International Journal of Engineering Trends and Technology (IJETT) – Volume 18 Number3 - Dec 2014
An Efficient Intrusion Detection and Prevention
System with Hybrid approach
B.Sowjanya1,B.kishor kumar2
1
1,2
Final M.Tech Student,2Assistant Professor
Dept.of IT, Aditya Institute Of Technology And Management,Tekkali. A.P
Abstract: Malicious node detection and prevention is an
endless research work because we cannot estimate all the
possible attacks and future attacks, so it is always an
interesting research issue. In this paper we are proposing an
efficient and empirical mode of node authentication
mechanism with signature and secure path can be
computed based on data rating and data can be transmitted
through Cryptographic algorithm.
Keywords : Malicious node, authentication, cryptographic
algorithm, data rating
I. INTRODUCTION
In communication system there are many issues
about intrusion detection and they are classified into two
types such as ID based intrusion detection and Host based
intrusion detection. The ID based intrusion detection
mainly works on unique ID of the users which means this
method track the intruders based on the Identity[1][2].
Another one is Host based intrusion detection and
it mainly works on the host system which means the IP
address and the port number of the system. It tracks the
users based on above parameters[3]. There are more
researches conducted in this intrusion detection concepts
based on artificial intelligence and the classification of the
data about the users.
There is some other intrusion detection techniques are
described briefly below:
File Checking:
Numerous assault systems depend on the
utilization of uncommon or twisted protocol fields, which
are erroneously taken care of by application frameworks.
Protocol check methods thoroughly check protocol fields
and conduct against built models or heuristic desires.
Information that damages the important limits is labeled as
suspicious. This methodology, utilized as a part of various
business frameworks, can catch a lot of people usually
utilized assaults, yet experiences the poor benchmarks
consistence of numerous protocol usage. [ids-List] what's
more, utilizing this strategy on exclusive or under-tagged
protocols may be troublesome or lead to false positives[4].
Immune System Approach:
Application executions characteristically give a
model of typical conduct, as application code ways. In the
resistant framework approach, applications are displayed
regarding groupings of framework requires an assortment
of distinctive conditions: ordinary conduct, mistake
ISSN: 2231-5381
conditions and endeavors. Contrasting this model with
watched occasion follows permits grouping of typical or
suspicious conduct. Case in point, a strange executive
framework bring in a web server methodology may be
demonstrative of a cradle flood attack[5][6].
Host Network Monitoring:
A methodology utilized as a part of individual
firewalls and a few IDS test plans lies in consolidating
system checking with host-based tests. By watching
information at all levels of the host's system protocol stack,
the ambiguities of stage particular activity taking care of
and the issues connected with cryptographic protocols can
be determined. The information and occasion streams saw
by the test are those seen by the framework itself.
This methodology offers preferences and burdens
like both options recorded previously. It determines a
considerable lot of the issues connected with unbridled
system checking, while keeping up the capacity to watch
the whole correspondence in the middle of victimized
person and aggressor. Like all host-based methodologies,
be that as it may, this methodology intimates an execution
effect on every observed framework, requires extra backing
to relate occasions on numerous hosts, and is liable to
subversion when the host is bargained[7].
II. RELATED WORK
In client server architecture server and client can
be divided based on the characteristics of the system.
Server can accept he request, process the request and send
the response to the requested client. Client makes request
and receives the response from the server. In mobile adhoc
networks or wireless sensor networks, source node uses
intermediate nodes for transmission of data to receiver or
destination node.
Intermediate node cannot allow the all nodes
while transmission of data, so for the verification of the
incoming node various approaches released by the various
authors from years of research, traditional approaches like
static measures (direct trust metrics, indirect trust metrics
and mutual metrics and reputation metric).
