Scribd
Upload
71 views26 pages

Real-Time Intrusion Detection System

This project report presents a real-time intrusion detection system (RT-IDS) developed using supervised machine learning techniques, particularly the Decision Tree method, to classify network data as normal or attack data. The report includes sections on the project requirements, system architecture, implementation, and experimental results, demonstrating the effectiveness of the proposed approach. It is submitted in partial fulfillment for the Bachelor of Engineering degree in Information Technology at Savitribai Phule Pune University.

Uploaded by

pranav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
71 views26 pages

Real-Time Intrusion Detection System

This project report presents a real-time intrusion detection system (RT-IDS) developed using supervised machine learning techniques, particularly the Decision Tree method, to classify network data as normal or attack data. The report includes sections on the project requirements, system architecture, implementation, and experimental results, demonstrating the effectiveness of the proposed approach. It is submitted in partial fulfillment for the Bachelor of Engineering degree in Information Technology at Savitribai Phule Pune University.

Uploaded by

pranav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

A PROJECT REPORT ON

Project Title
SUBMITTED TO THE SAVITRIBAI PHULE PUNE UNIVERSITY,
PUNE
IN THE PARTIAL FULFILLMENT FOR THE AWARD OF THE
DEGREE OF
BACHELOR OF ENGINEERING
IN
INFORMATION TECHNOLOGY
SUBMITTED BY,

1. Mr./Ms........(Exam Seat No........)


2. Mr./Ms........(Exam Seat No. ......)
3. Mr./Ms....... (Exam Seat No. ......)
4. Mr./Ms....... (Exam Seat No. ......)

UNDER THE GUIDANCE OF


Prof. Chetan S. Pagar
SINHGAD TECHNICAL EDUCATION SOCIETY
SKN SINHGAD INSTITUTE OF TECHNOLOGY & SCIENCE,
LONAVALA

GAT NO. 309, KUSGAON (BK.) OFF MUMBAI-PUNE EXPRESSWAY,


LONAVALA, TAL - MAVAL, DIST - PUNE - 410401.
ACADEMIC YEAR: 2021-2022
DEPARTMENT OF INFORMATION TECHNOLOGY

SKN Sinhgad Institute of Technology and Science, Lonavala

Academic Year 2021-22

This is to certify that the project report entitled

Name of Project
SUBMITTED BY,

1. Mr./Ms.......(Exam Seat No. ......)


2. Mr./Ms.......(Exam Seat No. ......)
3. Mr./Ms.......(Exam Seat No. ......)
4. Mr./Ms.......(Exam Seat No. ......)

Is a bonafide work carried out by them under the supervision of Prof........ and it is
approved for the partial fulfillment of the requirement of Savitribai Phule Pune Univer-
sity, for the award of the Degree of Bachelor of Engineering (Information Technology).
The project work has not been earlier submitted to any other institute or university
for the award of degree or diploma.

Prof........................ Prof. S. B. Kothari


Internal Guide Head of Department (I.T.)

Prof............................ Principal

External Examiner SKNSITS, Lonavala

Place:
Date:
Acknowledgement

We express our sense of gratitude towards our project guide Prof........... for his/her
valuable guidance at every step of study of this project, also his/her contribution for
the solution of every problem at each stage.
We are thankful to Prof. S. B. Kothari Head,Department of Information Technol-
ogy, all the staff members and project Coordinator Prof. C. S. Pagar who extended
the preparatory steps of this project. We are very much thankful to respected Principal
Dr. M. S. Rohakale for his support and providing all facilities for project.
Finally we want to thank to all our friends for their support & suggestions. Last but
not the least we want to express thanks to our family for giving us support and confi-
dence at each and every stage of this project.

Mr./Ms. ..........
Mr./Ms. ..........
Mr./Ms. ..........
Mr./Ms. ..........

I
Abstract
The popularity of using Internet contains some risks of network attacks. Intrusion
detection is one major research problem in network security, whose aim is to identify
unusual access or attacks to secure internal networks. In literature, intrusion detection
systems have been approached by various machine learning techniques.
In this literature, we propose a real-time intrusion detection approach using a super-
vised machine learning technique. Our approach is simple and efficient, and can be
used with many machine learning techniques. We applied different well-known machine
learning techniques to evaluate the performance of our IDS approach. Our experimen-
tal results show that the Decision Tree technique can outperform the other techniques.
Therefore, we further developed a real-time intrusion detection system (RT-IDS) using
the Decision Tree technique to classify on-line network data as normal or attack data.
Keywords:

II
Contents

Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I
Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . II
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . III
Nomenclature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . V
List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VI
List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VII

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2 Literature Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

3 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

4 Project Requirement Specification . . . . . . . . . . . . . . . . . . . . . 5


4.1 Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4.2 Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

5 System Proposed Architecture . . . . . . . . . . . . . . . . . . . . . . . 6


5.1 Architecture Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.2 Mathematical Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

