10-04-2017, 08:32 PM
source code for intrusion detection system in ns2
Abstract
Due to increasing number of network attacks, it is highly crucial to equip networks with an intrusion detection system (IDS). These systems must be able to deal with today's high speed and large scale networks. In this paper we propose a distributed IDS that performs both data capturing and data analyzing in a distributed fashion. This distributed mechanism enables our system to effectively operate within large scale and high traffic rate networks. We developed a grouping mechanism which divides computers in the network into subsets of computers with a leader and a few members. Subsequently, using a data sharing mechanism we were able to detect distributed attacks. Our data sharing mechanism added an overhead on the network traffic which is negligible compared to the overall network traffic. We simulated our method in NS2 simulation environment. Then we compared our proposed system with a centralized IDS in terms of detection rate, memory usage and packet loss rate. Results showed that our system's performance was better despite of some extra load imposed by distribution of data processing.This paper introduces the network intrusion detection system (NIDS), which uses a suite of data mining techniques to automatically detect attacks against computer networks and systems. This paper focuses on two specific contributions: (i) an unsupervised anomaly detection technique that assigns a score to each network connection that reflects how anomalous the connection is, and (ii) an association pattern analysis based module that summarizes those network connections that are ranked highly anomalous by the anomaly detection module. Experimental results show that our anomaly detection techniques are successful in automatically detecting several intrusions that could not be identified using popular signature-based tools .Furthermore, given the very high volume of connections observed per unit time, association pattern based summarization of novel attacks is quite useful in enabling a security analyst to understand and characterize emerging threats.