A Hybrid Intrusion Detection System for Network Security: A New Proposed Min – Min Algorithm

A Hybrid Intrusion Detection System For Network Security: A New Proposed Min – Min Algorithm Parveen Sadotra Research Scholar, Department of Computer Science Career Point University, Kota, Rajasthan, India Dr. Chandrakant Sharma Professor, Department of Computer Science Career Point University, Kota, Rajasthan, India Abstract— When talk about intrusion, then it is pre- assume that the intrusion is happened or it is stopped by the intrusion detection system. This is all done through the process of collection of network traffic information at certain point of networks in the digital system. In this way the IDS perform their job to secure the network. There are two types of Intrusion Detection: First is Misuse based detection and second one is Anomaly based detection. The detection which uses data set of known predefined set of attacks is called Misuse - Based IDSs and Anomaly based IDSs are capable of detecting new attacks which are not known to previous data set of attacks and is based on some new heuristic methods. In our hybrid IDS for computer network security we use Min-Min algorithm with neural network in hybrid method for improving performance of higher level of IDS in network. Data releasing is the problem for privacy point of view, so we first evaluate training for error from neural network regression state, after that we can get outer sniffer by using Min length from source, so that we hybridized as with Min – Min in neural network in hybrid system which we proposed in our research paper Keywords— intrusion detection, network security, anomaly, Min-Min algorithm, Neural network. I. INTRODUCTION An Intrusion Detection System (IDS) is a dynamic monitoring system used to identify, examine and observe violated activities. It discovers breach and illegal access to confidentiality, unavailability, authorization, authentication, integrity and network resources [4]. The related works shows that there exist a trade-off between better security mechanism and efficient resource utilization of sensor networks. If we increase network security we have to compromise on efficient resource consumption and vice versa. As a result, better security mechanisms is required that uses network resources efficiently. In order to tackle with this issue, we have proposed a Mobile Agent Based Hierarchical Intrusion Detection System (MABHIDS). Our proposed scheme uses minimum network resources by providing enhanced level of security. Energy Prediction Approach alone is not suitable for the WSN, so H-HIDS, which is suitable for large and sustainable WSN is combined, the two approaches along with the Min- Min with neural network to make it suitable for a large WSN. Therefore, the new proposed IDS will offer a wide range of flexibility for its application in any type of network security. This paper proposes an anomaly based IDS (Intrusion Detection System) AIDS. AIDS provides detection of un- trusted users; false requests that may lead to spoofing, XSS or DOS attack and many such possible attacks. Aids can be helpful in detecting such attacks and maintaining the QoS of network security. We also perform the various parameters to check its reliability, throughput, failure probability and wait time. This paper also analyses the problem of intrusion detection in a Uniform, and unified distributed network security by characterizing the detection probability with respect to the application requirements and the network parameters under both single sensing detection and multiple sensing detection model. II. BACKGROUND OF THE RESEARCH The intrusion detection market began to gain in popularity and truly generate revenues around 1997. In that year, the security market leader, ISS, developed a network intrusion detection system called “Real Secure”. A year later, Cisco recognized the importance of network intrusion detection and purchased the Wheel Group, attaining a security solution they could provide to their customers. Similarly, the first visible host- based intrusion detection company, Centrax Corporation, emerged because of a merger of the development staff from Haystack Labs and the departure of the CMDS team from SAIC. From there, the commercial IDS world expanded its market-base and a roller coaster ride of start-up companies, mergers, and acquisitions ensued. Martin Roesch, in the year 1998 launched a lightweight open source Network IDS named “SNORT” [3], which has since then gained much popularity. In year, 1999 Okena Systems worked out the first Intrusion Prevention System (IPS) under the name “Storm Watch”. IPS is the systems, which not only detect the intrusions but also are able to react on alarming situation. These systems can co- operate with firewall without any intermediary applications. Signature/pattern based Detection International Journal of Computer Science and Information Security (IJCSIS), Vol. 15, No. 9, September 2017 135 https://sites.google.com/site/ijcsis/ ISSN 1947-5500

