Rule based Intrusion Detection System using Particle Swarm Optimization---- part 1

By

Nowadays security has become a major issue in computer networks. Monitoring the network or system activities for suspicious activities or rule violations has been a growing problem motivating widespread research in computer science to detect better Intrusion Detection Systems (IDSs). Here I present an optimization approach known as Particle Swarm Optimization (PSO) which will detect new attacks by forming new rules. The algorithm takes into consideration a set of classification rule derived from network audit data and support confidence framework as fitness function to judge the quality of each rule.
The new advancements in the field of computer networks or internet are benefitting our life by giving us better technologies to share our data. With information sharing, problem of security is also becoming complicated. To overcome this we have various methods like firewalls, anti-viruses, passwords, etc., but it is very difficult to provide complete security. An Intrusion detection system (IDS) inspects all incoming and outgoing network activities and identifies malicious patterns that may indicate a network or system related attack from someone attempting to breach the security of our system or network. IDS basically fall in one of the three categories:
1) Rule based or Signature based vs Anomaly based IDS: Signature based IDS analyses the information it collects and collates it to large databases of attack signatures. Essentially, the IDS look for a particular attack that has already been listed by the network security experts. Anomaly based IDS identifies normal network activity like type of bandwidth used, protocol on which communication is taking place, which sort ports and devices generally connects to each other and alerts the network administrator or user when traffic is found which is anomalous.
 2) Network based vs Host based IDS: In a network based system, the individual packets flowing through a network are analyzed. These IDS can scan network packets at the router or host level, checking and analyzing packet information and logging any suspicious packet into a special database file with broaden information. Based on these malicious packets, a network based IDS can scan its own database files of already known network attack signatures and issues a severity level for each packet. If acerbity levels are high enough, it is notified to the security team members so they can further investigate the nature of the anomaly. A host IDS monitor’s host and server event/system logs from multiple sources for suspicious activity. Host IDS are best placed to detect computer misuse from trusted insiders who have already infiltrated the network.
3) Active and Passive IDS: An active Intrusion Detection Systems (IDS) is also known as Intrusion Detection and Prevention System (IDPS). Intrusion Detection and Prevention System (IDPS) is configured to automatically block malicious attacks without any outer intervention i.e. without any human effort. Intrusion Detection and Prevention System (IDPS) has the advantage of providing real-time corrective measures in response to an attack. A passive IDS is a system is configured to only monitor and analyze network traffic activity and to alert the operator for defensive or remedial capacities all alone. Molecule swarm improvement (PSO) is a populace based rumbustious stochastic enhancement strategy which is introduced with a populace of subjective arrangements and scans for optima for example ideal arrangement by refreshing or adjusting ages dependent on speed of the molecule. PSO is a metaheuristic as it makes few or no suppositions about the issue being improved and can look extensive spaces of applicant arrangements. Be that as it may, metaheuristics, for example, PSO don't ensure an ideal arrangement is ever found. All the more specifically, PSO does not utilize the inclination of the issue being advanced, which implies PSO does not necessitate that the enhancement issue be dierentiable as is required by exemplary streamlining techniques, for example, angle plunge and semi newton strategies. PSO can in this way likewise be utilized on enhancement issues that are in part sporadic, boisterous, change after some time, and so forth. Contrasted with GA which a technique with invigorate the characteristic advancement procedure to look through the ideal arrangement with the assistance of three administrators specifically determination, traverse and transformation, the PSO is a sort of enhancement calculation dependent on emphasis in which the molecule have the worldwide seeking capacity, yet in addition memory capacity which can be focalized directionally. In this manner, here our investigation intends to produce marks for a standard based IDS by means of PSO that will ideally, make better principles.
We will discuss on this later in our subsequent blog part 2 and share the algorithm related to it.

Comments

Post a Comment

Popular posts from this blog

Teacher As: Critical Pedagogue

By
Education is not only a process of cognitive development. It is a process of overall development of the child. The whole teaching learning process consist with three important components i.e student, teacher and curriculum. In the process of curriculum construction, evaluation and feedbacks are an important aspect to redesign the curriculum. Evaluation cannot be made on the basis of academic achievement of the students. Teacher should play an important role in the construction of curriculum as well as transaction of curriculum. Thus there is a need that teacher should take initiative to evaluate the whole education system as a Critical pedagogue. It is an ability to evaluate our teaching and the practices prevailing in existing education system critically in relation to methods and practices adopted by the teacher to teach concern pedagogical subjects. Ira Shor defines “ Critical pedagogy is habits of thought, reading, writing and speaking which go beneath surface meaning, first impr
Read more

ROLE CONFLICT PROBLEM AMONG WORKING WOMEN

By
Women of India have marked their significant presence in the world in various fields. They have been given the status of power and prestige in India.    Indian women has got much more significance in today’s developing times. Where until lately, they were shadowed by patriarchal dominance, the contemporary women in India have moved beyond all social boundaries to emerge as triumphant leaders of tomorrow. Not only has She taken up courageous roles in society, her own individuality as a ‘woman’ has now got an improvised meaning. The world has changed for females in India now. The daughters are pursuing successful ambitions in the male dominated corporate scenario and mothers are taking up flextime jobs to showcase their exceptional managerial talent. Today, our women have stepped out to become bread earners of the family. Although the trend is yet developing in India, The IT-BPO sector is becoming a female dominated industry in India with a significant number of capable and qualified f
Read more

Rights and obligations of Issuer, Participant and Beneficial owner under the Depository Act, 1996

By
As per section 17 of depository Act the rights and obligations of the depositories, participants and the issuers whose securities are dealt with by a depository shall be specified by the regulations. Under the Depository Act, 1996 depository means a company formed and registered under the Companies Act, 1956, and which has been granted a certificate of registration by SEBI under sub-section (1A) of Section 12 of the Securities and Exchange Board of India Act, 1992 ). (Section 2(1) (e)) Work of Depository- The word ‘depositary’ is defined as “the party of the institution (company) receiving a deposit. A depository holds securities (like shares, debentures, bonds, Government Securities, units etc.) of investors in electronic form. Besides holding securities, a depository also provides services related to transactions in securities. It acts as a trustee of the owner since the securities are entrusted with him in trust. He is also the agent of the owner of the securities. Thus
Read more