SlideShare uma empresa Scribd logo

Intrusion detection using data mining

B
balbeerrawat
Educação
1 de 17
By Shishir Shandilya(0610101041) Rajesh Ghildiyal(06180101036) Balbeer Singh Rawat(06180101006) Under the Guidance of MR. Ajit Singh
Problem Definition  An Intrusion Detection System is an important part of the Security Management system for computers and networks that tries to detect break-ins or break-in attempts.  Approaches to Solution  Signature-Based  Anomaly Based.
Types of Intrusion Detection  Classification I  Real Time  After-the-fact (offline)  Classification II  Host Based  Network Based
Approaches to IDS Technique Signature Based Anomaly Based Concept  Model well-known Model is based on normal behavior of the attacks system  use these known Try to flag the deviation from normal patterns to identify pattern as intrusion intrusion. Pros and  Specific to attacks  Usual changes due to traffic etc may lead Cons can not extend to higher number of false alarms . unknown intrusion patterns( False Negatives)
Approaches for IDS Network-Based Host-Based •Are installed on N/W •Are installed locally on Switches host machines •Detect some of the attacks, that host-based systems don’t. E.g.. DOS, Fragmented Packets.
Recommended Approach  None provides a complete solution  A hybrid approach using HIDS on local machines as well as powerful NIDS on switches
Attack Simulation  Types of attacks  NIDS ○ SYN-Flood Attack  HIDS ○ ssh Daemon attack.
NIDS – Data Preprocessing  Input data  tcpdump trace.  Huge  One data record per packet  Features extracted(Using Perl Scripts)  Content-Based Group records and construct new features corresponding to single connection  Time-Based Adding time-window based information to the connection records (Param: Time-window)  Connection-Based Adding connection-window based information (Param: Time-window)
Preprocessing on tcpdump  From the tcpdump data we extracted following fields  src_ip ,dst_ip  src_port, dst_port  num_packets_src_dest / num_packets_dest_src  num_ack_src_dst/ num_ack_dst_src  num_bytes_src_dst/ num_bytes_dst_src  num_retransmit_src_dst/ num_retransmit_dst_src  num_pushed_src_dst/ num_pushed_dst_src  num_syn_src_dst/ num_syn_dst_src  num_fin_src_dst/ num_fin_dst_src  connection status
Preprocessing on tcpdump cont…  Time-Window Based Features  Count_src/count_dst  Count_serv_src/ count_serv_dest  Connection-Window Based  Count_src1 /count_dst1  Count_serv_src1/ count_serv_dest1
NIDS- Datamining Technique  Outlier Detection  Clustering Based Approach(K-Means) ○ Outlier Threshold ○ Preprocessed dataset  K-NN Based Approach ○ distance threshold ○ Preprocessed dataset  Results  Clustering did not give good results. ○ Limited Data  K-NN ○ Giving Alarms
HIDS – Data Preprocesing  Input data  “strace” system call logs for a particular process(sshd)  One data record per system call  Sliding-Window Size for grouping.  Features extracted(Using Perl Scripts)  Sliding the window over the trace to generate possible sequences of system calls.
HIDS – Data Preprocessing cont… a d f g a e d a e b s d e a ad f g d f g a f g a e g a e d a e d a e d a e d a e b a e b s e b s d b s d e s d e a
Datamining Technique Used  Learning to predict system calls  Predict ith system call for each test record<p1, p2,p3>  Done using Classification (Decision Trees)  Anomaly Detection  Use of misclassification score to detect anomalies
Literature Survey  Types of attacks (Host and Network Based)  Techniques  Association rules and Frequent Episode Rules over host based and network based  Outlier Detection using clustering  classification
Future Work  NIDS  To incorporate threshold distance as a configurable parameter for K-Means Algorithm used  HIDS  Try out meta-learning algorithms for classification  A small user Interface for configuring parameters.
References  “Mining in a data-flow Environment: Experience in Network Intrusion Detection”, W. Lee, S. Stolfo, K. Mok.  “Mining audit data to build intrusion detection models”, W. Lee, S. Stolfo, K. Mok.  “Data Mining approaches for Intrusion Detection”, W. Lee S. Stolfo.  “A comparative study of anomaly detection schemes in network intrusion detection”, A. Lazarevic, A ozgur, L. Ertoz, J. Srivastava, Vipin Kumar.  “Anomaly Intrusion detection by internet datamining pf traffic episodes” Min Qin & Kai Gwang.  “A database of computer attacks for the evaluation of Intrusion Detection System”, Thesis by Kristopher Kendall.