6 High Level Design of Project . . . . . . . . . . . . . . . . . . . . . . . . 7


6.1 DFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
6.1.1 Level-0 DFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
6.1.2 Level-1 DFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
6.2 UML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
6.2.1 Use-Case Diagram . . . . . . . . . . . . . . . . . . . . . . . . . 7
6.2.2 Class Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

III
6.2.3 Activity Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . 7
6.2.4 Sequence Diagram . . . . . . . . . . . . . . . . . . . . . . . . . 7

7 System Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7.1 Code Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7.2 Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7.3 Methodologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7.4 Protocols Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

8 Working Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
8.1 GUI of Working Module . . . . . . . . . . . . . . . . . . . . . . . . . . 9
8.2 Experimental Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

9 Project Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
9.1 Gantt Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

IV
Nomenclature

ECC: Elliptic Curve Cryptography

RSA: Rivest, Shamir, Adleman

V
List of Figures

1.1.1 IDS Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

VI
List of Tables

2.0.1 Literature Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

9.1.1 List of Publication . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

VII
Chapter 1

Introduction

1.1 Overview
The Internet has become a part of daily life and an essential tool to-
day. It aids people in many areas, such as business, entertainment and education, etc.
In particular, Internet has been used as an important component of business models
For the business operation, both business and customers apply the Internet application
such as website and e-mail on business activities. Therefore, information security of
using Internet as the media needs to be carefully concerned. Intrusion detection is one
major research problem for business and personal networks[1].
Relying on a firewall system alone is not sufficient to prevent a corporate network
from all types of network attacks. This is because a firewall cannot defend the net-
work against intrusion attempts on open ports required for network services. Hence,
an intrusion detection system (IDS) is usually installed to complement the firewall.
An IDS collects information from a network or computer system, and analyses the
information for symptoms of system breaches. As shown schematically in Fig. 1, a
network IDS monitors network data and gives an alarm signal to the computer user
or network administrator when it detects antagonistic activity on an open port. This
signal allows the recipient to inspect the system for more symptoms of unauthorized
network activities[2].

Compared with other related works in data mining-based intru-


sion detectors, we proposed to calculate the mean value via sampling different ratios of
normal data for each measurement, which lead us to reach a better accuracy rate for
observation data in real world. We compared the accuracy, detection rate, false alarm

1
XYZ

Figure 1.1.1: IDS Environment

rate for four attack types. More over, it shows better performance than KDD Winner,
especially for U2R type and R2L type attacks.[4]
Network intrusion detection systems can be classified into two types which are host-
based and network-based intrusion detection. Host-based detection captures and an-
alyzes network data at the attacked system itself while the network-based detection
captures and inspects online network data at the network gateway or server, before
the attack reaches the end users. In addition, network intrusion detection systems can
operate in two modes which are off-line detection and on-line detection. An off-line
network intrusion detection system periodically analyzes or audits network informa-
tion or log data to identify suspected activities or intrusions. In an on-line network
intrusion detection system, the network traffic data has to be inspected as it arrives
for detecting network attacks or malicious activities.[2]

1.2 Motivation

1.3 Objectives

SKNSITS, Lonavala 2021-22. 2 Department of Information Technology


Chapter 2

Literature Survey

Literature review is a text of a scholarly paper, which includes the current knowledge
including substantive findings, as well as theoretical and methodological contributions
to a particular topic. Literature reviews are secondary sources, and do not report new
or original experimental work.

Sr. Title of Paper Description Technique Merits/Demerits


No. With Seed Used
Idea
1
2
3
4
5

Table 2.0.1: Literature Survey

3
Chapter 3

Problem Statement

4
Chapter 4

Project Requirement Specification

4.1 Hardware Requirements

4.2 Software Requirements

5
Chapter 5

System Proposed Architecture

5.1 Architecture Diagram

5.2 Mathematical Model

6
Chapter 6

High Level Design of Project

6.1 DFD

6.1.1 Level-0 DFD

6.1.2 Level-1 DFD

6.2 UML

6.2.1 Use-Case Diagram

6.2.2 Class Diagram

6.2.3 Activity Diagram

6.2.4 Sequence Diagram

7
Chapter 7

System Implementation

7.1 Code Documentation

7.2 Algorithm

7.3 Methodologies

7.4 Protocols Used

8
Chapter 8

Working Modules

8.1 GUI of Working Module

8.2 Experimental Results

9
Chapter 9

Project Plan

9.1 Gantt Chart

10
Conclusion

11
Bibliography

[1] Yi-Hua E. Yang, Hoang Le, Viktor K. Prasanna: High Performance Dictionary-
Based String Matching for Deep Packet Inspection, IEEE 978-1-4244-5837-0.

[2] M. Roesch: Snort-Lightweight Intrusion Detection for Networks, 13th Systems Ad-
ministration Conference, USENIX, 1999.

[3] M. Roesch: Snort-Lightweight Intrusion Detection for Networks, 13th Systems Ad-
ministration Conference, USENIX, 1999.

