This document discusses the Address Resolution Protocol (ARP) and its use in intrusion detection systems. It proposes a standardized 64-byte ARP protocol structure to more easily capture ARP packets from a network. The structure includes fields for frame information, destination and source addresses, ARP type details, and sender/target MAC and IP addresses. This standardized structure could be integrated into network monitoring to help detect intrusions without affecting normal data transfer processes. Overall, the document aims to optimize the ARP sequence for use in intrusion detection systems.
This document discusses network intrusion detection systems (NIDS) and their ability to handle high-speed traffic. It introduces NIDS and their role in monitoring network traffic. The document presents an experiment that tests the open-source NIDS Snort under high-volume traffic. The experiment shows that Snort drops more packets as traffic speed and volume increases, demonstrating a weakness of NIDS in high-speed environments. It suggests using a parallel NIDS technique to help NIDS better handle high-speed network traffic and reduce packet dropping.
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...
Determination of the position enables location awareness for mobile computers in any place and persistent wireless computing. In addition utilizing location information, location aware computers can render location based services possible for mobile users. In order to design and implement a technique to identify the source network interface card, a feasibility study should be done to keep the project within the budget; also tracking of new technologies will enhance the methodology of choosing these techniques. Wireless Local Area Network (WLAN) is vulnerable to malicious attacks due to their shared medium in unlicensed frequency spectrum, thus requiring security features for a variety of applications. This paper will discuss a technique that helps in determining the best location for access points using GPS system, in order to choose the optimal number of them; which guide to localize and identify attacks with optimal IDS method and cheapest price. The other thing is to locate the intruder within the monitored area by using a hybrid technique, which came from exist techniques, by focusing on the advantages of these techniques and come with a new one to give more accurate results with less price by using available resources
Welcome to International Journal of Engineering Research and Development (IJERD)
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATAijp2p
The objective of the proposed system is to integrate the high volume of data along with the important
considerations like monitoring a wide array of heterogeneous security. When a real time cyber attack
occurred, the Intrusion Detection System automatically store the log in distributed environment and
monitor the log with existing intrusion dictionary. At the same time the system will check and categorize the
severity of the log to high, medium, and low respectively. After the categorization, the system will
automatically take necessary action against the user-unit with respect to the severity of the log. The
advantage of the system is that it utilize anomaly detection, evaluates data and issue alert message or
reports based on abnormal behaviour.
TRUST FACTOR AND FUZZY-FIREFLY INTEGRATED PARTICLE SWARM OPTIMIZATION BASED I...IJCNCJournal
Mobile Ad hoc Networks (MANET) is one of the rapidly emanating technologies, which has gained attention in a wide range of applications in the fields of military, private sectors, commercials and natural calamities. Securing MANET is a dominant responsibility, and hence, a trust factor and fuzzy based intrusion detection and prevention system is proposed for routing in this paper. Based on the trust values of the nodes, the fuzzy system identifies the intruder, such that the path generated in the MANET is secured. Moreover, an optimization algorithm, entitled Fuzzy integrated Particle Swarm Optimization (FuzzyFPSO), is proposed by the concatenation of the Firefly Algorithm (FA) and Particle Swarm Optimization (PSO) for the optimal path selection in order to provide secure routing. The simulation of the proposed methodology is NS2 simulator and analysis is carried out considering four cases, like without attack, flooding attacks, black hole attack and selective packet drop attack concerning throughput, delay and detection rate. The remarkable evaluation measures of the proposed Fuzzy-FPSO are the maximal throughput of 0.634, minimal delay of 0.044 , maximal detection rate of 0.697 and minimal routing overhead of 0.24550 And the evaluation measure for the case without any attacks are the maximal throughput of 0.762, minimal delay of 0.029 ,maximal detection rate of 0.805 and minimal routing overhead of 0.11511.
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...IRJET Journal
The document discusses security attacks on wireless sensor networks, describing various types of attacks like jamming, impersonation, replay attacks, and denial of service attacks that can occur at different layers of the network. It analyzes key security objectives for wireless sensor networks like availability, authentication, integrity, and confidentiality. The document also outlines the architecture of wireless sensor networks, including the five layers of the OSI model and three cross-layer planes, and components of sensor nodes.
This document discusses network intrusion detection systems (NIDS) and their ability to handle high-speed traffic. It introduces NIDS and their role in monitoring network traffic. The document presents an experiment that tests the open-source NIDS Snort under high-volume traffic. The experiment shows that Snort drops more packets as traffic speed and volume increases, demonstrating a weakness of NIDS in high-speed environments. It suggests using a parallel NIDS technique to help NIDS better handle high-speed network traffic and reduce packet dropping.
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...CSCJournals
Determination of the position enables location awareness for mobile computers in any place and persistent wireless computing. In addition utilizing location information, location aware computers can render location based services possible for mobile users. In order to design and implement a technique to identify the source network interface card, a feasibility study should be done to keep the project within the budget; also tracking of new technologies will enhance the methodology of choosing these techniques. Wireless Local Area Network (WLAN) is vulnerable to malicious attacks due to their shared medium in unlicensed frequency spectrum, thus requiring security features for a variety of applications. This paper will discuss a technique that helps in determining the best location for access points using GPS system, in order to choose the optimal number of them; which guide to localize and identify attacks with optimal IDS method and cheapest price. The other thing is to locate the intruder within the monitored area by using a hybrid technique, which came from exist techniques, by focusing on the advantages of these techniques and come with a new one to give more accurate results with less price by using available resources
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...IJNSA Journal
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks.
In this paper, we present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks. We categorize IDPS based on deployment as Network-based, host-based, and Perimeter-based and Hybrid. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level to give better performance in terms of reduced rate of false positives and accurate detection and prevention.