In this technique, the sensors, which are, placed in different LAN segments filter and analysis network packets in real time and compares them against a database of known attack signatures. Attack signatures are known methods that intruders have employed in the past to penetrate a network. If the packet contents match an attack signature, the IDS can take appropriate countermeasure steps as enabled by the network security administrator. These countermeasures can take the form of a wide range of responses. They can include notifications through simple network management protocol (SNMP) traps or issuance of alerts to an administrator’s email or phone, shutting down the connection or shutting down the system under threat etc. An advantage of misuse detection IDS is that it is not only useful to detect intrusions, but it will also detect intrusion attempts; a partial signature may indicate an intrusion attempt. Furthermore, the misuse detection IDS could detect port scans and other events that possibly precede an intrusion. Unauthorized Access based Detection In unauthorized access detection, the IDS detect attempts of any access violations. It maintains an access control list (ACL) where access control policies for different users based on IP addresses are stored. User requests are verified against the ACL to check any violations. Behavioral Anomaly (Heuristic based) Detection: In behavioral anomaly detection method, the IDS are trained to learn the normal behavioral pattern of traffic flow in the network over an appropriate period. Then it sets a baseline or normal state of the network’s traffic, protocols used and typical packet sizes and other relevant parameters of network traffic. The anomaly detector monitors different network segments to compare their state to the normal baselines and look for significant deviations. Protocol Anomaly Detection: With this technique, anomaly detector alerts administrator of traffic that does not conform to known protocol standards. As the protocol anomaly, detection analyzes network traffic for deviation from standards rather than searching for known exploits there is a potential for protocol anomaly to serve as an early detector for undocumented exploits. Mining Techniques In Network Security To Enhance Intrusion Detection Systems The mining techniques in network security to enhancements in this research concentrate on two main phases of IDS, which are feature selection and normalization. Feature selection enhancement (or the first enhancement) is enhanced by an improved method that filters the most valuable features for IDS. On the other hand, the normalization of nominal features (or the second enhancement) solved the problem of different feature types, data dominance, and impact on classification. The latter is modified to be hybrid approach. These enhancements boost significantly the classifier performance. Statistical Anomaly Based Intrusion Detection System (SABIDS) Statistical modelling is among the earliest methods used for detecting intrusions in electronic information systems. Statistical based anomaly detection techniques use statistical properties and statistical tests to determine whether “Observed behavior” deviate significantly from the “expected behavior” [7]. Statistical based anomaly detection techniques use statistical properties (e.g., mean and variance) of normal activities to build a statistical based normal profile and employ statistical tests to determine whether observed activities deviate significantly from the normal profile. The IDS goes on assigning a score to an anomalous activity. As soon as this score becomes greater certain threshold, it will generate an alarm. SABIDS is a two-step process: first, it establishes behaviour profiles for the normal activities and current activities. Then these profiles are matched based on various techniques to detect any kind of deviation from the normal behavior. SABIDS can further be classified into following categories a. Operational Model or Threshold Metric b. Markov Process Model or Marker Model c. Statistical Moments or Mean and Standard Deviation Model d. Multivariate Model e. Time Series Model Knowledge Based Detection Technique Knowledge based detection Technique can be used for both signature based IDS as well as anomaly based IDS. It accumulates the knowledge about specific attacks and system vulnerabilities. It uses this knowledge to exploit the attacks and vulnerabilities to generate the alarm. Any other event that is not recognized as an attack is accepted. Therefore, the accuracy of knowledge based intrusion detection systems is considered good. However, their completeness requires that their knowledge of attacks be updated regularly [29]. Machine Learning Based Detection Technique Machine learning can be defined as the ability of a program and/or a system to learn and improve their performance on a certain task or group of tasks over time. Machine learning techniques focus on building a system that improves its performance based on previous results i.e. machine learning techniques have the ability to change their execution strategy based on newly acquired information [5]. This feature could make it desirable to use in all situations, but the major drawback is their resource expensive nature. In many cases, International Journal of Computer Science and Information Security (IJCSIS), Vol. 15, No. 9, September 2017 136 https://sites.google.com/site/ijcsis/ ISSN 1947-5500

