Rule based Intrusion Detection System using Particle Swarm Optimization---- part 1


Nowadays security has become a major issue in computer networks. Monitoring the network or system activities for suspicious activities or rule violations has been a growing problem motivating widespread research in computer science to detect better Intrusion Detection Systems (IDSs). Here I present an optimization approach known as Particle Swarm Optimization (PSO) which will detect new attacks by forming new rules. The algorithm takes into consideration a set of classification rule derived from network audit data and support confidence framework as fitness function to judge the quality of each rule.
The new advancements in the field of computer networks or internet are benefitting our life by giving us better technologies to share our data. With information sharing, problem of security is also becoming complicated. To overcome this we have various methods like firewalls, anti-viruses, passwords, etc., but it is very difficult to provide complete security. An Intrusion detection system (IDS) inspects all incoming and outgoing network activities and identifies malicious patterns that may indicate a network or system related attack from someone attempting to breach the security of our system or network. IDS basically fall in one of the three categories:
1) Rule based or Signature based vs Anomaly based IDS: Signature based IDS analyses the information it collects and collates it to large databases of attack signatures. Essentially, the IDS look for a particular attack that has already been listed by the network security experts. Anomaly based IDS identifies normal network activity like type of bandwidth used, protocol on which communication is taking place, which sort ports and devices generally connects to each other and alerts the network administrator or user when traffic is found which is anomalous.
 2) Network based vs Host based IDS: In a network based system, the individual packets flowing through a network are analyzed. These IDS can scan network packets at the router or host level, checking and analyzing packet information and logging any suspicious packet into a special database file with broaden information. Based on these malicious packets, a network based IDS can scan its own database files of already known network attack signatures and issues a severity level for each packet. If acerbity levels are high enough, it is notified to the security team members so they can further investigate the nature of the anomaly. A host IDS monitor’s host and server event/system logs from multiple sources for suspicious activity. Host IDS are best placed to detect computer misuse from trusted insiders who have already infiltrated the network.
3) Active and Passive IDS: An active Intrusion Detection Systems (IDS) is also known as Intrusion Detection and Prevention System (IDPS). Intrusion Detection and Prevention System (IDPS) is configured to automatically block malicious attacks without any outer intervention i.e. without any human effort. Intrusion Detection and Prevention System (IDPS) has the advantage of providing real-time corrective measures in response to an attack. A passive IDS is a system is configured to only monitor and analyze network traffic activity and to alert the operator for defensive or remedial capacities all alone. Molecule swarm improvement (PSO) is a populace based rumbustious stochastic enhancement strategy which is introduced with a populace of subjective arrangements and scans for optima for example ideal arrangement by refreshing or adjusting ages dependent on speed of the molecule. PSO is a metaheuristic as it makes few or no suppositions about the issue being improved and can look extensive spaces of applicant arrangements. Be that as it may, metaheuristics, for example, PSO don't ensure an ideal arrangement is ever found. All the more specifically, PSO does not utilize the inclination of the issue being advanced, which implies PSO does not necessitate that the enhancement issue be dierentiable as is required by exemplary streamlining techniques, for example, angle plunge and semi newton strategies. PSO can in this way likewise be utilized on enhancement issues that are in part sporadic, boisterous, change after some time, and so forth. Contrasted with GA which a technique with invigorate the characteristic advancement procedure to look through the ideal arrangement with the assistance of three administrators specifically determination, traverse and transformation, the PSO is a sort of enhancement calculation dependent on emphasis in which the molecule have the worldwide seeking capacity, yet in addition memory capacity which can be focalized directionally. In this manner, here our investigation intends to produce marks for a standard based IDS by means of PSO that will ideally, make better principles.
We will discuss on this later in our subsequent blog part 2 and share the algorithm related to it.

Comments

Popular posts from this blog

Teacher As: Critical Pedagogue

ROLE CONFLICT PROBLEM AMONG WORKING WOMEN

Rights and obligations of Issuer, Participant and Beneficial owner under the Depository Act, 1996