This document discusses the need for adopting an industry standard network security architecture model to improve security without unnecessary complexity. It outlines the evolution of typical network architectures from closed to increasingly open and exposed. This has introduced new threats that cannot be addressed by isolated security solutions alone. The document advocates aligning security controls according to well-defined architectural principles and business needs, and properly managing the integrated system as a whole.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The document discusses trends and challenges in internet of things (IoT) from an information systems perspective. It describes IoT as involving the interconnection of heterogeneous networked entities through various communication patterns like human-to-human and machine-to-machine. The document outlines security and privacy as major issues in IoT due to the heterogeneity of devices, dynamicity of networks, and need to protect data. It reviews existing research that proposes solutions for these issues but identifies drawbacks like lack of testing on real heterogeneous devices and not addressing communication between different devices.
Intrusion Detection and Prevention System in an Enterprise NetworkOkehie Collins
This document describes a project on intrusion detection and prevention systems in an enterprise network. It was submitted by Okehie Collins Obinna to the Department of Computer Science at the Federal University of Technology in partial fulfillment of a Bachelor of Technology degree in Computer Science. The project analyzes intrusion detection and prevention technologies used in enterprise networks and designs a desktop application to monitor a computer network system for possible intrusions and provide an interface for a network administrator.
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...IJCNCJournal
After tightening up network perimeter for dealing with external threats, organizations have woken up to the
threats from inside Local Area Networks (LAN) over the past several years. It is thus important to design
and implement LAN security strategies in order to secure assets on LAN by filtering traffic and thereby
protecting them from malicious access and insider attacks. Banking Financial Services and Insurance
(BFSI) industry is one such segment that faces increased risks and security challenges. The typical
architecture of this segment includes several thousands of users connecting from various branches over
Wide Area Network (WAN) links crossing national and international boundaries with varying network
speed to access data center resources. The objective of this work is to deploy LAN security solution to
protect the data center located at headquarters from the end user machines. A LAN security solution should
ideally provide Network Access Control (NAC) along with cleaning (securing) the traffic going through it.
Traffic cleaning itself includes various features like firewall, intrusion detection/prevention, traffic anomaly
detection, validation of asset ownership etc. LANenforcer (LE) is a device deployed in front of the data
center such that the traffic from end-user machines necessarily passes through it so that it can enforce
security. The goal of this system is to enhance the security features of a LANenforcer security system with
Intrusion Prevention System (IPS) to enable it to detect and prevent malicious network activities. IPS is
plugged into the packet path based on the configuration in such a way that the entire traffic passes through
the IPS on LE.
A NOVEL HEADER MATCHING ALGORITHM FOR INTRUSION DETECTION SYSTEMSIJNSA Journal
The evolving necessity of the Internet increases the demand on the bandwidth. Therefore, this demand opens the doors for the hackers’ community to develop new methods and techniques to gain control over networking systems. Hence, the intrusion detection systems (IDS) are insufficient to prevent/detect unauthorized access the network. Network Intrusion Detection System (NIDS) is one example that still suffers from performance degradation due the increase of the link speed in today’s networks. In This paper we proposed a novel algorithm to detect the intruders, who’s trying to gain access to the network using the packets header parameters such as;
source/destination address, source/destination port, and protocol without the need to inspect each packet content looking for signatures/patterns. However, the “Packet Header Matching” algorithm enhances the overall speed of the matching process between the incoming packet headers against the rule set. We ran the proposed algorithm to proof the proposed concept in coping with the traffic arrival speeds and the various bandwidth demands. The achieved results were of significant enhancement of the overall performance in terms of detection speed.
As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
In this research work an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will be implemented to detect and prevent critical networks infrastructure from cyber-attacks. To strengthen network security and improve the network's active defense intrusion detection capabilities, this project will consist of intrusion detection system using honey token based encrypted pointers and intrusion prevention system which based on the mixed interactive honeypot. The Intrusion Detection System (IDS) is based on the novel approach of Honey Token based Encrypted Pointers. This honey token inside the frame will serve as a trap for the attacker. All nodes operating within the working domain of critical infrastructure network are divided into four different pools. This division is based per their computational power and level of vulnerability. These pools are provided with different levels of security measures within the network. IDS use different number of Honey Tokens (HT) per frame for every different pool e.g. Pool-A contains 4 HT/frame, Pool-B contains 3 HT/frame, Pool-C contains 2 HT/frame and Pool-D contain 1 HT/frame. Moreover, every pool uses different types of encryption schemes (AES-128,192,256). Our critical infrastructure network of 64 nodes is under the umbrella of unified security provided by this single Network Intrusion Detection System (NIDS). After the design phase of IDS, we analyze the performance of IDS in terms of True Positives (TP) and False Negatives (FN). Finally, we test these IDS through Network Penetration Testing (NPT) phase. The detection rate depends on the number of honey tokens per frame. Our proposed IDS are a scalable solution and it can be implemented for any number of nodes in critical infrastructure network. However, in case of Intrusion Prevention System (IPS) we use Virtual honeypot technology which is the best active prevention technology among all honeypot technologies. By using the original operating system and virtual technology, the honeypot lures attackers in a pre-arranged manner, analyzes and audits various attacking behavior, tracks the attack source, obtains evidence, and finds effective solutions.
This document discusses wireless communication security. It begins by defining wireless communication and noting some advantages and disadvantages, including security issues. It then discusses the general characteristics of the Wireless Application Protocol (WAP) and provides an overview of wireless communication systems. The document outlines some common security threats in wireless networks like unauthorized disclosure, data modification, network disruption, and repudiation. It also describes different types of wireless attacks and security goals in wireless networks to provide authentication, confidentiality, integrity, non-repudiation, and availability. Symmetric and asymmetric encryption techniques are introduced as methods for encrypting data in wireless networks.
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...IJNSA Journal
In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection
system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.
Wireless Networks Security in Jordan: A Field StudyIJNSA Journal
- The document summarizes a study that evaluated the security of wireless networks in Jordan through a process called "wardriving" where the researchers drove around with wireless network detection tools.
- The results found that the majority (79.52%) of wireless networks tested were unsecured and vulnerable. Most networks used either low levels of encryption (68.67%) or no encryption at all (11.45%).
- Nearly all networks broadcast the default SSID (92.17%), leaving them exposed to potential hackers since changing the SSID is a basic security precaution.