the machine learning technique coincides with that of the statistical techniques and data mining techniques. This technique can further classified as: a. Bayesian Approach b. Neural Networks c. Fuzzy Logic d. Genetic Algorithms e. Support vector machines Signature Based Detection Signature detection involves searching network traffic for a series of malicious bytes or packet sequences. The main advantage of this technique is that signatures are very easy to develop and understand if we know what network behavior we are trying to identify. For instance, we might use a signature that looks for particular strings within exploit particular buffer-overflow vulnerability. The events generated by signature-based IDS can communicate the cause of the alert. As pattern matching can be done more efficiently on modern systems so the amount of power needed to perform this matching is minimal for a rule set. For example if the system that is to be protected only communicate via DNS, ICMP and SMTP, all other signatures can be ignored. Limitations of these signature engines are that they only detect attacks whose signatures are previously stored in database; a signature must be created for every attack; and novel attacks cannot be detected. This technique can be easily deceived because they are only based on regular expressions and string matching. These mechanisms only look for strings within packets transmitting over wire. More over signatures work well against only the fixed behavioral pattern, they fail to deal with attacks created by human or a worm with self-modifying behavioral characteristics. Signature based detection does not work well when the user uses advanced technologies like nop generators, payload encoders and encrypted data channels. The efficiency of the signature-based systems is greatly decreased, as it has to create a new signature for every variation. As the signatures keep on increasing, the system engine performance decreases. Due to this, many intrusion detection engines are deployed on systems with multi processors and multi Gigabit network cards.IDS developers develop the new signatures before the attacker does, so as to prevent the novel attacks on the system. The difference of speed of creation of the new signatures between the developers and attackers determine the efficiency of the system. Anomaly Based Detection The anomaly based detection is based on defining the network behavior. The network behavior is in accordance with the predefined behavior, then it is accepted or else it triggers the event in the anomaly detection. The accepted network behavior is prepared or learned by the specifications of the network administrators. The important phase in defining the network behavior is the IDS engine capability to cut through the various protocols at all levels. The Engine must be able to process the protocols and understand its goal. Though this protocol analysis is computationally expensive, the benefits it generates like increasing the rule set helps in less false positive alarms. The major drawback of anomaly detection is defining its rule set. The efficiency of the system depends on how well it is implemented and tested on all protocols. Rule defining process is also affected by various protocols used by various vendors. Apart from these, custom protocols also make rule defining a difficult job. For detection to occur correctly, the detailed knowledge about the accepted network behavior, need to be developed by the administrators. Nevertheless, once the rules are defined and protocol is built then anomaly detection systems work well. If the malicious behavior of the user falls under the accepted behavior, then it goes unnoticed. An activity such as directory traversal on a targeted vulnerable server, which complies with network protocol, easily goes unnoticed, as it does not trigger any out-of-protocol, payload or bandwidth limitation flags. The major advantage of anomaly-based detection over signature-based engines is that a novel attack for which a signature does not exist can be detected if it falls out of the normal traffic patterns. This is observed when the systems detect new automated worms. If the new system is infected with a worm, it usually starts scanning for other vulnerable systems at an accelerated rate filling the network with malicious traffic, thus causing the event of a TCP connection or bandwidth abnormality rule. III. METHODOLOGY PRESENT APPROACH (ANOMALY BASED IDS) This section describes the comparative analysis of signature based intrusion detection and anomaly based intrusion detection systems. PHAD that is an anomaly based intrusion detection system and Snort, which is a signature based intrusion detection system, are used for this purpose. Anomaly based IDS detects the abnormal behavior in the computer systems and computer networks. The deviation from the normal behavior is considered as attack. The profiles a built using metrics, which may include traffic, rate number of packets for each protocol etc. These profiles are called normal profiles because these are created using attack free data. Anomaly based IDS detect attacks by comparing the new traffic with the already created profiles. Analysis of Anomaly based IDS that is done in this paper is PHAD. A. PHAD (Packet Header Anomaly Detector) International Journal of Computer Science and Information Security (IJCSIS), Vol. 15, No. 9, September 2017 137 https://sites.google.com/site/ijcsis/ ISSN 1947-5500

