Network Intrusion Detection Evading System using Frequent Pattern Matching

Network Intrusion Detection Evading System using Frequent Pattern Matching

  ijett-book-cover  International Journal of Engineering Trends and Technology (IJETT)          
  
© 2013 by IJETT Journal
Volume-4 Issue-8                      
Year of Publication : 2013
Authors : N. B. Dhurpate , L.M.R.J. Lobo

Citation 

N. B. Dhurpate , L.M.R.J. Lobo. "Network Intrusion Detection Evading System using Frequent Pattern Matching". International Journal of Engineering Trends and Technology (IJETT). V4(8):3571-3575 Aug 2013. ISSN:2231-5381. www.ijettjournal.org. published by seventh sense research group.

Abstract

Signature based NIDS are efficient at detecting attacks for what they are prepared for. This makes an intruder to focus on the new evasion technique to remain undetected. Emergence of new evasion technique may cause NIDS to fail. Unfortunately, most of these techniques are based on network protocols ambiguities, so NIDS designers must take them into account when updating their tools. This paper presents a framework for evading network intrusion detection system and detection over NIDS using frequent element pattern matching . The core of the framework is to model the NIDS using Adaboo st a lgorithm that allows the understanding of how the NIDS classifies network data. We look for some way of evading the NIDS detection by changing some of the fields of the packets. We use publicly available dataset (KDD - 99) for showing the proof of our concept. For real time evasion detection NIDS is build with Apriori algorithm to analyze NIDS robustness with high detection rate accuracy.

References

[1] R. Bace and P. Mell, " NIST Special Publication on Intrusion Detection Systems", 800 - 31, 2001
[2] T. H. Ptacek and T. N. Newsham, "Insertion, evasion and denial of service: Eluding network intrusion detection," Technical report, 1998.
[3] S. Pastrana, A. Orfila, A. Ribagorda, “ A Funct ional Framework to Evade Network IDS”,IEEE xplore, System Sciences (HICSS), 2011 44th Hawaii International Conference.
[4] S. Peddabachigaria, A. Abraham, “Modeling intrusion detection system using hybrid intelligent systems”, Journal of Network and Computer Applications.
[5] M. Hall, E. Frank, G. Holmes, B. Pfahringer, P.Reutemann, I. H. Witten, ``The WEKA Data Mining Software: An Update``, in SIGKDD Explorations, Volume 11, Issue 1,2009.
[6] Pallavi Dhade, T.J.Parvat, “To Evade Deep Packet Inspection in NIDS Using Frequent Element Pattern Matching”, IJEIT, Volume 2, Issue 1, July 2012
[7] J. Ross Quinlan, “C4.5 Programs for Machine Learning”, Morgan Kaufmann Publishers, Inc., 1993.

Keywords
Intrusion Detection, Evasion, Network security, Apriori algorithm, frequent item set, Adaboost algorithm, NIDS