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
This document presents a study comparing the photocatalytic degradation of Violet GL2B azo dye using calcium oxide (CaO) and titanium dioxide (TiO2) nanoparticles. CaO nanoparticles were synthesized using a solution combustion method, and characterized using XRD and SEM techniques. TiO2 nanoparticles less than 25 nm in size were purchased commercially. Experiments investigated the photocatalytic degradation of Violet GL2B dye under visible light irradiation using CaO and TiO2 nanoparticles. Results showed that the synthesized CaO nanoparticles achieved 97% degradation of the dye, significantly higher than the 7.95% degradation achieved using TiO2 nanoparticles under the same conditions. Further experiments optimized the degradation by varying catalyst concentration, pH, and dye concentration.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
This document summarizes a study that investigated replacing natural fine aggregate (sand) with granular slag, an industrial byproduct, in cement mortar applications. The study tested cement mortar mixes with 0%, 25%, 50%, 75%, and 100% replacements of natural sand with granular slag. It found that partial substitutions of up to 75% improved mortar flow properties and compressive/tensile strengths. Brick mortar crushing and pull strengths also improved at 50-75% replacements. The study concluded granular slag can be used as an alternative to natural sand in masonry and plastering applications.
This document summarizes a study on the strength characteristics of concrete with recycled aggregates and artificial sand. The study found that:
1) Concrete with 100% recycled coarse and fine aggregates did not meet the target compressive strength requirements for M25 grade concrete, showing around a 6% reduction in strength compared to the control mix.
2) Using artificial sand resulted in lower compressive strengths compared to natural sand, due to dust present in the artificial sand. However, concrete with recycled aggregates and artificial sand achieved the target strength when more cement was used.
3) Concrete with recycled aggregates showed slightly lower split tensile and flexural strengths compared to the control mix, indicating a reduction in tensile strength. This loss
This document presents a new method for denoising spectral radar data using complex wavelets.
The existing denoising method works well at lower altitudes but fails at higher altitudes where noise is dominant. The proposed method applies complex wavelet transform with a custom thresholding function to denoise the data in the frequency domain before estimating the Doppler spectrum.
Results show the new method can accurately detect wind speeds up to 18km in altitude, unlike the existing method which fails above 11km. Validation with GPS sonde data also supports the improved performance of the proposed complex wavelet denoising approach.
This document describes a study on the dynamic dent resistance of auto body panels. Both experimental and numerical simulation methods were used. Experimentally, a test rig was developed to measure the deflection of a fender panel from a utility vehicle under different impact loads. The experimental results were then compared to simulations conducted using ANSYS-LS Dyna explicit dynamic FE analysis software. The simulations showed good accuracy with the experimental results. Parametric studies were also conducted numerically to optimize the thickness and geometry of the fender to reduce weight while maintaining dent resistance.
This document summarizes research on using purified and bio-polished cotton fibers as tags for DNA-streptavidin complexes to develop bio-polished cotton fiber tags for bio-applications. The researchers accomplished binding the heavy DNA molecule to purified cotton fiber without damage using a cellulose binding domain (CBD). They used a novel self-assembly technique of covalent bonding to attach the DNA-streptavidin complex to the cotton fiber surface. The document introduces cotton fiber, DNA, streptavidin, and CBD properties and applications to provide context for the research.
This document summarizes a study that uses finite element analysis to simulate crack propagation in a high-grade steel material. The study aims to investigate how cracks grow in steel plates and calculate stress intensity factors. It uses ANSYS software to model a central crack in a steel plate and analyze stresses near the crack tip and failure criteria. The results show that small cracks can be tolerated in the material's structure. Overall, the study uses fracture mechanics and finite element modeling to simulate crack propagation and failure in aerospace components made of high-grade steel.
1. The document discusses teaching electricity concepts to primary school students and identifies challenges.
2. It analyzes surveys of 170 primary students and their teachers to assess knowledge of electricity, issues with textbooks, and additional support needed.
3. The surveys found average electricity knowledge of 48% from textbooks alone, indicating a need for supplemental teaching materials and techniques to make the topics more interesting and effective to teach.
This document summarizes a research paper that proposes using Double Pass Transistor Logic (DPL) to build high-performance wave pipeline circuits. DPL can provide balanced delay across all paths without increasing area or latency. It does not require special fabrication steps unlike other proposed logic styles. The paper describes DPL gate design and discusses how it addresses limitations of existing logic styles for building balanced, low-latency wave pipelines. Evaluation shows DPL enables building ultra-fast pipelined systems without pipeline registers by exploiting wave pipelining.
This document summarizes a study that investigates the effect of thermophoresis on unsteady free convective heat and mass transfer in a viscoelastic fluid past a semi-infinite vertical plate. The study uses the Walters-B fluid model to simulate rheological fluids. The dimensionless governing equations are solved using an implicit finite difference scheme. Results show that increasing the thermophoretic parameter decreases velocity and concentration but increases temperature within the boundary layer. Thermophoresis is found to significantly increase the surface mass flux.
This document summarizes a research paper about effective data distribution techniques for multi-cloud storage. The authors propose dividing a customer's data into pieces and distributing them among multiple cloud service providers (CSPs). This improves reliability and availability by preventing any single point of failure. It also improves privacy and security by making it harder for CSPs to access all of a customer's data even if they collude. The authors evaluate threats like CSPs failing or colluding to access user data without authorization. Their proposed distribution technique is meant to address these issues and provide customers better protection and assurance regarding their cloud-stored data.
1) The document presents channel estimation methods for MIMO-OFDM systems using QPSK modulation.
2) It compares the performance of least squares (LS), minimum mean square error (MMSE) and discrete Fourier transform (DFT) based channel estimation techniques.
3) The analysis finds that applying DFT to the estimated channel power improves the performance of the channel estimators.
This document presents a methodology for allocating the cost of transmission networks among generators and demands. It proposes using an impedance matrix (Zbus) method which relies on circuit theory rather than arbitrary cost allocation principles. A case study using the IEEE 24-bus test system is presented to illustrate how the Zbus method works. Key conclusions are that the Zbus method exhibits a desirable proximity effect by allocating most costs to generators and demands near the lines, is independent of slack bus selection, and does not require pre-defining cost sharing proportions between generators and demands.