PHAD [1] is a simple time-based protocol anomaly detector for network packets. To apply time-based modeling to anomaly detection with explicit training and test periods, an anomaly score= tn/r is calculated, where n is the number of times a packet field is observed during the training period and r is the number of distinct values of a particular packet field observed during training period, and where t is the time since the last anomaly [2]. SIGNATURE BASED IDS Signature based IDS matches the signatures of already known attacks that are stored into the database to detect the attacks in the computer system. Results of Signature based IDS that is evaluated is Snort. B. SNORT IDS Snort [3] is a small, lightweight open source IDS written by Martin Roesch which has become the most widely used IDS. Snort is an open source Intrusion Detection System that may also be configured as an Intrusion Prevention system for monitoring and prevention of security attacks on networks C. EVALUATION OF PHAD AND SNORT 3.4 Design Architecture The proposed research design architecture can be divided into three phases of development namely, data collection and preprocessing; Known and unknown attack detection; and Prevention as shown in Fig. 1 Fig. 1: Intrusion Detection Phase of System Architecture IV. PROPOSED NOVEL ALGORITHM MIN-MIN NN (MIN_MIN NEURAL NETWORK) MIN-MIN ALGORITHM STEPS OF PROPOSED WORK Input: Training set, testing set, h (theta), service, src_byte, wrong_fragment, flag, num_failed_logins Output: Min-Min neural network Process: Step 1. Start Step 2. Load the dataset Step 3. Specify the initial parameters h, service, src_byte, wrong_fragment, flag, num_failed_logins Step 4. If the input pattern is the first input pattern in the learning process, then assign the value of vij and wij. Step 5: For all tasks i t in Step 6:For all machines m j Step 7: CTij j = ET ij+ r Step 8: Do until all risk in MT are mapped Step 9: For each task i t in MT (meta task for intruder) Step 10: Find minimum CTij and resource that obtains it. Step 11: Find the intruderkt with the minimum CTij . Step 12: assign kt to resource and take hidden valuel m that Step 13: Delete kt from MT. Step 14: Update l r. Step 15: Update using feed forward CTil for all i. Step 16: when node wants to send data to next protocol version Step 17: If it is free then PHAD for anomaly detection. Step 18: if (ACK == yes) then the first phase is the filtering of incoming client sessions to distinguish beginning of Step 19: if (ACK == no) means acknowledgment not received then new Min-Min back-off is called to calculate the waiting slot time. Step 20: if (n=number of attack detect< no of intruder )Only the traffic data, which evidence of attacks are included in, is passed to the modeling phase Else WT = Min-Min (n) End if International Journal of Computer Science and Information Security (IJCSIS), Vol. 15, No. 9, September 2017 138 https://sites.google.com/site/ijcsis/ ISSN 1947-5500

Step 21: wait until WT = 0 then s nine types of packets If (intrusion) then Go to step 1 Else Go to step 1 Step 22: end V. PROPOSED FLOW CHART Fig. 2. Flow chart for Algorithm Data Collection and Preprocessing The data obtained from the standard dataset is preprocessed to get the data in the format which is acceptable for the detection. The outcome of this step will give formatted dataset which will be the input for detection phase. DARPA KDD Cup 1999 IDS evaluation data set is used as input for proposed system, which is Massachusetts Institute of Technology/Lincoln Laboratory traffic files collection and is available online. The original KDD Cup 1999 dataset contains 41 features. Each row contributes for these 41 features of the network traffic packet. Additionally, these feature attributes are categorized into further sub-classification based on the features extracted from the parts of packet i.e. Packet Header, Packet Payload Contents and Packet Traffic features .Once, this KDD Cup 1999 dataset with feature definition file is obtained, it is possible to process complete file for the further modules of the proposed system. It gives more clearly the details about each feature attribute of intrusion data. Table 1: Simulator Parameters As we know from the various existing research the intrusion detection system is a vital issue in network security; specifically it has been used to detect and remove anomalous objects from data. It is an extremely important task in a wide variety of application domains. In this proposed method we used the Min_Min neural network based on security approaches for intrusion detection is presented. We first perform the neural network training and training states algorithm then in result, we compared them. Snorts are then determined and considered as intrusion detection. VI. RESULT RESULTS OF PHAD This section presents the experimental results. The suitable architecture of the neural network as well as the importance of using only the relevant attributes is discussed and demonstrated. The performance is evaluated on the recorded real network data. Simulation Parameters Values Channel Channel/wireless channel No of sensor nodes 10 Network Interface Physical/Wireless MAC MAC 802.11 Link Layer LL Interface Queue Length 50 Simulator software Version 2012a K- sensing 50 Simulation Time 10s Network WSN International Journal of Computer Science and Information Security (IJCSIS), Vol. 15, No. 9, September 2017 139 https://sites.google.com/site/ijcsis/ ISSN 1947-5500