Wireless sensor networks have numerous
advantages in various places like hospitals,banks,military
and so on.Due to many important characteristicslike low
cost, more speed, reliability,but security is the majotr factor
to depend the nodes in wireless sensor networks,so due to
http://www.ijettjournal.org
Page 123
International Journal of Engineering Trends and Technology (IJETT) – Volume 18 Number3 - Dec 2014
open nature mechanisms like intrusion detection system
require to identify the unauthorized node, various
approaches like classification gives good results but fails
when training data set is inconsistentor noisy data .
ALGORITHM: Node recognition
Motivation behind this current
research work is to identify the malicious node when
connects to the destination node ,so traditional approaches
are unable to identify the unauthorized nodes also mis
identifies the genuine node as malicious node, so static
results may not give optimal results,so we need a dynamic
mechanism for identification and unauthorized user and
raw log training data based result may mislead the accuracy
results, so preprocessing of training data improves the
accuracy
Step2: Master Nodeapplies signature over session key (Sk).
We can improve our work by enhancing the classification
approach, In classification based approach, analysis fails
when testing sample of data not available in training
dataset or new data sample and classification fails when
data is inconsistent or not available for specific attributes .
By improving these two features we can enhance the
performance of the current intrusion detection system
Static comparison methods may not give accurate
results.Raw firewall data decreases the performance with
duplicate log records ,for traditional Trust metrics and data
rating computations we are completely depends on Third
party and major advantages of our proposed work are
dynamic probability calculations give optimal results than
traditional static measures and Preprocessed log data
improves the efficiency and accuracy
In this paper we are introducing a hybrid approach for
malicious node detection followed by data rating
calculation for secure and optimal path and data can be
transmitted as cipher with triple DES cryptographic
algorithm
III. PROPOSED WORK
We propose a novel model of intrusion detection and
prevention technique with digital signature and average
rate of in and out data packet transmissions. Here we
categorize the server as master node(MN) and other are
general nodes(GN).A session key can be generated at MN
and applies digital signature over key which is generated at
MN and forwards the same key to all general nodes and
General node applies same signature over session key and
forwards to MN,if signature generated at MN and general
node are equal then that node is genuine node otherwise it
is malicious node.
ISSN: 2231-5381
Step1:Master Node Generates a random session Sk and
shares all connected nodes.
Step3: Individual General Node computes same hash or
signature mechanism over received Skand computes
S=[h(Sk)]
h is hash function for signature maintained by GN and MN
4) General nodesconnectsto MN for authentication with S
or [h(Sk)]
5) if S ( forwarded by GN)= S (Generated at MN)
Thenset “Genuine Node”
else
set“Malicious Node”
end if
Data rating:
After node authentication, GN can communicate with any
other genuine node by constructing the path based on data
rating which is maintained by the intermediate nodes, here
data rating can be calculated with respect to number of
packets received and number of packet delivered ratio.
Let use consider a genuine node “S” wants to transfers
some data packets to destination node “D” and E,F,G are
intermediate nodes which are used for data rating
calculation, optimal path can be computed with highest
data rating or average in and our packets ratios of the node.
The following table shows sample data rating table as
follows.
In (number of data packets
in Bytes)
30
40
25
23
45
46
Out
(number
packets in Bytes)
20
40
22
23
40
44
of
data
Data rating can be calculated with mean of in packets and
outpackets during transmission of data packets through
intermediate nodes. Data transmitted through highest data
rating basedpath of genuine or authenticated nodes for
secure data transmission from source node to destination
node, data packets can be encoded with Triple DES
cryptographic algorithm and these received data packets
can decoded only at destination end even though
transmitted through intermediate genuine nodes. The
following
algorithm
shows
triple
DES
cryptographicalgorithm as follows.
Secure Transmission:
http://www.ijettjournal.org
Page 124
International Journal of Engineering Trends and Technology (IJETT) – Volume 18 Number3 - Dec 2014
Triple Des is a cryptographic algorithm for secure
transmission of data over secure channel, it converts the
plain data packets to cipher data packets or unformatted
data packets.
Triple DES runs three times slower
than DES, but is much more secure if used properly. The
procedure for decrypting something is the same as the
procedure for encryption, except it is executed in reverse.