Recomendados

Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
Gregory Hanis
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networks
antoniomorancardenas
 
Spatial data mining
Spatial data miningSpatial data mining
Spatial data mining
MITS Gwalior
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
Avinash Kumar
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Md. Afif Al Mamun
 
Machine Learning project presentation
Machine Learning project presentationMachine Learning project presentation
Machine Learning project presentation
Ramandeep Kaur Bagri
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Akhil Kumar
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack
Ahmed Salama
 

Recomendados

Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
Gregory Hanis
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networks
antoniomorancardenas
 
Spatial data mining
Spatial data miningSpatial data mining
Spatial data mining
MITS Gwalior
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
Avinash Kumar
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Md. Afif Al Mamun
 
Machine Learning project presentation
Machine Learning project presentationMachine Learning project presentation
Machine Learning project presentation
Ramandeep Kaur Bagri
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Akhil Kumar
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack
Ahmed Salama
 
Introduction to Machine Learning with SciKit-Learn
Introduction to Machine Learning with SciKit-LearnIntroduction to Machine Learning with SciKit-Learn
Introduction to Machine Learning with SciKit-Learn
Benjamin Bengfort
 
Data Integration and Transformation in Data mining
Data Integration and Transformation in Data miningData Integration and Transformation in Data mining
Data Integration and Transformation in Data mining
kavitha muneeshwaran
 
Back propagation
Back propagationBack propagation
Back propagation
Nagarajan
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Helpful logging with python
Helpful logging with pythonHelpful logging with python
Helpful logging with python
roskakori
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its Components
Mohibullah Saail
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
Roman Oliynykov
 
Data mining concepts and work
Data mining concepts and workData mining concepts and work
Data mining concepts and work
Amr Abd El Latief
 
Big Data Analytics for Real Time Systems
Big Data Analytics for Real Time SystemsBig Data Analytics for Real Time Systems
Big Data Analytics for Real Time Systems
Kamalika Dutta
 
4.2 spatial data mining
4.2 spatial data mining4.2 spatial data mining
4.2 spatial data mining
Krish_ver2
 
Part1
Part1Part1
Part1
sumit621
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Sweta Sharma
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
Srinadh Muvva
 
backpropagation in neural networks
backpropagation in neural networksbackpropagation in neural networks
backpropagation in neural networks
Akash Goel
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture Notes
FellowBuddy.com
 
Knowledge Discovery Using Data Mining
Knowledge Discovery Using Data MiningKnowledge Discovery Using Data Mining
Knowledge Discovery Using Data Mining
parthvora18
 
INTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUESINTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUES
Trinity Dwarka
 
Predictive data analytics models and their applications
Predictive data analytics models and their applicationsPredictive data analytics models and their applications
Predictive data analytics models and their applications
Bharathi Raja Asoka Chakravarthi
 
Anomaly detection
Anomaly detectionAnomaly detection
Anomaly detection
Hitesh Mohapatra
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection
amiable_indian
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining Approach
Suraj Chauhan
 

Mais conteúdo relacionado

Mais procurados

Introduction to Machine Learning with SciKit-Learn
Introduction to Machine Learning with SciKit-LearnIntroduction to Machine Learning with SciKit-Learn
Introduction to Machine Learning with SciKit-Learn
Benjamin Bengfort
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Sweta Sharma
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture Notes
FellowBuddy.com
 

Mais procurados (20)

Introduction to Machine Learning with SciKit-Learn
Introduction to Machine Learning with SciKit-LearnIntroduction to Machine Learning with SciKit-Learn
Introduction to Machine Learning with SciKit-Learn
 
Data Integration and Transformation in Data mining
Data Integration and Transformation in Data miningData Integration and Transformation in Data mining
Data Integration and Transformation in Data mining
 
Back propagation
Back propagationBack propagation
Back propagation
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Helpful logging with python
Helpful logging with pythonHelpful logging with python
Helpful logging with python
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its Components
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
Data mining concepts and work
Data mining concepts and workData mining concepts and work
Data mining concepts and work
 
Big Data Analytics for Real Time Systems
Big Data Analytics for Real Time SystemsBig Data Analytics for Real Time Systems
Big Data Analytics for Real Time Systems
 
4.2 spatial data mining
4.2 spatial data mining4.2 spatial data mining
4.2 spatial data mining
 
Part1
Part1Part1
Part1
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
backpropagation in neural networks
backpropagation in neural networksbackpropagation in neural networks
backpropagation in neural networks
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture Notes
 
Knowledge Discovery Using Data Mining
Knowledge Discovery Using Data MiningKnowledge Discovery Using Data Mining
Knowledge Discovery Using Data Mining
 
INTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUESINTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUES
 
Predictive data analytics models and their applications
Predictive data analytics models and their applicationsPredictive data analytics models and their applications
Predictive data analytics models and their applications
 
Anomaly detection
Anomaly detectionAnomaly detection
Anomaly detection
 

Destaque

Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
powerpoint feb
powerpoint febpowerpoint feb
powerpoint feb
imu409
 
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
Pradeeban Kathiravelu, Ph.D.
 