Figure 3: Training phase Figure 4: Snort’s for no of attack Snort IDS is one of the most widely used IDS (Siddhart, 2005). When an ID monitors a network, attackers can send evading attack packets that will try avoiding detection. It was found that Snort alerted for about half of the attack packets. Weaknesses in Snorts capabilities in detecting certain evasion attacks where found, which can be solved by creating customized rules. Figure 5: Detected attack of SNORT in days Figure 6. Error minimization for SNORT Figure 7: Detected attack by using hybrid technique 0 2 4 6 8 10 12 -4 -3 -2 -1 0 1 2 3 Noofattack -120 -100 -80 -60 -40 -20 0 20 40 60 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 days DetectedAttack No of detected Attack for SNORT 0 50 100 150 200 250 300 350 0 50 100 150 200 250 -200 -150 -100 -50 0 50 100 0 500 1000 1500 2000 2500 3000 TotalNoofdetectedattack International Journal of Computer Science and Information Security (IJCSIS), Vol. 15, No. 9, September 2017 140 https://sites.google.com/site/ijcsis/ ISSN 1947-5500

Figure 8: No of intrusion detection using PHAD+SNORT Figure 9: No of detection attack for MM-Neural network+ NETAD Figure 10: Performance of Trained data Figure 11: MSE value of data Figure 12: Regression data for training phase CONCLUSION For the experimentation purpose KDD DARPA, dataset Intrusion Detection System Evaluation dataset, which was created in MIT Lincoln Laboratories, is used to evaluate the performance of PHAD+SNORT and MM-Neural network+ NETAD. Both systems are evaluated with the same input. Firstly, PHAD+SNORT are tested on DARPA dataset and observe the number of alarms generated by it. Secondly, intrusion Detection system, Snort, is tested on the same data. The comparative analysis of PHAD+SNORT and is MM- Neural network+ NETAD done. The results are compared 0 50 100 150 200 250 300 350 0 50 100 150 200 250 1 2 3 4 5 6 7 8 9 10 11 12 0 2 4 6 8 10 12 14 days Noofdetectionattack Contribution of SNORT using MM-Neural network MM-Neural network+NETAD NETAD 10 0 10 5 10 10 gradient Gradient = 117.4443, at epoch 69 10 -4 10 -2 10 0 mu Mu = 0.01, at epoch 69 0 10 20 30 40 50 60 0 5 10 valfail 69 Epochs Validation Checks = 6, at epoch 69 0 10 20 30 40 50 60 10 1 10 2 10 3 10 4 10 5 Best Validation Performance is 710.3417 at epoch 63 MeanSquaredError(mse) 69 Epochs Train Validation Test Best -200 -100 0 100 200 -200 -150 -100 -50 0 50 100 150 200 Target Output~=0.12*Target+64 Training: R=0.34339 Data Fit Y = T -200 -100 0 100 200 -200 -150 -100 -50 0 50 100 150 200 Target Output~=0.12*Target+64 Validation: R=0.33614 Data Fit Y = T -200 -100 0 100 200 -200 -150 -100 -50 0 50 100 150 200 Target Output~=0.098*Target+65 Test: R=0.30429 Data Fit Y = T -200 -100 0 100 200 -200 -150 -100 -50 0 50 100 150 200 Target Output~=0.11*Target+64 All: R=0.33594 Data Fit Y = T International Journal of Computer Science and Information Security (IJCSIS), Vol. 15, No. 9, September 2017 141 https://sites.google.com/site/ijcsis/ ISSN 1947-5500

