Upload
anusha-reddy
View
219
Download
0
Embed Size (px)
Citation preview
7/29/2019 PPT FINALwireless
1/28
A Wireless Intrusion Detection
System and a new attack model
Project Guide: Mr.S.P.Vijayanand M.E
by,
R.Berlin Mano
M.Gokul Raj
7/29/2019 PPT FINALwireless
2/28
Abstract
Denial-of-Service attacks, and jamming inparticular, are a threat to wireless networksbecause they are easy to mount and difficult to
detect and stop.
We propose a distributed intrusion detectionsystem in which each node monitors the traffic
flow on the network and collects relevantstatistics about it.
7/29/2019 PPT FINALwireless
3/28
By combining each nodes view we are able to
tell if an attack happened or if the channel isjust saturated.
We propose here an attack detectionmechanism based on shared monitoring of thenetwork by all nodes.
7/29/2019 PPT FINALwireless
4/28
SYSTEM ANALYSIS:
Existing System:
Traditional systems in place for intrusion detection primarilyuse a method known as Finger Printing to identify malicious
users. They are complex.
They are rule dependent. The behavior of packets flowing in
the network is new, then the system cannot take any decision.So they purely work in the basis of initial rules provided.
It cannot create its own rule depending on the currentsituation.
It requires manual energy to monitor the inflowing packetsand analyze their behavior.
7/29/2019 PPT FINALwireless
5/28
It cannot take decision in runtime.
If the pattern of the packet is new and not present inthe records, then it allows the packets to flow withoutanalyzing whether it is an intruder or not.
The packet with a new behavior can easily pass withoutbeing filtered.
7/29/2019 PPT FINALwireless
6/28
PROPOSED SYSTEM:
It uses matching algorithm, which is an artificial intelligenceproblem-solving model.
IDS compare learned user characteristics from an empiricalto all users of a system.
It includes temporal and spatial information of the network
traffic. It is both network based and host based system.
It can take decision in runtime.
7/29/2019 PPT FINALwireless
7/28
Advantages
It eliminates the need for an attack to be previouslyknown to be detected because malicious behavior isdifferent from normal behavior by nature.
Using a generalized behavioral model is theoreticallymore accurate, efficient and easier to maintain than afinger printing system.
It uses constant amount of computer resources peruser, drastically reducing the possibility of depletingavailable resources.
7/29/2019 PPT FINALwireless
8/28
System Specification
Software Requirements:
Operating System : Windows 2000 and Above.
Programming Package used : Java 1.4 and Above,Swings.
7/29/2019 PPT FINALwireless
9/28
Hardware Specification :
Hard Disk : 40GB and Above.RAM : 128MB and Above.
Processor : Pentium III and Above.
7/29/2019 PPT FINALwireless
10/28
System Description
The modules in this system are,
1. Multicasting the Packets to DetectIntruder
2. Matching the List of Events
3. Multicasting the Intruder to the
Neighboring nodes4. Sending Data to the destination
7/29/2019 PPT FINALwireless
11/28
7/29/2019 PPT FINALwireless
12/28
Module Description
Multicasting the packet to Detect the
Intruder:
The basic idea is to set up a monitor at each node in the
network to produce evidences and to share themamong all the nodes .
An evidence is a set of relevant information about thenetwork state
The initial process is the training process where thesource sends the packet with events to all the nodes inthe network to detect the intruder
7/29/2019 PPT FINALwireless
13/28
This process is known as multicasting.
Before sending the packets to all nodes, the sourcenode initiates the timestamp for the packets .
This training process is stored as an initial event list #1in the source node.
Receivers receive the packets which contain thetimestamp and send appropriate ACK replies. Receiversstore the received packets in their event list.
7/29/2019 PPT FINALwireless
14/28
7/29/2019 PPT FINALwireless
15/28
7/29/2019 PPT FINALwireless
16/28
Matching the List of Events:
The basic algorithm to match two lists of events isas follows:
The matching algorithm will invoke after receiving replyevents from the network.
First we start from the first list and for every event wetry to find a matching event on the second list that is,given a packet we look for it on the second list.