The document summarizes a study that evaluates and compares the performance of the IEEE 802.11 MAC protocol and a modified 802.11KT MAC protocol for use in rural villages. The study uses the Network Simulator NS-2 to simulate a random topology wireless network of 50 nodes in a rural area under varying node mobility. Key performance metrics analyzed include total packets generated and received, total dropped packets, average end-to-end delay, and packet delivery ratio. Simulation results show that the modified 802.11KT MAC protocol outperforms the IEEE 802.11 MAC protocol and is more suitable as a low-cost wireless network protocol for rural villages.
This document analyzes wind power density in Azmar Mountain located in Sulaimani region of northern Iraq. Hourly wind speed data was collected over one year at a height of 5 meters above ground. The mean wind speed ranged from 4.65 to 11.86 m/s at 5 meters and 6.41 to 16.36 m/s at 50 meters after extrapolation. The Weibull distribution parameters c and k varied between months with c ranging from 5.21 to 13.46 m/s and k ranging from 1.60 to 3.47. The mean wind power density ranged from 70.89 to 1559.16 W/m2 at 5 meters and 186.71 to 4096.20 W/
This document summarizes a research paper that proposes a speed control scheme for a permanent magnet brushless DC motor (PMBLDCM) used to drive an air conditioner compressor. A buck half-bridge DC-DC converter is used as a single-stage power factor correction converter to feed a voltage source inverter that powers the PMBLDCM. The speed of the compressor is controlled by varying the DC link voltage proportionally to the desired motor speed. Simulation results in Matlab/Simulink demonstrate the improved efficiency of the proposed drive system with power factor correction over a wide range of speeds and input voltages.
This document describes a study investigating the performance of triangular microstrip patch antennas on six different dielectric substrates for X-band applications. The six substrates analyzed are Bakelite, FR4 glass epoxy, RO4003, Taconic TLC, RT Duroid, and polyester. For each substrate, the side length of the triangular patch is calculated based on the dielectric constant to achieve a resonant frequency of 10GHz. The triangular patch antennas are simulated using IE3D software to analyze parameters such as return loss, bandwidth, directivity and gain. The results show that the polyester substrate provides the most optimum performance with high directivity, gain, bandwidth and efficiency compared to the other substrates.
This document summarizes a research paper that proposes a semi-supervised machine learning approach using the DBSCAN algorithm to classify network traffic. The researchers use only flow statistics to cluster and classify network traffic into different application categories. They test their approach on the NSL-KDD dataset, which includes various types of attacks and normal traffic. Experimental results show that DBSCAN effectively classifies the network traffic with good accuracy and efficiency.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIOSR Journals
To improve network security different steps has been taken as size and importance of the network has
increases day by day. Then chances of a network attacks increases Network is mainly attacked by some
intrusions that are identified by network intrusion detection system. These intrusions are mainly present in data
packets and each packet has to scan for its detection. This paper works to develop a intrusion detection system
which utilizes the identity and signature of the intrusion for identifying different kinds of intrusions. As network
intrusion detection system need to be efficient enough that chance of false alarm generation should be less,
which means identifying as a intrusion but actually it is not an intrusion. Result obtained after analyzing this
system is quite good enough that nearly 90% of true alarms are generated. It detect intrusion for various
services like Dos, SSH, etc by neural network
EFFICIENT IDENTIFICATION AND REDUCTION OF MULTIPLE ATTACKS ADD VICTIMISATION ...IRJET Journal
This document discusses efficient identification and reduction of multiple attacks in IoT networks using deep learning techniques. It proposes a Deep Learning based secure RPL routing (DLRP) protocol to detect attacks like rank, version number, and Denial of Service attacks. The DLRP protocol first creates a complex dataset of normal and attack behaviors using network simulation. It then trains a machine learning model using this dataset to efficiently identify attack behaviors. Additionally, it classifies attack types using a Generative Adversarial Network to reduce the dataset dimensionality. Simulation results show the DLRP protocol improves attack detection accuracy and fits IoT environments well, achieving 80% packet delivery ratio using only 1474 control packets in a 30 node IoT scenario.
Types of Networks Week7 Part4-IS RevisionSu2013 .docxwillcoxjanay
Types of Networks
Week7 Part4-IS
RevisionSu2013
Types of Networks
There are different types of networks. Each type has different characteristics and
therefore different security needs. Some of the fundamental differentiating attributes of
the various types of networks are:
the physical distance the network spans
the topology of the network nodes
the types of media used for communication between nodes in the network
the different devices supported on the network
the different applications supported on the network
the different groups of users permitted on the network
the different protocols supported on each network
Depending on the type of network there may be different information security
requirements requiring that various protocols, security services, security mechanisms are
used in a fashion to support that type of network.
While each network environment has some characteristics and security needs unique to
that environment, there are many security techniques that should be universally applied to
all environments. For example; sound policies and procedures, risk assessment of the
assets, user awareness training, encryption technology, authentication technology, sound
credential (password) selection and protection, malware protection, firewalls are a few
security techniques that need to be applied in all of the networks albeit in configurations
that best suits a particular environment.
Local Area Network (LAN)
A LAN network covers a small geographic area that takes advantage of high speed data
transfers usually implemented through Ethernet or fiber. A LAN could be a home, office,
group of building with local proximity (university, business). LANs typically share
resources such as file servers and printers.
Wide Area Network (WAN)
A WAN covers a large geographic area that may require connection through satellite,
high speed dedicated lines and other means. The internet is a WAN. WANs can connect
LANs together into a larger organizational structure that can be used to share resources
such as file, email, dns servers to name a few. Resources can be shared using slower
connections on geographically separated areas across the WAN.
Wireless Networks and Mobile Networks
The movement to laptop systems at home and workplaces accelerated the mobility of
computing.
As employees traveled between offices, client sites, home and various other remote
locations they could remain connected to company servers as long as the remote site had
connectivity to the companies’ intranet. Initially this connectivity was provided by
having Ethernet cabling available for remote users to physically plug their laptops into.
Eventually, companies started installing wireless hotspots that could be automatically
detected by systems that had wireless cards.