because of MSE generated per day, MSE generated protocol wise and detection rate. It has been found and concluded that MM-Neural network+ NETAD is better in performance than PHAD+SNORT. REFERENCES [1]. I. F. Akyildiz et al., “Wireless Sensor Networks: A Survey, “Elsevier Comp. Networks, vol. 3, no. 2, 2002,pp. 393–422 [2]. G.Li, J.He, Y. Fu. “Group-based intrusion detection system in wireless sensor networks” Computer Communications, Volume 31, Issue 18 (December 2008) [3]. Michael Brownfield, “Wireless Sensor Network Denial of Sleep Attack”, Proceedings of the 2005 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY. [4]. FarooqAnjum, DhanantSubhadrabandhu, SaswatiSarkar *, Rahul Shetty, “On Optimal Placement of Intrusion Detection Modules in Sensor Networks”, Proceedings of the First International Conference on Broadband Networks (BROADNETS04) [5]. Parveen Sadotra et al, A REVIEW ON INTEGRATED INTRUSION DETECTION SYSTEM IN CYBER SECURITY International Journal of Computer Science and Mobile Computing, Vol.5 Issue.9, September- 2016, pg. 23-28 [6]. Y. Zhang and W. Lee.Intrusion Detection in Wireless Ad-Hoc Networks. In Proc. ACM MobiCom, pages 275-283, 2000 [7]. Qi Wang, Shu Wang, “Applying an Intrusion detection algorithm to wireless sensor networks”, Second international workshop on Knowledge Discovery and Data Mining, 2009. [8]. Xi Peng, Wuhan Zheng Wu, Debao Xiao, Yang Yu," Study on Security Management Architecture for Sensor Network Based on Intrusion Detection '" IEEE, Volume: 2,25-26 April 2009. [9]. Demirkol, F. Alagoz, H. Delic, and C. Ersoy, ― Wireless sensor networks for intrusion detection: packet traffic modelingǁ, 10(1):22–24, January 2006. [10]. W. B. Heinzelman, A. P. Chandrakasan, and H. Balakrishnan, - An application-specific protocol architecture for wireless micro sensor networks,ǁ IEEE Transactions on Wireless Communications, vol. 1, no. 4, pp. 660–670, 2002. [11]. K. Akkayaand M. Younis, ―A Survey of Routing Protocols in Wireless Sensor Networks, ǁ in the Elsevier Ad Hoc Network Journal, Vol. 3/3 pp. 325-349, 2005 [12]. Parveen Sadotra and Chandrakant Sharma. A Survey: Intelligent Intrusion Detection System in Computer Security. International Journal of Computer Applications 151(3):18-22, October 2016 [13]. R. A. F. Mini, B. Nath, and A. A. F. Loureiro,-A probabilistic approach to predict the energy consumption in wireless sensor network,ǁ In IV Workshop ,ǁ In IV Workshop on Wireless Communication and Mobile Computing, Seo Paulo, Brazil, October 23-25 2002. [14]. E. Blaß, M. Conrad and M. Zitterbart, “A Tree Based Approach for Secure Key Distribution in Wireless Sensor Networks.”, 2006. [15]. R. Roman, J. Zhou and J. Lopez, “Applying Intrusion Detection Systems to Wireless Sensor Networks”, Communications Society publication in the IEEE CCNC 2006. [16]. J. G. Tront and R. C. Marchany, “Internet Security Intrusion Detection & Prevention”, IEEE Proceedings ofthe 37th Hawaii International Conference on System Sciences, 2004. [17]. F.L. Lewis, “Wireless Sensor Networks” Smart Environments: Technologies, Protocols, and Applications Conference, New York, 2004. [18]. L. Besson, P. Leleu, “A distributed intrusion detection system for ad-hoc wireless sensor networks”, The 16th IEEE International Conference on Systems, Signals and Image Processing, Vol. 1, pp. 1-3, June 2009. [19]. A. Abduvaliyev, S. Lee, Y.K Lee, “Energy Efficient Hybrid Intrusion Detection System for Wireless Sensor Networks”, IEEE International Conference on Electronics and Information Engineering, Vol.2, pp. 25-29, August 2010. [20]. I. Krontiris, Z. Benenson, T. Giannetsos, F. Freiling, T. Dimitriou, “Cooperative Intrusion Detection in Wireless Sensor Networks”, Lecture Notes in Computer Science, Vol. 5432, pp. 263-278, February 2009. [21]. A. Araujo, J. Blesa, E. Romero, D. Villanueva, “Security in cognitive wireless sensor