriginator sends re
17. Drawbacks of other existing system
All the internal rules should be defined.
complex or loosely defined problems.
Monitoring systems.
Exact match for rules.
About 400 different IDS on the market-Only a few are
scalable, and easy to maintain.
25. Li, Wei. 2002. “The integration of security sensors intoLi, Wei. 2002. “The integration of security sensors into
the Intelligent Intrusion Detection System (IIDS) in athe Intelligent Intrusion Detection System (IIDS) in a
cluster environment.” Master’s Project Report. Departmentcluster environment.” Master’s Project Report. Department
of Computer Science, Mississippi State University.of Computer Science, Mississippi State University.
Miller, Brad. L. and Michael J. Shaw. 1996. “GeneticMiller, Brad. L. and Michael J. Shaw. 1996. “Genetic
Algorithms with Dynamic Niche Sharing for MultimodalAlgorithms with Dynamic Niche Sharing for Multimodal
Function Optimization.”Function Optimization.” In Proceedings of IEEEIn Proceedings of IEEE
International Conf. on Evolutionary Computation.International Conf. on Evolutionary Computation.
““Network Intrusion Detection” by Stephen Northcutt,Network Intrusion Detection” by Stephen Northcutt,
Judy Novak ( 3Judy Novak ( 3rdrd
edition).edition).
““Principles of Information SecurityPrinciples of Information Security” - Michel E. Whitman and” - Michel E. Whitman and
Herbert J. Mattord, (2Herbert J. Mattord, (2ndnd
Edition)Edition)
REFERENCESREFERENCES