The proliferation of wireless connectivity and internet use spread from the workplace to
genera ...
A honeynet framework to promote enterprise network securityIAEME Publication
This document describes a honeynet framework to promote enterprise network security. The framework consists of two high-interaction honeypot servers connected by a switch to a monitoring station. The honeypots provide real operating systems and services to attract attackers. When an attacker attempts to access a honeypot, its data is captured by a packet sniffer and stored in a database. This data is then sent securely to the monitoring station using web services. The monitoring station analyzes the data, generates an alert report, and provides a GUI to monitor extracted information. The goal is to identify attack traffic and profile attackers to improve network defense.
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONIJNSA Journal
In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
Efficient Secure Multi-Neuron Attack Defensive and Routing Security Technique...IRJET Journal
This document proposes a new secure routing technique for wireless mesh networks using unmanned aerial vehicles. The technique uses encryption algorithms like Data Encryption Standard and neural networks to establish a secure routing algorithm. It generates unique IDs for nodes, uses a key distribution center for authentication, and implements encryption to prevent attacks. Simulation results show the proposed approach reduces delay and improves packet delivery rate compared to existing routing protocols like PASER when there is frame error.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...IRJET Journal
This document discusses security issues with the Constrained Application Protocol (CoAP) which is commonly used for Internet of Things (IoT) communication. It first provides background on CoAP, including its architecture and use of Datagram Transport Layer Security (DTLS) for security. However, the document notes that while DTLS provides some security, it is not fully sufficient to protect data at large volumes. The document then reviews literature on security issues at different layers of IoT systems, such as perception, physical, and network layers. Specific attacks discussed include jamming, node tampering, man-in-the-middle, denial of service, and eavesdropping. The aim of the paper is to analyze CoAP security
The purpose of this paper two fold. First and foremost it presents a background narrative on the origins, innovations and applications of novel structural automation technologies and the rarity of experts involved in research, development and practice of this field. The second part of this paper presents a rudimentary framework for a solution addressing this paucity – the creation of an interdisciplinary academic program at PAAET that will be the first ever in the region to address applied information communication technologies ICT in the design, planning, engineering and management of structural automation projects. In doing so, we need also to define the level of implementation. This field, as all fields in ICT, have been loosely defined and most applications carry less weight in its implementation than what should be applied. This paper gives an attempt to define an indexing scheme by which we can easily classify such implementation and generate a ranking by which we can safely define its level of ―Intelligence‖.International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This document discusses the design and implementation of a network security model using routers and firewalls. It begins by outlining the importance of network security and some common vulnerabilities, threats, and attacks against network devices like routers. It then provides details on specific attacks like session hijacking, spoofing, and denial of service attacks. The document also discusses best practices for router and firewall security policies, including access control, authentication, and traffic filtering. The overall aim is to protect networks from vulnerabilities and security weaknesses by implementing preventative measures, securing devices like routers and firewalls, and establishing proper security policies.
This document provides summaries of 7 IEEE papers from 2012 related to software projects in various domains such as Java, J2ME, J2EE, .NET, MATLAB and NS2. The papers discuss topics such as password security, data provenance, trust-aware routing in wireless sensor networks, content distribution via network coding, detecting insider threats, secure message passing interfaces, and the security of an anonymity system with traceability.
Denial of Service Attack Defense TechniquesIRJET Journal
This document discusses denial of service (DoS) attacks and defense techniques. It begins by defining DoS attacks and describing common types like SYN floods, teardrop attacks, and ICMP floods. It then discusses various defense techniques including intrusion detection systems, intrusion prevention systems, and packet filtering firewalls. It compares the advantages and disadvantages of these different techniques. In conclusion, the document reviews that various techniques can be used to detect and prevent DoS attacks, with no single best approach, and defense requires a layered approach using multiple techniques.
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
This document summarizes various soft computing techniques that can be used for intrusion detection, including fuzzy logic, graph-based approaches, and neural networks. Fuzzy logic can be used to classify parameters and detect anomalies by comparing normal and new fuzzy association rule sets. Graph-based approaches model network traffic as graphs of nodes and edges and use clustering algorithms to detect anomalies. Neural networks can be trained on audit log data to recognize normal behavior and detect deviations that may indicate attacks. These soft computing methods aim to improve on signature-based detection by learning patterns of normal network activity and detecting anomalies.
SECURE ADHOC ROUTING PROTOCOL FOR PRIVACY RESERVATIONEditor IJMTER
Privacy preserving routing is crucial for some Ad hoc networks that require
stronger privacy protection. A number of schemes have been proposed to protect privacy in
Ad hoc networks. However, none of these schemes offer unobservability property since data
packets and control packets are still linkable and distinguishable in these schemes. In this
paper, we define stronger privacy requirements regarding privacy preserving routing in
mobile ad hoc networks. Then we propose an Unobservable Secure Routing scheme (USOR)
to offer complete unlinkability and content unobservability for all types of packets. USOR is
efficient as it uses a novel combination of group signature and ID-based encryption for route
discovery. Security analysis demonstrates that USOR can well protect user privacy against
both inside and outside attackers. We implement USOR on Network Security (NS2), and
evaluate its performance by comparing with Ad Hoc On demand Distance Vector Routing
(AODV) and MASK. The simulation results show that USOR not only has satisfactory
performance compared to AODV, but also achieves stronger privacy protection than existing
schemes like Mask.
Running Head Security Assessment Repot (SAR) .docxSUBHI7
Running Head: Security Assessment Repot (SAR) 1
Security Assessment Report (SAR) 27
Intentionally left blank
Security Assessment Report (SAR)
CHOICE OF ORGANIZATION IS UNIVERSITY OF MARYLAND MEDICAL CENTER (UMMC) OR A FICTITIUOS ORGANIZATION (BE CREATIVE)
Introduction
· Research into OPM security breach.
· What prompts this assessment exercise in our choice of organization? “but we have a bit of an emergency. There's been a security breach at the Office of Personnel Management. need to make sure it doesn't happen again.
