Rule based Intrusion Detection System using Particle Swarm Optimization---- part 1
Nowadays
security has become a major issue in computer networks. Monitoring the network
or system activities for suspicious activities or rule violations has been a
growing problem motivating widespread research in computer science to detect
better Intrusion Detection Systems (IDSs). Here I present an optimization
approach known as Particle Swarm Optimization (PSO) which will detect new
attacks by forming new rules. The algorithm takes into consideration a set of
classification rule derived from network audit data and support confidence
framework as fitness function to judge the quality of each rule.
The
new advancements in the field of computer networks or internet are benefitting
our life by giving us better technologies to share our data. With information
sharing, problem of security is also becoming complicated. To overcome this we
have various methods like firewalls, anti-viruses, passwords, etc., but it is
very difficult to provide complete security. An Intrusion detection system (IDS)
inspects all incoming and outgoing network activities and identifies malicious
patterns that may indicate a network or system related attack from someone
attempting to breach the security of our system or network. IDS basically fall
in one of the three categories:
1)
Rule based or Signature based vs Anomaly based IDS: Signature based IDS
analyses the information it collects and collates it to large databases of
attack signatures. Essentially, the IDS look for a particular attack that has
already been listed by the network security experts. Anomaly based IDS
identifies normal network activity like type of bandwidth used, protocol on
which communication is taking place, which sort ports and devices generally
connects to each other and alerts the network administrator or user when traffic
is found which is anomalous.
2) Network based vs Host based IDS: In a
network based system, the individual packets flowing through a network are analyzed.
These IDS can scan network packets at the router or host level, checking and
analyzing packet information and logging any suspicious packet into a special database
file with broaden information. Based on these malicious packets, a network based
IDS can scan its own database files of already known network attack signatures
and issues a severity level for each packet. If acerbity levels are high
enough, it is notified to the security team members so they can further
investigate the nature of the anomaly. A host IDS monitor’s host and server
event/system logs from multiple sources for suspicious activity. Host IDS are
best placed to detect computer misuse from trusted insiders who have already
infiltrated the network.
3)
Active and Passive IDS: An active Intrusion Detection Systems (IDS) is also known
as Intrusion Detection and Prevention System (IDPS). Intrusion Detection and
Prevention System (IDPS) is configured to automatically block malicious attacks without
any outer intervention i.e. without any human effort. Intrusion Detection and
Prevention System (IDPS) has the advantage of providing real-time corrective
measures in response to an attack. A passive IDS is a system is configured to
only monitor and analyze network traffic activity and to alert the operator for defensive
or remedial capacities all alone. Molecule swarm improvement (PSO) is a
populace based rumbustious stochastic enhancement strategy which is introduced
with a populace of subjective arrangements and scans for optima for example
ideal arrangement by refreshing or adjusting ages dependent on speed of the
molecule. PSO is a metaheuristic as it makes few or no suppositions about the
issue being improved and can look extensive spaces of applicant arrangements.
Be that as it may, metaheuristics, for example, PSO don't ensure an ideal
arrangement is ever found. All the more specifically, PSO does not utilize the
inclination of the issue being advanced, which implies PSO does not necessitate
that the enhancement issue be differentiable
as is required by exemplary streamlining techniques, for example, angle plunge
and semi newton strategies. PSO can in this way likewise be utilized on
enhancement issues that are in part sporadic, boisterous, change after some
time, and so forth. Contrasted with GA which a technique with invigorate the
characteristic advancement procedure to look through the ideal arrangement with
the assistance of three administrators specifically determination, traverse and
transformation, the PSO is a sort of enhancement calculation dependent on
emphasis in which the molecule have the worldwide seeking capacity, yet in
addition memory capacity which can be focalized directionally. In this manner,
here our investigation intends to produce marks for a standard based IDS by
means of PSO that will ideally, make better principles.
We
will discuss on this later in our subsequent blog part 2 and share the
algorithm related to it.
Comments
Post a Comment