networks. Challenges and open problems”, EURASIP Journal on Wireless Communications and Networking, February 2012. [22]. Parveen Sadotra(CEH) and Dr. Chandrakant Sharma, “Transformation in Building More Intelligent Intrusion System: A review” presented in ICEECSIT- 17 at New Delhi, India, PP. 1 – 5 [23]. A. Becher, Z. Benenson, and M. Dorsey, Tampering with motes: Real-world physical attacks on wireless sensor networks." in SPC (J. A. Clark, R. F. Paige, F. Polack, and P. J. Brooke, eds.), vol. 3934 of Lecture Notes in Computer Science, pp. 104{118, Springer, 2006. [24]. I. Krontiris and T. Dimitriou, A practical authentication scheme for in-network programming in wireless sensor networks," in ACM Workshop on Real-World Wireless Sensor Networks, 2006 [25]. I. Krontiris, T. Giannetsos, and T. Dimitriou, LIDeA: a distributed lightweight intrusion detection architecture for sensor networks," in Secure Comma '08: Proceedings of the 4th international conference on Security and privacy in communication networks, (New York, NY,USA), pp. 1{10, ACM, 2008 [26]. W. Xu, K. Ma, W. Trappe, and Y. Zhang. Jamming sensor networks: attack and defines strategies. IEEE Network Magazine, 20(3):41–47, 2006. [27]. G. Li, J. He and Y. Fu.A group-based intrusion detection scheme in wireless sensor networks. In GPC-WORKSHOPS ’08: Proceedings of the International Conference on Grid and Pervasive Computing - Workshops, pages 286–291, Washington, DC, USA, 2008. IEEE Computer Society [28]. I. Krontiris, T. Dimitriou, T. Giannetsos, and M. Mpasoukos. Intrusion detection of sinkhole attacks in wireless sensor networks. In ALGOSENSORS ’07: Proceedings of the International Workshop on Algorithmic Aspects of Wireless Sensor Networks, pages 150–161, Germany, 2007. Springer-Verlag. [29]. M. Wen, H. Li, Y. Zheng, and K. Chen.Tdoa-based Sybil attack detection scheme for wireless sensor networks.Journal of Shanghai University (English Edition), 12:66–70,2008. [30]. Chong Eik Loo,Mun Yong Ng, Christopher Leckie, and MarimuthuPalaniswami.(2006) “Intrusion detection for routing attacks in sensor networks,” International Journal of Distributed Sensor Networks, Vol 2, pp. 313–332. [31]. Wei-Tsung Su, Ko-Ming Chang, and Yau-Hwang Kuo.Ehip, (2007) “An energy-efficient hybrid intrusion prohibition system for cluster-based wireless sensor networks,” Computer Networks, Vol 51, pp. 1151–1168. [32]. Sadotra P, Sharma C. A New Distributed Intrusion Detection System in Computer Network: An Approach to Detect Malicious Intrusion Threats at Initial Stage. Orient.J. Comp. Sci. and Technol;10(2) [33]. Fang Liu, Xiuzhen Cheng, and Dechang Chen, (2007) “Insider attacker detection in wireless sensor networks,” In INFOCOM 2007.26th IEEE International Conference on Computer Communications. IEEE, pp. 1937–1945. [34]. SADOTRA, Parveen; SHARMA, Dr. Chandrakant. Intrusion Detection in Networks Security: A New Proposed Min-Min Algorithm. International Journal of Advanced Research in Computer Science, [S.l.], v. 8, n. 3, apr. 2017. ISSN 0976-5697 [35]. Tran Hoang Hai, Eui-Nam Huh, and Minho Jo.(2010) “A lightweight intrusion detection framework for wireless sensor networks,” Wirel.Commun.Mob.Comput., 10(4), pp. 559–572. [36]. TassosDimitriou and AthanassiosGiannetsos.Wormholes no more, (2010) “localized wormhole detection and prevention in wireless networks,” In Distributed Computing in Sensor Systems, pp. 334– 347. Springer Berlin/Heidelberg. [37]. Yun Wang, Wei huang Fu, and Dharma P. Agrawal, Life Fellow, IEEE IEEE Transactions on parallel and distributed systems, vol. 24, no. 2, february 2013 [38]. T. Wimalajeewa and S.K. Jayaweera, “Impact of Mobile Node Density on Detection Performance Measures in a Hybrid Sensor International Journal of Computer Science and Information Security (IJCSIS), Vol. 15, No. 9, September 2017 142 https://sites.google.com/site/ijcsis/ ISSN 1947-5500

