Ant Colony Optimization Based Distributed Intrusion Detection System
-
Upload
bogdan-ivascu -
Category
Documents
-
view
48 -
download
4
description
Transcript of Ant Colony Optimization Based Distributed Intrusion Detection System
About the paper
ACO based Distributed Intrusion Detection System
Authors: S. Janakiraman1, V. Vasudevan2
1 PSR Engineering College, Sivakasi, India 2 A.K. College of Engineering, Krishnankoil, India
International Journal of Digital Content Technology and its Applications, Volume 3, Number 1, March 2009
Contents
Intrusion detection
Distributed Intrusion Detection Systems
ACO algorithm
Experimental results
Conclusions
Intrusion detection (1)
Problem: exposing sensitive information to intruders compromise confidentiality denial of resources unauthorized use of resources
Solution: Intrusion Detection Systems (IDS) identifies all possible intrusions and
recommends actions to stop the attacks
Intrusion detection (2)
Techniques in traditional IDS log files network traffic
Must develop fast machine learning based intrusion detection algorithms high detection rates low false alarm rates
Ideal response: stop the activity
Intrusion detection (3)
IDS Classification (1)
Misuse intrusion detection uses signatures or rules that describe
undesirable events perform some action when the pattern
matches an event or data Anomaly intrusion detection
detect general misuse and attacks for which no signature exists
constructs a model according to the statical knowledge about the normal activity
IDS Classification (2)
Network-based system (NIDS) individual packets flowing through a network
are analyzed are placed at a strategic points within the
network to monitor traffic to and from all devices
Host-based system (HIDS) examines all the activity on each individual
computer (host) analyzes host activities: system calls,
application logs, file-system modifications etc.
IDS Classification (3)
Passive system detect a potential security breach, logs the
information and signal an alert alerts are sent to the administrator and it is
up to them to take action Reactive system
IDS respond to the suspicious activity log off a user reprogram the firewall to block network traffic
from the suspected malicious source
IDS Requirements
Adaptability Concurrency Efficiency and Reliability Escalating Behavior Extensibility Flexibility Manual Control Recognition Resistance to compromise Software Response Scalability
Distributed Intrusion Detection Systems
Communication architecture
Ant Colony Optimization (1)
Ants are capable of finding the shortest path from a food source to their nest.
They are adaptive to changes in the environment for finding a new shortest path once the old path is no longer feasible.
On the way ants deposit pheromone to mark the route taken.
The concentration of pheromone on a certain path is an indication of the path’s length.
Ant Colony Optimization (2)
Route selection
ACO Algorithm
input: an instance x of a Combinatorial Optimization problem
while termination conditions not met do Schedule Activities
Ant based Solution Construction() Pheromone Update() Daemon Actions()
end Schedule Activities Sbest← best solution in the population of solutions end while
output: Sbest , candidate to optimal solution for x
Experimental results (1)
Dataset: 1998 DARPA intrusion detection evaluation program by MIT Lincoln Labs
6 features are used in ACO algorithm: connection duration, protocol, source port,
destination port, source IP address and destination IP address
24 attack types 22,000 attack data records & and 10,000
normal data records are prepared for training 22,000 attack instances and 10,000 normal
data are selected as testing data
Experimental results (2)
Experimental results (3)
Experimental results (4)
Conclusions
Meta-heuristic DIDS architecture for scalable intrusion detection and prevention in distributed networks
Ant based DIDS can significantly improve the overall performance of existing DIDS High detection rate Low false positive rate – can recognize
normal network traffic
Thank you!