A Secrecy Emission of Decision Based Approach for

advertisement
International Journal of Engineering Trends and Technology (IJETT) – Volume 19 Number 1 – Jan 2015
A Secrecy Emission of Decision Based Approach for
Finding Intermediate Datasets Over cloud
1
Shaik Imran Hussin, 2L.Prasanna Kumar, 3Amarendra Kothalanka
1
2
3
M.Tech Student, Associate Professor, Head of the department
1, 2, 3
Department of Computer Science & Engineering, Dadi Institute of Engineering &
Technology, Anakapalle-531002, A.P., India
Abstract:In this paper we are proposing an efficient privacy
preserving cost effective mechanism through classification
and cryptographic approach, when sharing of resources
like data in cloud,it should provide security while storing
data and privacy over data. In this paper we are using
ID3algorithm for classification of intermediate data set and
store into cloud. Before storing the data into cloud the data
owner should encrypt the data by using cryptographic
algorithm i.eTriple DES technique. If any user required
toretrieve data from the cloud ,it can be decryptedwith
same key and it can reduces time complexity and it is cost
effective.
I. INTRODUCTION
IT Security personnel and network help staff tasked with
overseeing vast networks are routinely conflicting with
distinguishing and taking care of the most widely
recognized issues an extensive network postures.
Commonplace causes that can be distinguished and treated,
on the other hand, for the most part can be categorized as
One of the accompanying three classifications:
-Performance Degradation
Host Identification
-Security Issues
Performance Degradation
Performance Degradation: It alludes to issues
including loss of velocity and information respectability
because of poor transmissions. While each network is
inclined to execution issues, expansive networks are
particularly powerless because of the extra separation,
endpoints, and extra gear at midpoints.
Answers for execution degradation are not
unpleasantly troublesome. The main step is to buy the best
quality machine networking equipment one can manage.
All different arrangements expand upon a robust
establishment of great network fittings. All things
considered, network execution is just in the same class as
the parts of which it is made.
Albeit quality matters, for this situation amount
can likewise be an issue. Networks without enough
switches, switches, space controllers, and so forth is
equivalent to pumping water from a metropolitan well with
a straw. Starting with sufficient, quality fittings is a
phenomenal begin, yet that still is insufficient. Equipment
is futile without fitting setup.
ISSN: 2231-5381
Host Detection:
Legitimate setup is additionally crucial to keeping
up fitting host ID. Pretty much as the mail station can't
convey messages without some manifestation of tending to,
not one or the other can machine networking fittings.
While little networks can undoubtedly be arranged with
manual tending to, this gets to be totally illogical in
extensive networks. DHCP servers, space controllers, and
their imperative tending to programming and conventions
are an unquestionable requirement regarding making and
keeping up a substantial, versatile network.
Top execution and legitimate host recognizable
proof are barely advantageous on a network that has been
ruptured by programmers. It is for this very motivation
behind why securing one's network is just as imperative.
Security situations:
Network security issues include keeping up network
honesty, keeping unapproved clients from penetrating the
framework (survey/taking touchy information, passwords,
and so on.), and ensuring the network disavowal of
administration assaults.
These issues are enormously amplified as
networks increments in size. Bigger networks are more
helpless to assault on the grounds that they offer more
powerless focuses at which interlopers can get access.
More clients, more passwords, and more fittings mean
more places a programmer can attempt to get in.
Resistance against these issues incorporate
utilizing firewalls and intermediaries, introducing solid
antivirus programming, conveying strict secret key
strategies, making utilization of network examination
programming, physically securing machine networking
resources, and conjuring techniques that compartmentalize
an extensive network with interior limits.
These three issues, as extensively incorporating as
they may be, can be overpowering for little to average
sized business to handle all alone.
II. RELATED WORK
An intrusion detection system (IDS) is programming that
robotizes the intrusion detection process. An intrusion
prevention system (IPS) is programming that has all the
capacities of an intrusion detection system furthermore can
likewise endeavor to stop conceivable occurrences. This
segment gives a diagram of IDS and IPS advances as an
establishment for whatever is left of the distribution. It first
clarifies how IDS and IPS advances can be utilized. Next,
http://www.ijettjournal.org
Page 4
International Journal of Engineering Trends and Technology (IJETT) – Volume 19 Number 1 – Jan 2015
it portrays the key capacities that IDS and IPS innovations
perform and the detection procedures that they utilization.
At last, it gives an outline of the real classes of IDS
furthermore IPS innovations.
IDS and IPS advances offer a significant number
of the same abilities, and chairmen can typically debilitate
prevention offers in IPS items, making them work as IDSs.
As needs be, for curtness the term intrusion detection and
prevention systems (IDPS) is utilized all through whatever
is left of this manual for allude to both IDS and IPS
technologies.