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
Pradeeban Kathiravelu, Ph.D.
 
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
DB Tsai
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
Omar Shaya
 
Data mining to predict academic performance.
Data mining to predict academic performance. Data mining to predict academic performance.
Data mining to predict academic performance.
Ranjith Gowda
 
Data mining PPT
Data mining PPTData mining PPT
Data mining PPT
Kapil Rode
 

Destaque (20)

Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining Approach
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
A Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection SystemA Study on Data Mining Based Intrusion Detection System
A Study on Data Mining Based Intrusion Detection System
 
Analysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningAnalysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data Mining
 
Educational Data Mining/Learning Analytics issue brief overview
Educational Data Mining/Learning Analytics issue brief overviewEducational Data Mining/Learning Analytics issue brief overview
Educational Data Mining/Learning Analytics issue brief overview
 
powerpoint feb
powerpoint febpowerpoint feb
powerpoint feb
 
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
 
Adaptive Intrusion Detection Using Learning Classifiers
Adaptive Intrusion Detection Using Learning ClassifiersAdaptive Intrusion Detection Using Learning Classifiers
Adaptive Intrusion Detection Using Learning Classifiers
 
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
 
DM for IDS
DM for IDSDM for IDS
DM for IDS
 
machine learning in the age of big data: new approaches and business applicat...
machine learning in the age of big data: new approaches and business applicat...machine learning in the age of big data: new approaches and business applicat...
machine learning in the age of big data: new approaches and business applicat...
 
Ids presentation
Ids presentationIds presentation
Ids presentation
 
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
 
Efficient Duplicate Detection Over Massive Data Sets
Efficient Duplicate Detection Over Massive Data SetsEfficient Duplicate Detection Over Massive Data Sets
Efficient Duplicate Detection Over Massive Data Sets
 
Data mining to predict academic performance.
Data mining to predict academic performance. Data mining to predict academic performance.
Data mining to predict academic performance.
 
02 Related Concepts
02 Related Concepts02 Related Concepts
02 Related Concepts
 
Advances in Learning Analytics and Educational Data Mining
Advances in Learning Analytics and Educational Data Mining Advances in Learning Analytics and Educational Data Mining
Advances in Learning Analytics and Educational Data Mining
 
Data mining PPT
Data mining PPTData mining PPT
Data mining PPT
 

Semelhante a Intrusion detection using data mining

Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
Loay Elbasyouni
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEM
Apoorv Pandey
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
Open Networking Perú (Opennetsoft)
 
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONCOMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
IJNSA Journal
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
ijceronline
 
COPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docxCOPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docx
voversbyobersby
 
Survey on classification techniques for intrusion detection
Survey on classification techniques for intrusion detectionSurvey on classification techniques for intrusion detection
Survey on classification techniques for intrusion detection
csandit
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
ijceronline
 

Semelhante a Intrusion detection using data mining (20)

Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptx
 
Ids 00 introduction_ intrusion detection &amp; prevention systems
Ids 00 introduction_ intrusion detection &amp; prevention systemsIds 00 introduction_ intrusion detection &amp; prevention systems
Ids 00 introduction_ intrusion detection &amp; prevention systems
 
INSECS: Intelligent networks security system
INSECS: Intelligent networks security systemINSECS: Intelligent networks security system
INSECS: Intelligent networks security system
 
Role of data mining in cyber security
Role of data mining in cyber securityRole of data mining in cyber security
Role of data mining in cyber security
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
IDS Network security - Bouvry
IDS Network security - BouvryIDS Network security - Bouvry
IDS Network security - Bouvry
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
Hybrid Intrusion Detection System using Weighted Signature Generation over An...
Hybrid Intrusion Detection System using Weighted Signature Generation over An...Hybrid Intrusion Detection System using Weighted Signature Generation over An...
Hybrid Intrusion Detection System using Weighted Signature Generation over An...
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEM
 
012
012012
012
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
 
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONCOMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
 
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
 
Intrusion Detection in WLANs
Intrusion Detection in WLANsIntrusion Detection in WLANs
Intrusion Detection in WLANs
 
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 
COPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docxCOPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docx
 
Survey on classification techniques for intrusion detection
Survey on classification techniques for intrusion detectionSurvey on classification techniques for intrusion detection
Survey on classification techniques for intrusion detection
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
 

Último

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 

Último (20)

Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 

Intrusion detection using data mining

  • 1. By Shishir Shandilya(0610101041) Rajesh Ghildiyal(06180101036) Balbeer Singh Rawat(06180101006) Under the Guidance of MR. Ajit Singh
  • 2. Problem Definition  An Intrusion Detection System is an important part of the Security Management system for computers and networks that tries to detect break-ins or break-in attempts.  Approaches to Solution  Signature-Based  Anomaly Based.
  • 3. Types of Intrusion Detection  Classification I  Real Time  After-the-fact (offline)  Classification II  Host Based  Network Based
  • 4. Approaches to IDS Technique Signature Based Anomaly Based Concept  Model well-known Model is based on normal behavior of the attacks system  use these known Try to flag the deviation from normal patterns to identify pattern as intrusion intrusion. Pros and  Specific to attacks  Usual changes due to traffic etc may lead Cons can not extend to higher number of false alarms . unknown intrusion patterns( False Negatives)
  • 5. Approaches for IDS Network-Based Host-Based •Are installed on N/W •Are installed locally on Switches host machines •Detect some of the attacks, that host-based systems don’t. E.g.. DOS, Fragmented Packets.
  • 6. Recommended Approach  None provides a complete solution  A hybrid approach using HIDS on local machines as well as powerful NIDS on switches
  • 7. Attack Simulation  Types of attacks  NIDS ○ SYN-Flood Attack  HIDS ○ ssh Daemon attack.
  • 8. NIDS – Data Preprocessing  Input data  tcpdump trace.  Huge  One data record per packet  Features extracted(Using Perl Scripts)  Content-Based Group records and construct new features corresponding to single connection  Time-Based Adding time-window based information to the connection records (Param: Time-window)  Connection-Based Adding connection-window based information (Param: Time-window)
  • 9. Preprocessing on tcpdump  From the tcpdump data we extracted following fields  src_ip ,dst_ip  src_port, dst_port  num_packets_src_dest / num_packets_dest_src  num_ack_src_dst/ num_ack_dst_src  num_bytes_src_dst/ num_bytes_dst_src  num_retransmit_src_dst/ num_retransmit_dst_src  num_pushed_src_dst/ num_pushed_dst_src  num_syn_src_dst/ num_syn_dst_src  num_fin_src_dst/ num_fin_dst_src  connection status
  • 10. Preprocessing on tcpdump cont…  Time-Window Based Features  Count_src/count_dst  Count_serv_src/ count_serv_dest  Connection-Window Based  Count_src1 /count_dst1  Count_serv_src1/ count_serv_dest1
  • 11. NIDS- Datamining Technique  Outlier Detection  Clustering Based Approach(K-Means) ○ Outlier Threshold ○ Preprocessed dataset  K-NN Based Approach ○ distance threshold ○ Preprocessed dataset  Results  Clustering did not give good results. ○ Limited Data  K-NN ○ Giving Alarms
  • 12. HIDS – Data Preprocesing  Input data  “strace” system call logs for a particular process(sshd)  One data record per system call  Sliding-Window Size for grouping.  Features extracted(Using Perl Scripts)  Sliding the window over the trace to generate possible sequences of system calls.
  • 13. HIDS – Data Preprocessing cont… a d f g a e d a e b s d e a ad f g d f g a f g a e g a e d a e d a e d a e d a e b a e b s e b s d b s d e s d e a
  • 14. Datamining Technique Used  Learning to predict system calls  Predict ith system call for each test record<p1, p2,p3>  Done using Classification (Decision Trees)  Anomaly Detection  Use of misclassification score to detect anomalies
  • 15. Literature Survey  Types of attacks (Host and Network Based)  Techniques  Association rules and Frequent Episode Rules over host based and network based  Outlier Detection using clustering  classification
  • 16. Future Work  NIDS  To incorporate threshold distance as a configurable parameter for K-Means Algorithm used  HIDS  Try out meta-learning algorithms for classification  A small user Interface for configuring parameters.
  • 17. References  “Mining in a data-flow Environment: Experience in Network Intrusion Detection”, W. Lee, S. Stolfo, K. Mok.  “Mining audit data to build intrusion detection models”, W. Lee, S. Stolfo, K. Mok.  “Data Mining approaches for Intrusion Detection”, W. Lee S. Stolfo.  “A comparative study of anomaly detection schemes in network intrusion detection”, A. Lazarevic, A ozgur, L. Ertoz, J. Srivastava, Vipin Kumar.  “Anomaly Intrusion detection by internet datamining pf traffic episodes” Min Qin & Kai Gwang.  “A database of computer attacks for the evaluation of Intrusion Detection System”, Thesis by Kristopher Kendall.