· What were the hackers able to do? OPM OIG report and found that the hackers were able to gain access through compromised credentials
· How could it have been averted? A) security breach could have been prevented, if the Office of Personnel Management, or OPM, had abided by previous auditing reports and security findings.b) access to the databases could have been prevented by implementing various encryption schemas and c) could have been identified after running regularly scheduled scans of the systems.
Organization
· Describe the background of your organization, including the purpose, organizational structure,
· Diagram of the network system that includes LAN, WAN, and systems (use the OPM systems model of LAN side networks), the intra-network, and WAN side networks, the inter-net.
· Identify the boundaries that separate the inner networks from the outside networks.
· include a description of how these platforms are implemented in your organization: common computing platforms, cloud computing, distributed computing, centralized computing, secure programming fundamentals (cite references)
Threats Identification
Start Reading: Impact of Threats
The main threats to information system (IS) security are physical events such as natural disasters, employees and consultants, suppliers and vendors, e-mail attachments and viruses, and intruders.
Physical events such as fires, earthquakes, and hurricanes can cause damage to IT systems. The cost of this damage is not restricted to the costs of repairs or new hardware and software. Even a seemingly simple incident such as a short circuit can have a ripple effect and cost thousands of dollars in lost earnings.
Employees and consultants; In terms of severity of impact, employees and consultants working within the organization can cause the worst damage. Insiders have the most detailed knowledge of how the information systems are being used. They know what data is valuable and how to get it without creating tracks.
Suppliers and vendors; Organizations cannot avoid exchanging information with vendors, suppliers, business partners, and customers. However, the granting of access rights to any IS or network, if not done at the proper level—that is, at the least level of privilege—can leave the IS or ne ...
Running Head Security Assessment Repot (SAR) .docx
Ii2514901494
1. Mr.D.Y.Thorat / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1490-1494
Secure Arp Protocol For Intrusion Detection System
Mr.D.Y.THORAT
Research Scholar, Technocrats Institute of Technology, Bhopal, Madhya Pradesh, PIN – 462021
ABSTRACT
Security issues in communication attacker can always find a way to attack a network.
environment pose a special challenge. At the These systems are known as Intrusion Detection
same time challenges are increased from the System (IDS) and are placed inside the secured
illegal users.in the communication environment, network, looking for potential threats in network
a good security policy and its proper traffic and or audit data recorded by host
implementation go a long way in ensuring [1].Protocols are set of rules that governing how
adequate security management practices. But data is transferred, compressed and presented over
violations of policies on access information are networks. Network layer security is a main aspect of
handles through intrusion. Intrusion detection the internet base security mechanism [7]. The
and prevention systems are learning from attacks network layers protocols generally used to send and
either before or after its success and used to receive messages in the form of packets to route
detect unauthorised intrusions into computer them from source to destination. By using a routing
system and network. It focused on identifying algorithm and also perform fragmentation and
possible threats, user’s information about them, reassembly, and report delivery errors However,
attempting to stop them, and reporting them to new security requirements demand that even the
security administrators.as technology has lower level data units should be protected. With this
developed, and a new industry based on intrusion view in mind network layer security mechanism
detection has sprung up. Security firms are have emerged and are being used quite extensively
growing up everywhere to offer individual and in real life.
property security. IDPS have been made to In network layer protocols are widely used.
configure changes, compare user actions against Besides Internet Protocol (IP),higher-level protocols
known attack scenarios, and able to predict TCP, UDP, HTTP, and FTP all integrate with IP to
changes in activities that indicate and can lead to provide additional capabilities. Similarly, lower-
suspicious activities.in this paper describes about level Protocols like ARP and ICMP also co-exist
protocol sequences which is used to detect the with IP. These higher level protocols interact more
intrusion on upgrade network and its attributes with applications like Web browsers while lower-
and recommend the standardized ARP protocol level protocols interact with network adapters and
for the intrusion detection process and another other computer hardware. The following part of the
alternatives to improves efficiencies for security. paper provides more details on ARP protocol and its
functional services. [1]
1.0 INTRODUCTION
In the communication environment, a good 2.0 LITERATURE REVIEW
security policy and its proper implementation go a Initially intruder attempts to break into an
long way in ensuring adequate security management information system or performs an action not legally
practices. But violations of policies on access allowed; we refer to this activity as an intrusion [8].
information are handles through intrusion. Intrusion Intruders can be divided into two groups, external
prevention is mostly impossible to achieve at all and internal. The former refers to those who do not
times. Hence focus is on intrusion detection.it can have authorized access to the system and who attack
help to collect more information about intrusions, by using various penetration techniques. The latter
strengthening the intrusion prevention method and refers to those with access permission who wish to
act as good deterrents to intruders.Security are perform unauthorized activities. Intrusion
needed to protect data during their transmission, in techniques may include exploiting software bugs
last two decades multimedia data are increased on and system misconfigurations, password cracking,
the internet, in fact ,in term network security is sniffing unsecured traffic, or exploiting the design
somewhat important, because all business, flaw of specific protocols [8].An Intrusion Detection
government and academic organizations System is a system for detecting intrusions and
interconnect their data processing equipment with a reporting them accurately to the proper authority.