IDPSs
are
fundamentally
centered
on
distinguishing conceivable occurrences. For instance, an
IDPS could distinguish when an aggressor has effectively
bargained a system by abusing helplessness in the system.
The IDPS could then report the occurrence to security
heads, who could rapidly launch episode reaction activities
to minimize the harm brought about by the incident.
The IDPS could likewise log data that could be
utilized by the occurrence handlers. Numerous IDPSs can
likewise be arranged to perceive infringement of security
approaches. For instance, a few IDPS s can be designed
with firewall rule set-like settings, permitting them to
recognize network movement that abuses the association's
security or worthy utilization arrangements. Additionally,
some IDPSs can screen record exchanges and distinguish
ones that may be suspicious, for example, replicating a
substantial database onto a client's smart phone.
Numerous IDPSs can likewise distinguish
surveillance action, which may show that an assault is
impending. For instance, some assault devices and types of
malware, especially worms, perform surveillance exercises,
for example, have and port sweeps to recognize focuses for
consequent assaults. An IDPS may have the capacity to
square surveillance and advise security chairmen, who can
take activities if necessary to change other security controls
to counteract related episodes. Since observation
movement is so visit on the Web, surveillance detection is
frequently performed essentially on ensured inside
networks.
Anomaly detection is the procedure of looking at
meanings of what action is viewed as ordinary against
watched occasions to recognize huge deviations. IDPS
utilizing aberrance based detection has profiles that speakto
the typical conduct of such things as clients, hosts, network
associations, or applications. The profiles are created by
observing the attributes of run of the mill movement over a
period of time. Case in point, a profile for a network may
ISSN: 2231-5381
demonstrate that Web movement involves a normal of 13%
of network data transfer capacity at the Internet fringe amid
normal workday hours. The IDPS then uses measurable
routines to contrast the attributes of current movement with
edges identified with the profile, for example, recognizing
when Web action includes altogether more data transfer
capacity than anticipated and alarming an executive of the
irregularity. Profiles can be produced for some behavioral
qualities, for example, the number of messages sent by a
client, the quantity of fizzled login endeavors for a host,
and the level of processor use for a host in a given time of
time.
III. PROPOSED SYSTEM
Cloud provides data storage as service and one of the
efficient resource area. We are proposing an efficient cost
effective system by storing the intermediate sets instead of
entire data sets in to cloud. End users can request the
resources like on demand services,here we can reduces the
space complexity by eliminating the unnecessary data and
reduces time complexity because time taken to encrypt the
raw dataset is less than he intermediate dataset and data
confidentiality can be maintained through Triple DES
algorithm.
Data Owner
Let us consider the database as a training dataset and
testing dataset. Training dataset is a raw data on which
testing dataset is passed an input and generates decision
tree for ID3 algorithm classification of the data over these
dataset has been obtained. Classified results are known as
intermediate dataset. Comparing the training and testing
dataset
Cloud Service
It is a service provided for the user and data owner to get
access the data, data owner gets the intermediate dataset
from training dataset and testing dataset using the id3
algorithm and stores the data in cloud and then the user
gets the data from the cloud which is stored by the data
ownerwhich is encrypted . The user decrypts the data
received from the cloud. Though the cloud provide the data
many number of users can get access the same data by
getting the authentication.
Users
User logged in, to get the data from the cloud inspite of
number of users can get the same data by the user
authentication technique by using the Triple DES.
http://www.ijettjournal.org
Page 5
International Journal of Engineering Trends and Technology (IJETT) – Volume 19 Number 1 – Jan 2015
Read Dataset
User1
Data Owner
User2
Intermediate
dataset
Dataset
User3
Decrypts the data
Decrypts the data
3
Decrypts the data
Cloud Service
Encrypted Data
ID3 Classification algorithm:
1) Establish Classification Attribute
2) Compute Classification Entropy.
3) For every attribute in R set, compute Information Gain
using classification attribute.
4) Choose Attribute with the highest information gain to be
the next Node in the tree (starting from the main root
node).
5) Eliminate or remove Node Attribute, creating reduced
table RS set.
6) Repeat steps 3 to 5 until all attributes have been used or
the same classification value remains for all rows in the
reduced table.
ID3 builds a decision tree from a fixed set of
examples and the resulting tree is used to classify future
samples and the example has several attributes and belongs
to a class (like yes or no) and the leaf nodes of the decision
tree contain the class name whereas a non-leaf node is a
decision node and the decision node is an attribute test
with each branch (to another decision tree) being a possible
value of the attribute and ID3 uses information gain to help
it decide which attribute goes into a decision node and the
advantage of learning a decision tree is that a program
rather than a knowledge engineer that elicits knowledge
from a final expert.
ISSN: 2231-5381
Gain measures how well a given attribute
separates training examples into targeted classes. The only
one with the highest information (information being the
most useful for classification) is selected to define gain, we
first borrow an idea from information theory called entropy
and Entropy measures the amount of information in an
attribute.
