ISSN (ONLINE): 2454-9762 ISSN (PRINT): 2454-9762 Available online at www.ijarmate.com
International Journal of Advanced Research in Management, Architecture, Technology and Engineering (IJARMATE) Vol. II, Issue VI, June 2016.
Enhanced Detection Guard System Against Malwares In Network Blessy Rajra M B1, Dr. A J Deepa ME., Ph.D2 P.G Student,Department of Computer Science Ponjesly College of Engineering Nagercoil,India1 Associate Professor, Department of Computer Science Ponjesly College of Engineering Nagercoil,India2
Abstract: Today we live in the 21st century, where technology & development are within our fingertips. We use a lot of gadgets in which computerization and systemization is no exception, with this the number of provoking, pestering, intruding and hacking too has kept on steady phase. Scientifically they are directly proportional. Today in this calculatorized world the common man or his superior has no place to hide in, his place of concealment is soon detected and hence privacy curbed (eg: website trawling). Alerts are produced by IDS when an intrusion happens in the network or host; managing is difficult. In this paper, an IDS alert correlator, called Enhanced Detection Guard System (EDGS) is introduced, to detect intrusions within the monitored network. EDG uses Heuristic algorithm to identify infected packets and it can identify the family of malware. The heuristic algorithm uses Entropy Measure and J-Measure to find the infected packets. Finally performance evaluation is made to calculate the specificity, sensitivity, False Positive Rate, False Negative Rate, accuracy and precision. Keywords: Network Security, Intrusion Detection, Alert Correlation, Malware, Performance Evaluation
behavior is studied and according to that patterns are created. Any behavior that deviates the established behavior is categorized as attack. (ii) Signature based IDS: A database is used to store the signature. Any attack that matches the stored signature is categorized as attack. This is well effective for known attacks. In this work, An Enhanced Detection Guard System (EDGS) is used to detect intrusions within the monitored networks. EDGS uses Heuristic algorithm to identify intrusions and it can identify the family of malwares. Detection Heuristic is capable of detecting many previously unknown malwares and new variants of current malwares. The Heuristic algorithm uses Entropy Measure and J-Measure. Entropy Measure is used to identify tuples. J-Measure combine’s two metrics and compare with threshold to identify the intrusions within monitored networks finally performance evaluation is made to calculate the specificity, sensitivity, False Positive Rate, False Negative Rate, accuracy and precision. II. RELATED WORKS
I.INTRODUCTION Illegal access and data modification can be secured by Intrusion Detection. Intrusion Detection System (IDS) is a device or software application that monitors the network activities for malicious activities. In general the intrusion detection system is classified into two categories namely, (i) Network based IDS: It analyses all the packets on the network whether they have originated from inside or outside your firewall. (ii) Host based IDS: Here, software is installed and maintained in the host to be monitored. And it alerts the user or administrator in case of attack. All the intrusion detection system uses either one of the intrusion detection techniques namely, (i) Statistical anomaly based IDS: Here at first the normal
There has been numerous works which explains the IDS. The authors Binkley and Singh proposed anomaly based algorithm to detect the infected systems, but unfortunately the proposed theory in practical is too slow and there is no guarantee that all the infected systems are detected. IRC nickname evaluation was proposed by Goebel and Holz which eventually losses its control over the server once a bot is found. Another proposed theory Wide-scale Botnet Detection and Characterization could not detect botnets that use encrypted communications. Sharma’s proposed model Analysis of security data from a large computing organization could recognize the thread only after the attack has occurred. The threat produced in the case of Chen, Extracting ambiguous sessions from real traffic with intrusion prevention systems is not necessarily true all the time is likely to create a large number of false alerts. False Positives (FPs) and False Negatives (FNs)
All Rights Reserved @ IJARMATE
34