collection of interconnected networks. Many Intrusion Detection Systems are usually specific to
applications are available over the internet to secure the operating system that they operate in and are an
overall important data. The networks are usually important tool in the overall implementation an
secured by anti-key logger, cryptographic software, organization‟s information security policy [8],
firewall, sandbox etc. Since it has been proven that which reflects an organization's statement by
1490 | P a g e
2. Mr.D.Y.Thorat / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1490-1494
defining the rules and practices to provide security, the practical observation and analyse to construct
handle intrusions, and recover from damage caused the packet sequence to detect the intrusion.The
by security breaches. There are two generally Network architecture of academic network which
accepted categories of intrusion detection connects two academic department and three non-
techniques: misuse detection and anomaly detection. academic departments. This network provides
Misuse detection refers to techniques that educational management and Teaching- learning.It
characterize known methods to penetrate a system. provides Services 2000 students and the faculties in
These penetrations are characterized as a „pattern‟ or the campus. This consists of LAN and the following
a „signature‟ that the IDS looks for. The technological configurations this academic network
pattern/signature might be a static string or a set is framed as two clusters to provide the educational
sequence of actions. System responses are based on services. For the effective administration and
identified penetrations. Anomaly detection refers to maintenance of this network services, the
techniques that define and characterize normal or classification and cluster made in the department
acceptable behaviours of the system (e.g., CPU level. In this study, the academic network structure
usage, job execution time, system calls). Behaviours and its laboratories setup data communication and
that deviate from the expected normal behaviour are transformation architecture is adopted [1]. The
considered intrusions [5]. network architecture constructed with modern
technological equipment‟s such as cisco-
3.0 ADDRESS RESOLUTION PROTOCOL switches,cisco-routers,Firewall-CISCO-ASA-5510,
(ARP) this also integrated with High end servers‟ such as
The ARP is a protocol in the network layer. HP, IBM,and Xeon.SAN SWITCH- A device that
The ARP associated with its physical address. On a routes data between servers and disk arrays in a
typical physical network such as a LAN, each storage area network. Its‟ 800 nodes are typically
device on the link is identified by a physical or Conduit with UTP CAT-5, CAT-5E, CAT-6 and
station address usually imprinted on the network fiber Channel switch made up of fiber multimode
interface card (NIC).The function of ARP is to map channels. The established infrastructure integrated
IPaddresses onto hosts hardware addresses within a with wireless fidelity of various manufacturers.
local area network [2]. As such, its correctness is Video conferencing is supported for inter and intra
essential to proper functioningof the network. conferencing facility in this network. There are
However, otherprotocol within IP, ARP is subject to many protocols are analysed for the intrusion
a range of serious and continuing security detection process to frame the sequence generation.
vulnerabilities.In a local area network, however, But in this paper we are going to discuss the
addresses for attached devices are 48 bits long[1]. A common sequence formation of the ARP protocol.
table, usually called the ARP cache, is used to
maintain a relation between each MAC address and 4.0 WORKING ANALYSIS OF
its corresponding IP address. ARP supports the FUNCTIONAL ARP
protocol rules for making this relation and providing In the networking process, ahost, or a
address conversion in both directions. This is used router/gateway, needs to find the physical address of
to identify and monitor packet communication the another host on its network.it sends an ARP
across the network. These parts of the work try to query packet that includes the physical and IP
optimize and construct the ARP sequence to detect addresses of the sender and the IP address of the
the Intrusion [1].The communication network receiver .since the sender does not know the
consist of wireless and wire specification with LAN physical address of the receiver the query broadcast
and wan architectures connected intranet, internet over the network [1]. Every host, or router/gateway
extranet to support the services for the faculties, on the network receives the processes the ARP
scholars, and student. This network used for query packet, but only the intended recipient
NETBIOS, Print server, file transfer protocol(FTP) recognizes its IP address and sends back a ARP
Active Directory Services(DNS), PING-ICMP, IP response packet, the response packet contains the
telephony (Internal),Wireless Fidelity, Bluetooth, ), recipient IP and physical address .the packet is
Remote access(TELNET), VPN,Email(IMAP), unicast directly to the inquirer using the physical
SMTP, E-Learning(Web server-HTTP),etc. services. address received in the query packet.RARP protocol
While supporting the above services with the is a part of network layer protocol, which is also
network bandwidth, reply and its quality of services supported by tcp/ip.it finds the IP address for a
differ due to the protocols which are used for the machine that only knows its physical address.
service. To reach the large service utilization,
existing services are observed based on its protocol 5.0 ARP PACKET FORMAT
in and between the networks. There are many The ARP is communicated through the
protocols working over the network to support exchange of messages between the source machine
various requests and services. In this study we seeking to perform the working, and the destination
considered few services and its related protocol for device that responds to it. a special message format
1491 | P a g e
3. Mr.D.Y.Thorat / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1490-1494
is used containing the information required for each 5) SPA (sender protocol address)-it is variable
step of the working process. length field defining the logical address of the
ARP messages use a simple format. It sender. For IP protocol, this field is 4 bytes long.
includes a field describing the type of message used 5) THA (target hardware address)-it is variable
at each of these layers.The ARP header divided as length field defining the physical address of the
hardware and protocol type. Hardware type part target. For Ethernet, this field is 6 bytes long.
covers hardware address length and protocol address 5) TPA (target protocol address)-it is variable length
lengths. The hardware and its values used to identify field defining the logical address of the target. For
and allow the hardware to communicate one with ipv4 protocol, this field is 4 bytes long.
another across and between the networks
6.0 STANDARDIZED 64 BYTE ARP
Hardware Type Protocol Type PROTOCOL STRCUTURE
The above addressed issues are used one
way to another to facilitate the communication
Hardware Protocol Operation (request process effectively. The communication facilitation
length length 1,reply 2) allows the intrusion attacker to the network. To
Monitor and detect the same users, the following
sequence are proposed [1]
Sender hardware addresses (for example,6 bytes From 1-4 bytes (32 bit) Frame Information
for Ethernet)
1 2 3 4
Sender protocol address(for example,4 bytes for
IP) Frame info(0 -31)
Capture
Target hardware address(for example ,6 bytes Time Number length
length
for Ethernet) Link
Data data Data
The first byte represented about the frame
Target protocol address (for example, 4 bytes information. This provides information about when
for IP) the packets are travelled at that system or device, as
well as number, length and capture of the packet.
Fig 5.1 ARP Header
5 6 7 8 9 10
The field are discussed as follows Destination Address ( 32 - 79 )
1) HTYPE (hardware type)-it is a 16 bit defining Broad Cast
the type of the network on which the ARP is
running. Each LAN has been assigned an integer Group Address
based on its type, for example Ethernet is given the
type 1.arp can be used on any physical network. Multi Local
2)PTYPE (Protocol type)- it is a 16 bit defining the Cast Address
type of the network. For example, the value of this
field for the IPv4 protocol is 080016.ARP can be The next 48 bit (6byte) provides the
used with any higher level protocol. information about the destination. If any of the
3)HLEN (hardware length)-it is an 8 bit field destinations is not listed with the specified network
defining the length of the physical address in bytes. then that device will be blocked from the attached
For example, for Ethernet the value is 6. using GA algorithms [1].
