PPT FINALwireless

7/29/2019 PPT FINALwireless

1/28

A Wireless Intrusion Detection

System and a new attack model

Project Guide: Mr.S.P.Vijayanand M.E

by,

R.Berlin Mano

M.Gokul Raj


2/28

Abstract

Denial-of-Service attacks, and jamming inparticular, are a threat to wireless networksbecause they are easy to mount and difficult to

detect and stop.

We propose a distributed intrusion detectionsystem in which each node monitors the traffic

flow on the network and collects relevantstatistics about it.


3/28

By combining each nodes view we are able to

tell if an attack happened or if the channel isjust saturated.

We propose here an attack detectionmechanism based on shared monitoring of thenetwork by all nodes.


4/28

SYSTEM ANALYSIS:

Existing System:

Traditional systems in place for intrusion detection primarilyuse a method known as Finger Printing to identify malicious

users. They are complex.

They are rule dependent. The behavior of packets flowing in

the network is new, then the system cannot take any decision.So they purely work in the basis of initial rules provided.

It cannot create its own rule depending on the currentsituation.

It requires manual energy to monitor the inflowing packetsand analyze their behavior.


5/28

It cannot take decision in runtime.

If the pattern of the packet is new and not present inthe records, then it allows the packets to flow withoutanalyzing whether it is an intruder or not.

The packet with a new behavior can easily pass withoutbeing filtered.


6/28

PROPOSED SYSTEM:

It uses matching algorithm, which is an artificial intelligenceproblem-solving model.

IDS compare learned user characteristics from an empiricalto all users of a system.

It includes temporal and spatial information of the network

traffic. It is both network based and host based system.

It can take decision in runtime.


7/28

Advantages

It eliminates the need for an attack to be previouslyknown to be detected because malicious behavior isdifferent from normal behavior by nature.

Using a generalized behavioral model is theoreticallymore accurate, efficient and easier to maintain than afinger printing system.

It uses constant amount of computer resources peruser, drastically reducing the possibility of depletingavailable resources.


8/28

System Specification

Software Requirements:

Operating System : Windows 2000 and Above.

Programming Package used : Java 1.4 and Above,Swings.


9/28

Hardware Specification :

Hard Disk : 40GB and Above.RAM : 128MB and Above.

Processor : Pentium III and Above.


10/28

System Description

The modules in this system are,

1. Multicasting the Packets to DetectIntruder

2. Matching the List of Events

3. Multicasting the Intruder to the

Neighboring nodes4. Sending Data to the destination


11/28


12/28

Module Description

Multicasting the packet to Detect the

Intruder:

The basic idea is to set up a monitor at each node in the

network to produce evidences and to share themamong all the nodes .

An evidence is a set of relevant information about thenetwork state

The initial process is the training process where thesource sends the packet with events to all the nodes inthe network to detect the intruder


13/28

This process is known as multicasting.

Before sending the packets to all nodes, the sourcenode initiates the timestamp for the packets .

This training process is stored as an initial event list #1in the source node.

Receivers receive the packets which contain thetimestamp and send appropriate ACK replies. Receiversstore the received packets in their event list.


14/28


15/28


16/28

Matching the List of Events:

The basic algorithm to match two lists of events isas follows:

The matching algorithm will invoke after receiving replyevents from the network.

First we start from the first list and for every event wetry to find a matching event on the second list that is,given a packet we look for it on the second list.

As we do this process of matching the events on the

sending and receiving list . if we find unmatched events on the second list at the

end ,it means that the sending and receiving events arenot same and the particular node is a intruder.


17/28

Multicasting the Intruder to the

neighboring nodes:

If anyone from the received ACK packets is notmatched, then that particular node is the intruder to befound.

Now that the intruder is detected the address of theintruder is sent to the entire network by multicasting.

Neighbor nodes receive the IP address of the intruderand store it in the event lists to prevent future attacks

from that node in the network . The multicasting of the intruder address is done

source.


18/28

Sending the data destination:

The data send process is done by splitting the chosen

text file into packets for transmission. The data send process is invoked after the source finds

out an intruder free path.

In the case of jamming/network malfunction, the source

waits till the network is restored, starts the trainingprocess to find the intruders and if any detected, selectsa path free from intrusion.

The source sends the data directly to the destinationthrough the safe path. Destination receives the data inthe form of packets and checks for anomalies to detectany loss of data in the data due to intrusion.


19/28


20/28

Coding: (Multicast)try

{s1 = "Hello";

s2=

InetAddress.getLocalHost().getHostName()+"="+Operations.getPropInt("settings.txt","distance");;

j = "Hello Protocol";

s = s1 + ":" + s2 +":" + j;b = s.getBytes();

t.start();

}

C di ( H ll R i )


21/28

Coding:( Hello Receiver)ia = InetAddress.getByName(Operations.getProperty("settings.txt","addres"));

port=Integer.parseInt(Operations.getProperty("settings.txt","port"));

ms = new MulticastSocket(port);ms.joinGroup(ia);b = new byte[byt];dp = new DatagramPacket(b,b.length);ms.receive(dp);ms.close();s = new String(dp.getData());StringTokenizer st = new StringTokenizer(s.trim(),":");String s1 = st.nextToken(":");String s2 = st.nextToken(":");String s3 = st.nextToken(":");

if(s3.equals("Hello Protocol")){

neighbornode.add(s2);}

}


22/28

Basic GUI Of IDS-Monitor


23/28


24/28


25/28

Conclusion

The Distributed Intrusion detection systemproposed here detects intrusion by distributedcollection of relevant information from the nodes

and is also capable of detecting jamming attacks. We achieve two goals: we detect more attacks and

force the operator to give a decent service.

We allow cheaters to come into play, but theirimpact is self-limiting as a working network isneeded for them to play.


26/28

Strengths of IDS:

Similar to a security "camera" or a "burglar

alarm"Alert security personnel that someone is picking

the "lock"

Alerts security personnel that a NetworkInvasion maybe in progress

When well configured, provides a certain

"peace" of mind Part of a Total Defense Strategy infrastructure


27/28

References

1. Aime M and Calandriello G (2005). Distributed monitoring of

WiFi Channel.2. Bellardo J and Savage S (2003). 802.11 denial of service

attacks:realVulnerabilities and practical solutions. In proceedings of the 11thUSENIX security symposium, pages15-18, Washington D.C, USA.

3. Herbert Schildt Java 2 the Complete Reference.4. Raya M and Jacobson M . Reputation based WiFi deployment.SIGMOBILE Mob.comput.commun.

5. Shannon C.E. and W. Weaver A system to Detect greedy behaviorIn IEEE 802.11.

6. Steven Holzner The Java 2 Black Book.7. Zhang Y, Lee W and Huang Y. Intrusion detection techniques for

Mobile wireless networks.

Web resources:www.ethereal.org


28/28

THANK U

Documents

PPT FINALwireless