Introduction to System Analysis:
The objective of this project shows how network connection information can be modeled as chromosomes. The objective of the system is to create a new set of rules during run time, so the intruder cannot be able to attack the system with virus.
User Classes and Characteristics
The main user classes are Administrators. Administrator has the privilege to add new set of rules in the dataset.
Design and Implementation Constraints
· Implementation of genetic algorithm.
· Protocol used is TCP/IP.
· Memory requirement is 128MB.
User Documentation
For providing the functional support to the users the components like user manuals are giving and the firm is also providing the necessary training to the users.
Existing System:
· Traditional systems in place for intrusion detection primarily use a method known as “fingerprinting” to identify malicious users. They are complex.
· They are rules dependent .If the behavior of the packets flowing in the network is new, then the system cannot take any decision. So they purely work in the basis of the initial rules provided.
· The rules in the dataset are static unless the network administrator manually enters the rules. It does not provide any option for generating dynamic rule set.
· It cannot create its own rule depending on the current situation.
· It requires manual energy to monitor the Inflowing packets and analyze their behavior.
· It cannot take decisions in runtime.
· If the pattern of the packet is new and not present in the records, then it allows the packet to flow without analyzing whether it is a intruder or not.
· The packet with a new behavior can easily passed without being filtered
Proposed System:
· It uses Genetic algorithm, which an artificial intelligence problem-solving is based on the theory of Darwinian evaluation applied to mathematical models.
· Intrusion Detection Systemcompare learned user characteristics from an empirical model to all users of a system.
· It includes both temporal and spatial information of the network traffic in the rule set.
· It is both network based and host based system.
· It can take decisions in runtime.
Advantages:
· It eliminates the need for an attack to be previously known to be detected because malicious behavior is different from normal behavior by nature.
· Using a generalized behavioral model is theoretically more accurate, efficient and easier to maintain than a fingerprinting system.
· It uses a constant amount of computer resources per user, drastically reducing the possibility of depleting available resources.
· Once installed, there is no need for any manual energy to monitor the system.
· It generates its own rules depending on the real-time behavior of the packet.
· It dynamically increases the rules in the dataset according to the packets flowing in the network and the decisions taken by the system. Due to the increase of rules in the rule set, the reliability of the system also increases.
· It promotes a high detection rate of malicious behavior and a low false positive rate of normal behavior classified as malicious.
Operating Environment:
This system needs the following specifications.
Hardware
· Processor : Intel Pentium II or above
· Memory : 128 MB or above
· Hard Disk Drive : 10 GB or above
· Keyboard : 108 Keys
Software
· OSPlatform : Windows 2000 or More
· Software : Java and swing
No comments:
Post a Comment