[4] Yi-Hua E. Yang, Hoang Le, Viktor K. Prasanna: High Performance Dictionary-
Based String Matching for Deep Packet Inspection, IEEE 978-1-4244-5837-0.

[5] SourceFire Inc., [Link]

[6] [Link]/pdfFiles/[Link]

[7] [Link]/2375838/1/11JNSMLightweightDPI

[8] [Link]./ml/weka

12
Appendices

A. Plagiarism Report of Published Paper

13
XYZ

B. Base Paper(s)

SKNSITS, Lonavala 2021-22. 14 Department of Information Technology


XYZ

C. Tools Used

SKNSITS, Lonavala 2021-22. 15 Department of Information Technology


XYZ

D. Paper Published/Certificate

I. List of Publications

Sr. Name of Conference or Journals National/ In- Date ISBN/ISSN


No. ternational No.
International Journal of
Innovative Reaserch in Computer
1 International 30th Octo- Volume
and Communication Engineering
Journal ber, 2018 6(10), 2320-
(IJIRCCE)
9801

Table 9.1.1: List of Publication

SKNSITS, Lonavala 2021-22. 16 Department of Information Technology


XYZ

II. Certificates

SKNSITS, Lonavala 2021-22. 17 Department of Information Technology

Common questions

Powered by AI

The architecture of the proposed intrusion detection system ensures real-time data processing and accuracy by employing a supervised machine learning technique, particularly the Decision Tree algorithm, to analyze network data as it is received. This allows for continuous monitoring and real-time classification of data as either normal or malicious. The system captures and inspects incoming network traffic at the network gateway or server, which optimizes the detection process even before any potential attack reaches the end-users . The experimentation demonstrated better performance in terms of detection rate and accuracy, specifically outperforming older models like the KDD Winner for certain attack types .

Higher accuracy rates for attack types such as U2R (User to Root) and R2L (Remote to Local) are significant in intrusion detection systems due to the severity and potential impact of these attack types. U2R attacks involve unauthorized root access, while R2L attacks involve unauthorized access from a remote machine. High accuracy in detecting these attacks ensures that significant threats are quickly identified and mitigated, thus protecting sensitive system resources and preventing severe security breaches .

The system requirements for the implementation of the project's intrusion detection system include both hardware and software specifications tailored to support efficient data processing and system functionality. These specifications are essential for ensuring that the system can handle real-time data analysis effectively. Details of these requirements are outlined in the respective project documentation sections, which were necessary for implementing and testing the intrusion detection system .

The project addresses network data security in business operations by developing a real-time intrusion detection system that identifies and classifies network data as normal or malicious. This system is crucial because reliance on firewalls alone is insufficient to protect against all network threats, particularly those that exploit open ports. By implementing a reliable intrusion detection system, businesses can ensure more comprehensive security, thereby protecting sensitive data and maintaining operational integrity .

The primary motivation for developing a real-time intrusion detection system using the Decision Tree technique was to provide an efficient system capable of classifying online network data as either normal or attack data. This approach aimed to enhance network security by offering rapid identification of intrusions, thereby securing internal networks from unusual access or attacks. This need arose because relying solely on firewall systems is insufficient to prevent all types of network attacks, especially on open ports required for network services .

Mathematical modeling enhances the performance of the proposed intrusion detection system by providing a framework for optimizing decision-making processes within the system. In this project, modeling is used to quantitatively assess various system parameters and their influence on system performance metrics like accuracy and detection rates. This structured approach helps in systematically adjusting parameters to achieve optimal real-time detection capability .

The Decision Tree technique is preferred over other machine learning methods due to its simplicity, efficiency, and superior performance in classifying data as normal or attack during real-time analysis. The experimental results in the project demonstrated that the Decision Tree technique outperformed other evaluated methods in detecting intrusions, especially in real-time scenarios, thus making it an optimal choice for the proposed intrusion detection system .

UML diagrams, such as use-case, class, activity, and sequence diagrams, play a crucial role in the design phase of the project's intrusion detection system by providing a visual representation of the system's architecture and workflows. These diagrams help in understanding the interactions between different system components, clarifying user interactions, system processes, and the flow of data. This clarity is critical for accurate system implementation and for ensuring that all requirements are met effectively .

The experimental results obtained from the implementation of the RT-IDS using the Decision Tree technique indicated that it significantly outperformed other techniques evaluated in terms of accuracy and detection rate, especially for U2R and R2L type attacks. The results signify that the Decision Tree technique provides a robust method for accurately identifying network intrusions in real-time, thereby offering enhanced security for the network data handling .

Host-based intrusion detection systems (HIDS) focus on analyzing data at the attacked system itself, whereas network-based intrusion detection systems (NIDS) capture and inspect data at a network gateway or server before reaching end users. In the project, the focus is on a network-based approach incorporated in the real-time intrusion detection system (RT-IDS) that analyzes network traffic to detect intrusions before they reach the user . This approach is crucial for quick detection and response to potential threats intercepting at the network level.

You might also like