Triple DES algorithm:
Triple DES is the common name for the Triple Data
Encryption Algorithm (TDEA) block cipher. It is so named
because it applies the Data Encryption Standard (DES)
cipher algorithm three times to each data block. Triple DES
provides a relatively simple method of increasing the key
size of DES to protect against brute force attacks, without
requiring a completely new block cipher algorithm.
The standards define three keying options:
•
Keying option 1: All three keys are independent.
•
Keying option 2: K1 and K2 are independent, and
K3 = K1.
http://www.ijettjournal.org
Page 6
International Journal of Engineering Trends and Technology (IJETT) – Volume 19 Number 1 – Jan 2015
•
Keying option 3: All three keys are identical, i.e.
K1 = K2 = K3.
Keying option 1 is the strongest, with 3 x 56 = 168
independent key bits.
Keying option 2 provides less security, with 2 x 56 = 112
key bits. This option is stronger than simply DES
encrypting twice, e.g. with K1 and K2, because it protects
against meet-in-the-middle attacks.
Keying option 3 is no better than DES, with only 56 key
bits. This option provides backward compatibility with
DES, because the first and second DES operations simply
cancel out. It is no longer recommended by the National
Institute of Standards and Technology (NIST) and not
supported by ISO/IEC 18033-3.
In general Triple DES with three independent keys (keying
option 1) has a key length of 168 bits (three 56-bit DES
keys), but due to the meet-in-the-middle attack the
effective security it provides is only 112 bits. Keying
option 2, reduces the key size to 112 bits. However, this
option is susceptible to certain chosen-plaintext or knownplaintext attacks and thus it is designated by NIST to have
only 80 bits of security.
IV. CONCLUSION
[5] Cloud Security Front and Center. Forrester Research. 200911-18.http://blogs.forrester.com/srm/2009/11/cloud-securityfront-andcenter.html
[6]
Cloud
Security
http://www.cloudsecurityalliance.org.
Alliance.
[7] Cloud Security Alliance, Security Guidance for Critical Areas
of Focusin Cloud Computing, V2.1, http://www.clouds
ecurityalliance.org/guidance/csaguide.v2.1.pdf.
[8] S. Subashini, V.Kavitha. A survey on security issues in
service deliverymodels of cloud computing. Journal of Network
and ComputerApplications 34(2011)1-11.
[9] Mohamed Al Morsy, John Grundy, Ingo Müller, “An Analysis
of TheCloud Computing Security Problem,” in Proceedings of
APSEC 2010Cloud Workshop, Sydney, Australia, 30th Nov
2010.
[10] Yanpei Chen, Vern Paxson, Randy H. Katz, “What's New
About
CloudComputing
Security?”
Technical
Report
No.UCB/EECS-2010-5.
http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-20105.html
BIOGRAPHIES
The storage of data in the cloud places an
important role for the purpose and to maintain security of
data. Another problem for facing in the cloud computing is
the authentication of users. In this paper we are using ID3
algorithm for classification of data and obtain the
intermediate dataset. In this we are using another technique
for generation of secret key for the encryption and
decryption of transmitted data.. The encryption and
decryption of transmitted data we are using Triple DES
algorithm. After performing encryption of data stored into
cloud in the form encrypted format. By providing those
technique we are provide more security and efficiency for
transferring data.
REFERENCES
[1] Peter Mell, and Tim Grance, “The NIST Definition of Cloud
Computing,”
Version
15,
10-7-09,
http://www.wheresmyserver.co.nz/ storage/media/faq-files/clouddef-v15.pdf.
[2] Sun Cloud Architecture Introduction White Paper (in
Chinese).http://developers.sun.com.cn/blog/functionalca/resource/
sun_353cloudc omputing_chinese.pdf.
[3] Cloud computing security, http://en.wikipedia.org/wiki/Cloud
computing_security.
ISSN: 2231-5381
[4]
Gartner: Seven cloud-computing security risks.
InfoWorld.2008-07-02.http://www.infoworld.com/d/securitycentral/gartner-seven-cloudcomputing-security-risks-853.
Shaik Imran Hussin is a student
in M.Tech (cse) in Dadi Institute
of
Engineering&
Technology,Anakapalli
.He
received his B.Tech(cse) from
Al-Ameer
College
of
Engineering & Information
Technology,
Visakhapatnam
His intresting areas are Cloud
computing ,Dotnet and Data mining
L.Prasanna
Kumar
received the M.Tech.
degree
in
Computer
Science& Technology. He
is an AssociateProfessor in
the
Department
of
Computer
Science
&Engineering,DadiInstitute
of
Engineering&Technology,
Anakapalle. His intresting
areas of research are
Datamining and cloud computing.
http://www.ijettjournal.org
Page 7
Download