3) PLEN (protocol length) - it is an 8 bit field
defining the length of the logical address in bytes. 11 12 13 14 15 16
For example, for IPv4 the value is 4.
Source ( 80 - 127 )
4) OPER (operation)-it is a 16 bit field defining the
Unicast individual
type of packet. Two types of packet are defined-
ARP request (1), ARP reply (2).
The next 48 bit (6byte) provides the
5) SHA (sender hardware address)-it is variable
information about the source. If any of the sources
length field defining the physical address of the
not listed with the specified network then that
sender. For Ethernet protocol, this field is 6 bytes
device will be blocked from the attached using GA
long.
algorithms [1]
1492 | P a g e
4. Mr.D.Y.Thorat / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1490-1494
17 1 19 2 21 22 23 24 25 26 by modifications, developments and implementation
8 0 in protocols.
Type
ARP 8.0 CONCLUSION
( 128 - ARP ( 144 - 367 ) Proposed standardized ARP 64 byte structure is easy
143) to capture the ARP from the network. All the
Hard Proto Hard Proto Op required information from the source and the sender
ware col ware col Cod as well as sender and target device are captured in
Type Type Size Size this structure. This is not affected the data
transformation process but this can be integrated to
the monitor the network. This paper is part the
This ten byte information provides more intrusion detection work using genetic algorithm
details about the ARP type, hardware and related .also the SARP and TARP has to be the best option
information‟s .The following sequence will provide implementation to control the attacks from the
data about the MAC address of the sender as well as attackers. We have some modifications and the
target device[1]. alternative sources to improve security as well as
their implementations are necessary but we seek
27-30 31-36 37-40 41-46 41-46 operational experience we seek further operational
ARP ( 144 - 367 ) limitations of our approach can only be gleaned
Mac Sender Target Target Trailer from field testing. We are currently actively
Address IP MAC IP ( 368 - performing such a field test within our parent
511 ) institution.
7.0 RESULT ANALYSIS REFERENCES:
ARP packets structure is not same. The [1]. D.PARAMESWARI, DR. R.M. SURESH
size of the SRP is differ The packets are used to “ARP PROTOCOL SEQUENCE
identify the device as well delivery the packets ANALYSIS FOR
using its MAC and IP address The intrusion process INTRUSIONDETECTION SYSTEM”
, ARP played the vital role to access the device Research Scholar,Mother Teresa Women‟s
Using the proposed 64 byte ARP protocol University,Kodaikanal-624 101.Professor
architecture observe the packets to captured from & Head, Computer Science & Engineering
the network . These packets are expected observe RMD ENgineering College, Chennai,
the protocol values as per the above specification Tamil Nadu - 601206
and try to identify the intrusion. This proposed [2]. D. Bruschi, A. Ornaghi, E. Rosti“ S-ARP:
standardized ARP 64 byte structure is easy to a Secure Address Resolution
capture the ARP from the network. All the required Protocol”Dipartimento di Informatica e
information from the source and the sender as well ComunicazioneUniversit-a degliStudi di
as sender and target device are captured in this Milano, Italy
structure. This is not affected the data [3]. WesamLootah, William Enck, and Patrick
transformation process but this can be integrated to McDaniel “TARP: Ticket-based Address
the monitor the network [1].after this ARP Resolution Protocol”Systems and Internet
vulnerabilities will increase network security Infrastructure Security Laboratory
problem until a viable alternative is accepted. The Department of Computer Science and
problem like ARP poisoning attacks. The cause of Engineering The Pennsylvania State
ARP poisoning is the lack of message University
authentication, so that any host in the LAN is able to [4].
spoof messages pretending to be someone else. An Arizona.http://www.acsac.org/1999/papers/
authentication scheme for ARP replies using public fri-b-1030-sinclair.pdf (30 Oct. 2003).
key cryptography, which extends ARP to S-ARP. [5]. Bezroukov, Nikolai. 19 July 2003.
Adding strong authentication to ARP messages “Intrusion Detection (general issues).”
resolves the problem, thus denying any attempt of [6]. Arizona.
ARP poisoning[2]. Another approaches like Ticket- [7]. Crosbie, Mark, and Gene Spafford.
based Address Resolution Protocol. TARP and its 1995.“Applying Genetic Programming to
implementation built as an extension to ARP, TARP Intrusion Detection.” In Proceedings of
achieves resilience to cache poisoning. We have 1995 AAAI Fall Symposium on Genetic
shown experimentally that TARP reduces cost by as Programming, pp. 1-8. Cambridge,
much as two orders of magnitude over existing Massachusetts. URL:
protocols[3] so, the observations says that this could http://citeseer.nj.nec.com/crosbie95applyin
be improves more securities from the intruders and g.html (30 Oct. 2003).
the performance and efficiencies has to be increase
1493 | P a g e
5. Mr.D.Y.Thorat / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1490-1494
[8] inclair, Chris, Lyn Pierce, and Sara
Matzner. 1999. “An Application of
Machine Learning to Network Intrusion
Detection.” In Proceedings of 1999 Annual
Computer Security Applications Conf.
(ACSAC), pp. 371-377. Phoenix
[9]. David C. Plummer (1982-11). "RFC 826,
An Ethernet Address Resolution Protocol --
or -- Converting Network Protocol
Addresses to 48.bit Ethernet Address for
Transmission on Ethernet Hardware".
Internet Engineering Task Force, Network
Working Group.
http://tools.ietf.org/html/rfc826 .
[10].
http://csrc.ncsl.nist.gov/publications/nistpu
bs/800-94/SP800-94.pdf Guide to Intrusion
Detection and Prevention Systems (IDPS),
NIST CSRC special publication SP 800-94,
released 02/2007
[11]. Jones, Anita. K. and Robert. S. Sielken.
2000. “Computer System Intrusion
Detection: A Survey.” Technical
Report.Department of Computer Science,
University of Virginia, Charlottesville,
Virginia.
[12] Robert Graham. URL:
http://www.robertgraham.com/pubs/networ
k-intrusion-detection.html (30 Oct. 2003).
1494 | P a g e