Layered Approach Using Conditional Random Fields for Intrusion Detection

Intrusion detection faces a number of challenges; an intrusion detection system must reliably detect malicious activities in a network and must perform efficiently to cope with the large amount of network traffic. In this paper, we address these two issues of Accuracy and Efficiency using Conditional Random Fields and Layered Approach. We demonstrate that high attack detection accuracy can be achieved by using Conditional Random Fields and high efficiency by implementing the Layered Approach. Intrusion detection is one of the high priority and challenging tasks for network administrators and security professionals.

More sophisticated security tools mean that the attackers come up with newer and more advanced penetration methods to defeat the installed security systems. Finally, our system has the advantage that the number of layers can be increased or decreased depending upon the environment in which the system is deployed, giving flexibility to the network administrators. The areas for future research include the use of our method for extracting features that can aid in the development of signatures for signature-based systems. The signature-based systems can be deployed at the periphery of a network to filter out attacks that are frequent and previously known, leaving the detection of new unknown attacks for anomaly and hybrid systems.

Existing System:

Intrusion detection in Wireless Sensor Network (WSN) is of practical interest in many applications such as detecting an intruder in a battlefield. The intrusion detection is defined as a mechanism for a WSN to detect the existence of inappropriate, incorrect, or anomalous moving attackers. It is a fundamental issue to characterize the WSN parameters such as node density and sensing range in terms of a desirable detection probability.

In addition, we discuss the network connectivity and broadcast reach ability, which are necessary conditions to ensure the corresponding detection probability in a WSN. In analyzes the intrusion detection problem in both homogeneous and heterogeneous WSNs by characterizing intrusion detection probability with respect to the intrusion distance and the network parameters. Intrusion detection model includes a network model, a detection model, and an intrusion strategy model. The network model specifies the WSN environment.

Proposed System:

In this paper, we have addressed the dual problem of Accuracy and Efficiency for building robust and efficient intrusion detection systems. Our experimental results in Section 6 show that CRFs are very effective in improving the attack detection rate and decreasing the FAR. Having a low FAR is very important for any intrusion detection system. Further, feature selection and implementing the Layered Approach significantly reduce the time required to train and test the model.

The areas for future research include the use of our method for extracting features that can aid in the development of signatures for signature-based systems. The signature-based systems can be deployed at the periphery of a network to filter out attacks that are frequent and previously known, leaving the detection of new unknown attacks for anomaly and hybrid systems. Finally, our system has the advantage that the number of layers can be increased or decreased depending upon the environment in which the system is deployed, giving flexibility to the network administrators.

Modules:

  • Constructing Network Security

  • Randomized Field Detection

  • Layered Approach for Intrusion Detection

  • Find Authorized and Unauthorized Port

  • Constructing Inter-Domain Packet Filters

  • Receiving the Valid Packet