Claims:What is claimed is
1. A method of model design of low cost trained intelligent hardware for probing network user activities for Intrusion in a computer network and can be used for training a model for detecting intrusions and preventing against malicious activities in the network.
2. A method as recited in claim 1 where the model can classify signatures for DoS, probe, r2l, u2r, normal etc.
3. A method as recited in claim 1 where the real time data is pre-processed and formatted to the software’s requirement for the initial simulation purpose. All attributes of the data is taken into account while pre-processing the data.
4. A method as recited in claim 4 where the pre-formatted data is fed as input to the intelligent multilayer neural network.
5. A method as recited in claim 5 where the detection mechanism performance result is found to be acceptable.
6. A method as recited in claim 1 where after the detection mechanism is further integrated with prevention mechanism and is put into place using various intelligent functions.
7. A method as recited in claim 6 where the architecture not only detects different network attacks but also prevents them from being propagated.
8. A method as recited in claim 7 where results have been compared to single layer and dual layer intelligent neural network and the performance was found to be as satisfactory with respect to False Positives and False Negatives.
9. A method as recited in claim 1 where improvement of the scalability and reliability of the invention has to be managed for the stability of the results.
10. A method as recited in claim 8 where real time network traffic is analyzed and decision is taken as per the traffic signature. , Description:BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the field of computer systems software and hardware and computer network security. More specifically, it relates to the design of low cost intelligent hardware for probing network user activities for Intrusion in a computer network and can be used for training a model for detecting intrusions and preventing against malicious activities in the network.
2. Discussion of Related Art
Network Security has turned into urgent issue for system frameworks. As a result Intrusion detection has become the need of the day. The number, as well as sophistication, of attacks on computer networks is on the rise. IDPSs main function is to record data / information that are similar to noticed results; advise security experts of the networks of significance of them; and generate reports of the vulnerabilities, threats and attacks. IDPSs can answer identified threats and attempt to avoid it, from succeeding in real time.
IDPS technologies have many qualities that give detailed view for configuration, execution, design, security, checking, and maintenance. IDPSs primarily focus on detecting probable number of incidents, for example identifying when an attacker has effectively compromised a framework by exploiting the vulnerabilities in the framework. The IDPS then describes the incident to security organizer, who could rapidly start incident reaction activities to minimize the harm created by the incident. The IDPS also logs data that could be utilized by the incident handlers. Many IDPSs can also be configured to identify the violation of security strategies. A few IDPSs are configured according to firewall rule set-like settings, permitting them to recognize system activity that damages the administration security or adequate utilization policies. Thus the IDPSs can supervise document exchanges and recognize ones that may be suspicious, for example, replicating an extensive database onto a client's portable computer.
Intrusion Detection and Prevention System has recently attained significant growth in both research organization and commercial companies. It has become an essential element of any comprehensive network security. The invention has analyzed several techniques for achieving the accurate detection and prevention methods. This invention finally obtained the potential solution for security problem, which is being plagued in the today’s computer networks. The invention has been proved through simulation and subsequent realization in hardware with respect to low cost and higher accuracy in detection of attacks and prevention of the system through various intelligent techniques. It is very clear that this invention has overcome various limitations and hurdles and gained the network security at a wider range in potentially devastating environments.
Figure 1 is a block diagram depicting the intrusion detection and prevention system 50 as presently known in the art. The raw TCP dump data 1 is the input to the invention. The data is then classified and formatted 2 as per the software specification and training and validations are done in order to create the intelligent system. The formatted classified data is taken as input to the intelligent neural network system 3 which uses a decision support system 4 to decide whether the input packet is a normal packet or malware attack. The decision support system acts as the Intrusion Prevention System in the given invention. The system that is presently known in the art after training and validation can detect and prevent anomalous packet in real time by implementing the IDPS device as a complete system-on-chip by using embedded processor.
SUMMARY OF THE INVENTION
To achieve the design of low cost trained embedded intelligent hardware for probing network user activities for Intrusion in a computer network and which can be used for training a model for detecting intrusions and preventing against malicious activities in the network. In one aspect we take the raw TCP dump data KDDCUP 99 DARPA (Defense Advanced Research Project Agency) data set as the input vectors for training and validation of the tested intelligent network. This TCP dump has 41 attributes which can classify the signature of the packets as either DoS, normal, probe, r2l and u2r. The intelligent system uses data processor, pre-processor, encoder and intelligent classifier to do signature classification of the traffic.
In one embodiment the data is formatted in compatible format to fit the software that is being used to pre-process the data. Changes are made to remove the drawbacks of the dump data and conversions are done on the data to fit the problem in hand. We feed the properly formatted data to an intelligent multilayer neural network system. We check the visual impression of the distribution of Errors (Targets - Outputs) via histogram plot. Other similar checks and balance are taken into account before we conclude that the intelligent system is working as expected.
In another embodiment it uses special intelligent function to allow only the normal data to propagate, stop attacked data from propagating through the network in active mode. Consequently it creates the prevention mechanism along with detection system. Hence Intrusion Detection and Prevention System is created. The performance of the system is found to be within the acceptable range.
In another embodiment the simulation result obtained from the software is implemented in hardware onto Field Programmable Gate Array (FPGA). The architecture not only detects different network attacks but also prevents them from being propagated. Data set results have been compared to single layer and multilayer intelligent neural network and the performance was found to be as satisfactory with respect to False Positives and False Negatives.
In yet another embodiment the implemented intelligent intrusion detection and prevention system was further augmented to analyze real time network traffic. In yet another embodiment the analyzed real time traffic is fed to decision support system where decision is taken as per the traffic signature. In another embodiment unforeseeable network attack signatures can also be classified, detected and prevented using this invention. Thus, it provides a better understanding of the design principles and implementation techniques for building high-speed, reliable, robust, real time and scalable neural network-based network intrusion detection and prevention system that is highly useful for computer network security.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention will now be illustrated with accompanying drawings which are intended to illustrate the embodiments of the present invention. The drawings are not intended to be taken restrictively to imply any limitation on the scope of the invention. It is to be understood that the concepts and features of the present invention can be embodied in numerous variant embodiments by those skilled in the art. Such variant embodiments are intended to be within the scope of the present invention. In the accompanying drawings:
Figure 1 is a block diagram depicting the Intrusion Detection and Prevention System as known in the art.
Figure 2 is a block diagram depicting the Pre-processing Unit which preprocesses the raw TCP dump Data.
Figure 3 is a block diagram depicting the Intelligent Neural Network Classifier.
Figure 4 is a block diagram depicting the Intrusion Detection and Prevention System (IDPS).
Figure 5 is a block diagram depicting the physical implementation of Intrusion Detection and Prevention device as a complete system-on-chip by using embedded processor in real time mode.