As we do this process of matching the events on the
sending and receiving list . if we find unmatched events on the second list at the
end ,it means that the sending and receiving events arenot same and the particular node is a intruder.
7/29/2019 PPT FINALwireless
17/28
Multicasting the Intruder to the
neighboring nodes:
If anyone from the received ACK packets is notmatched, then that particular node is the intruder to befound.
Now that the intruder is detected the address of theintruder is sent to the entire network by multicasting.
Neighbor nodes receive the IP address of the intruderand store it in the event lists to prevent future attacks
from that node in the network . The multicasting of the intruder address is done
source.
7/29/2019 PPT FINALwireless
18/28
Sending the data destination:
The data send process is done by splitting the chosen
text file into packets for transmission. The data send process is invoked after the source finds
out an intruder free path.
In the case of jamming/network malfunction, the source
waits till the network is restored, starts the trainingprocess to find the intruders and if any detected, selectsa path free from intrusion.
The source sends the data directly to the destinationthrough the safe path. Destination receives the data inthe form of packets and checks for anomalies to detectany loss of data in the data due to intrusion.
7/29/2019 PPT FINALwireless
19/28
7/29/2019 PPT FINALwireless
20/28
Coding: (Multicast)try
{s1 = "Hello";
s2=
InetAddress.getLocalHost().getHostName()+"="+Operations.getPropInt("settings.txt","distance");;
j = "Hello Protocol";
s = s1 + ":" + s2 +":" + j;b = s.getBytes();
t.start();
}
C di ( H ll R i )
7/29/2019 PPT FINALwireless
21/28
Coding:( Hello Receiver)ia = InetAddress.getByName(Operations.getProperty("settings.txt","addres"));
port=Integer.parseInt(Operations.getProperty("settings.txt","port"));
ms = new MulticastSocket(port);ms.joinGroup(ia);b = new byte[byt];dp = new DatagramPacket(b,b.length);ms.receive(dp);ms.close();s = new String(dp.getData());StringTokenizer st = new StringTokenizer(s.trim(),":");String s1 = st.nextToken(":");String s2 = st.nextToken(":");String s3 = st.nextToken(":");
if(s3.equals("Hello Protocol")){
neighbornode.add(s2);}
}
7/29/2019 PPT FINALwireless
22/28
Basic GUI Of IDS-Monitor
7/29/2019 PPT FINALwireless
23/28
7/29/2019 PPT FINALwireless
24/28
7/29/2019 PPT FINALwireless
25/28
Conclusion
The Distributed Intrusion detection systemproposed here detects intrusion by distributedcollection of relevant information from the nodes
and is also capable of detecting jamming attacks. We achieve two goals: we detect more attacks and
force the operator to give a decent service.
We allow cheaters to come into play, but theirimpact is self-limiting as a working network isneeded for them to play.
7/29/2019 PPT FINALwireless
26/28
Strengths of IDS:
Similar to a security "camera" or a "burglar
alarm"Alert security personnel that someone is picking
the "lock"
Alerts security personnel that a NetworkInvasion maybe in progress
When well configured, provides a certain
"peace" of mind Part of a Total Defense Strategy infrastructure
7/29/2019 PPT FINALwireless
27/28
References
1. Aime M and Calandriello G (2005). Distributed monitoring of
WiFi Channel.2. Bellardo J and Savage S (2003). 802.11 denial of service
attacks:realVulnerabilities and practical solutions. In proceedings of the 11thUSENIX security symposium, pages15-18, Washington D.C, USA.
3. Herbert Schildt Java 2 the Complete Reference.4. Raya M and Jacobson M . Reputation based WiFi deployment.SIGMOBILE Mob.comput.commun.
5. Shannon C.E. and W. Weaver A system to Detect greedy behaviorIn IEEE 802.11.
6. Steven Holzner The Java 2 Black Book.7. Zhang Y, Lee W and Huang Y. Intrusion detection techniques for
Mobile wireless networks.
Web resources:www.ethereal.org
7/29/2019 PPT FINALwireless
28/28
THANK U