Network,” IEEE Trans. Wireless Comm., vol. 9, no. 5, pp. 1760- 1769, May 2010. [39]. H. Kung and D. Vlah, “Efficient Location Tracking Using Sensor Networks,” Proc. IEEE Wireless Comm. and Networking Conf., vol. 3,pp. 1954-1961, Mar. 2003 [40]. C.-Y.Lin, W.-C.Peng, and Y.-C. Tseng, “Efficient In-Network Moving Object Tracking in Wireless Sensor Networks,” IEEE Trans. Mobile Computing, vol. 5, no. 8, pp. 1044-1056, Aug. 2006. [41]. Chao, S. Ren, Q. Li, H. Wang, X. Chen, and X. Zhang, “Design and Analysis of Sensing Scheduling Algorithms under Partial Coverage for Object Detection in Sensor Networks,” IEEE Trans. Parallel and Distributed Systems, vol. 18, no. 3, pp. 334-350, Mar. 2007. [42]. SADOTRA, Parveen; SHARMA, Dr. Chandrakant. SQL Injection Impact on Web Server and Their Risk Mitigation Policy Implementation Techniques: An Ultimate solution to Prevent Computer Network from Illegal Intrusion. International Journal of Advanced Research in Computer Science, [S.l.], v. 8, n. 3, apr. 2017. ISSN 0976-5697. [43]. S. Ren, Q. Li, H. Wang, X. Chen, and X. Zhang, “Design and Analysis of Sensing Scheduling Algorithms under Partial Coverage for Object Detection in Sensor Networks,” IEEE Trans. Parallel and Distributed Systems, vol. 18, no. 3, pp. 334-350,Mar. 2007 [44]. B. Liu, P. Brass, O. Dousse, P. Nain, and D. Towsley, “Mobility Improves Coverage of Sensor Networks,” Proc. Sixth ACM Int’lSymp. Mobile Ad Hoc Networking and Computing (MobiHoc ’05),pp. 300-308, 2005. [45]. M. Guerriero, L. Svensson, and P. Willett, “Bayesian Data Fusion for Distributed Target Detection in Sensor Networks,” IEEE Trans. Signal Processing, vol. 58, no. 6, pp. 3417-3421, June 2010. [46]. M. Zhu, S. Ding, Q. Wu, R. Brooks, N. Rao, and S. Iyengar,“Fusion of Threshold Rules for Target Detection in Wireless Sensor Networks,” ACM Trans. Sensor Networks, vol. 6, no. 2,article 18, 2010. [47]. Sasikumar, P. ; Sch. of Electron. Eng., VIT Univ., Vellore, India ;Khara, S. K-Means Clustering in Wireless Sensor Networks” Computational Intelligence and Communication Networks (CICN), 2012 [48]. I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “A Survey on Wireless Sensor Networks,” IEEE Comm. Magazine, vol. 40, no. 8, pp. 102-114, Aug. 2002. [49]. S. Tilak, N.B. Abu-Ghazaleh, and W. Heinzelman, “A Taxonomy of Wireless Micro-Sensor Network Models,” ACM Mobile Computing and Comm. Rev., vol. 6, no. 2, pp. 28-36, Apr. 2002. [50]. A. Agah, S. Das, K. Basu, and M. Asadi, “Intrusion Detection in Sensor Networks: A Non-Cooperative Game Approach,”Proc. Third IEEE Int’l Symp. Network Computing and Applications (NCA ’04), pp. 343-346, 2004. [51]. Parveen Sadotra (Ceh) ,Chandrakant Sharma , (2017 ) " Transformation in Building More Intelligent Intrusion Detection System: A Review " , International Journal of Management and Applied Science (IJMAS) , pp. 29-33, Volume-5, Issue-3 [52]. S. Kumar, T.H. Lai, and J. Balogh, “On K-Coverage in a Mostly Sleeping Sensor Network,” Proc. 10th Ann. Int’l Conf. Mobile Computing and Networking (MobiCom ’04), pp. 144-158, 2004. [53]. V. Giruka, M. Singhal, J. Royalty, and S. Varanasi, “Security in Wireless Sensor Networks,” Wireless Comm. and Mobile Computing, vol. 8, no. 1, pp. 1-24, 2008. [54]. H. Kung and D. Vlah, “Efficient Location Tracking Using Sensor Networks,” Proc. IEEE Wireless Comm. and Networking Conf., vol. 3,pp. 1954-1961, Mar. 2003. [55]. M. Ali Aydın *, A. HalimZaim, K. GokhanCeylan “A hybrid intrusion detection system design for computer network security” Computers and Electrical Engineering 35 (2009) 517–526. International Journal of Computer Science and Information Security (IJCSIS), Vol. 15, No. 9, September 2017 143 https://sites.google.com/site/ijcsis/ ISSN 1947-5500

A Hybrid Intrusion Detection System for Network Security: A New Proposed Min – Min Algorithm

More Related Content

What's hot

Similar to A Hybrid Intrusion Detection System for Network Security: A New Proposed Min – Min Algorithm

Recently uploaded

A Hybrid Intrusion Detection System for Network Security: A New Proposed Min – Min Algorithm