Like DES, data is encrypted and decrypted in 64-bit
chunks. Although the input key for DES is 64 bits long, the
actual key used by DES is only 56 bits in length. The least
significant (right-most) bit in each byte is a parity bit, and
should be set so that there are always an odd number of 1s
in every byte. These parity bits are ignored, so only the
seven most significant bits of each byte are used, resulting
in a key length of 56 bits. This means that the effective key
strength for Triple DES is actually 168 bits because each of
the three keys contains 8 parity bits that are not used during
the encryption process.
The standards define three keying options:
Keying option 1: All three keys are independent.
Keying option 2: K1 and K2 are independent, and K3
= K1.
Keying option 3: All three keys are identical, i.e. K1 =
K2 = K3.
Keying option 1 is the strongest, with 3 x 56 = 168
independent key bits.
Keying option 2 provides less security, with 2 x 56 = 112
key bits. This option is stronger than simply DES
encrypting twice, e.g. with K1 and K2, because
it protects against meet-in-the-middle attacks.
For experimental analysis,we implemented our
current research work with Java, in the following example,
it shows the Malicious node detection rate with respect to
traditional approach and proposed approach, from the 100
samples of experimental data, traditional approach fails to
detect the malicious nodes and obviously it leads to
insecure data transmission between the nodes.
In proposed analysis, malicious node detection
rate is more and secure transmission can be done through
genuine nodes, so secure transmission rate is more in our
approach
100
80
60
40
20
0
ISSN: 2231-5381
Fig1 : Comparative Analysis
IV. CONCLUSION
We have been concluding our research work with efficient
malicious node detection with signature hash based
mechanism and secure and efficient path can be computed
with data rating based technique and data can be securely
transmitted
through
Triple
DES
cryptographic
algorithm,Experimental results shows more accurate and
efficient results than traditional techniques.
REFERENCES
[1] A Key-Management Scheme forDistributed Sensor
Networks,” by L. Eschenauer and V. Gligor, “Proc. Ninth
ACM Conf. Computerand Comm. Security (CCS ’02), pp.
41-47, 2002.
[2] A. Perrig, R. Szewczyk, J. Tygar, V. Wen, and D.
Culler, “SPINS:Security Protocols for Sensor Networks,”
Wireless Networks, vol. 8,no. 5, pp. 521-534, 2002.
[3] D. Hong, J. Sung, S. Hong, J. Lim, S. Lee, B. Koo, C.
Lee, D.Chang, J. Lee, K. Jeong, H. Kim, J. Kim, and S.
Chee, “HIGHT: ANew Block Cipher Suitable for LowResource
Device,”
Proc.Eighth
Int’l
Workshop
Cryptographic Hardware and EmbeddedSystems (CHES
’06), pp. 46-59, 2006.
[4] P. Kamat, Y. Zhang, W. Trappe, and C. Ozturk,
“EnhancingSource-Location Privacy in Sensor Network
Routing,” Proc. IEEE25th Int’l Conf. Distributed
Computing Systems (ICDCS ’05), pp. 599-608, 2005.
[5] S. Hollar. COTS Dust.Master’s thesis, University of
California,Berkeley, December 2000.
[6] Internet Traffic Classification by Aggregating
Correlated Naive Bayes Predictions. By Jun Zhang,
Member, IEEE, Chao Chen, Yang Xiang,
[7], “Internet traffic classification usingbayesian analysis
techniques,” by A. W. Moore and D. Zuev
[8] SPINS: Security Protocols for Sensor Networks
ADRIAN PERRIG, ROBERT SZEWCZYK, J.D. TYGAR,
VICTOR WEN and DAVID E. CULLER
Traditional
Proposed
[9]. “Secure routing in wireless sensornetworks: Attacks
and countermeasures” .byC. Karlof and D. Wagner
.
[10] T. S. Rappaport. Wireless communications: principles
andpractice. Prentice Hall, 2nd edition, 2002.
http://www.ijettjournal.org
Page 125