- Topic Area: Intrusion Detection and Monitoring for Wireless Networks
- Network Security, Computer Networks, Web.
- Keywords associated with the project
- Intrusion Detection Systems (IDS), Detection Types, System Components.
- MSc Courses studied that contribute towards this dissertation
- Computer Networks and Network Management.
The intrusion detection is the process which will detect the unnecessary traffic with in the network or else the device. The intrusion detection system is the part of the software which is been installed or else it is the physical application which will examine the network traffic to detect the unnecessary actions as well as the events or procedures like unauthorized and malicious traffic as well as the traffic which will abuse the security policy and even the traffic that will abuse the suitable utilized policies. With in the log several intrusion detection tools will accumulate the detected or identified events or results which are to be evaluated in the further process or else it will unite the events with the additional data in order to create decisions or choices about the policies or else the damage controls.
Various number of the intrusion detection system technologies will take place because of the differences with in the network configurations. Each and every type of the intrusion detection systems are having several advantages as well as the disadvantages with in the detection, configuration as well as the price.
The NIDS stands for network intrusion detection system which is one of the general type of the intrusion detection system which will evaluate or analyze the network traffic with in the total layers which are in the open systems interconnection model as well as it will create some of the conclusions regarding the function of the traffic which are been analyzed for the purpose of the doubtful activities. Many of the network intrusion detection systems can be easily organized with in the network as well for a single attempt it could even examine or analyze the traffic from several types of systems.
The WLAN stands for wireless local area network, it nature is similar to that of the network intrusion detection systems which will examine or analyze the traffic with in the network. On the other hand it will even analyze the particular wireless traffic which will even include the scanning of the outside clients who will try to join or connect to the access points, the rouge access points as well as the clients of the physical area of an organization as well as the wireless local area network intrusion detection systems which are connected to the access points. Several times the network will help the wireless technologies with in particular situations of the topology, then the wireless local area network intrusion detection systems will play a significant role while providing the security. In order to support or help the wireless traffic analysis several earlier network intrusion detection tools systems are been included with in it.
Network Behavior Anomaly Detection
The NBAS stands for the network behavior anomaly detection which will view examine or analyze the traffic with in the network segments in order to decide whether the anomalies will happen with in the total or else the type of the traffic. Basically the segments will recognize the minute traffic or else the segments which will recognize the specific type of the traffic might convert the total or else the types of traffic when the unnecessary events will take place. In order to make the perfect snapshot with in the network the network behavior anomaly detection needs several types of sensors as well as it even needs the benchmarking as well as the base lining in to verify the supposed amount of the traffic of the segments.
The HIDS stand for the host based intrusion detection systems which will analyze or examine the network traffic as well as the particular settings of the system like software calls, the local security policy, local log audits and many more. With in each and every machine the host based intrusion detection systems should be installed as well as it needs the configuration which is particular to the operating system as well as the software.
The intrusion detection systems could make use of the signature based detection, depending on the recognized traffic data in order to examine or analyze the unnecessary traffic. This kind of the detection process is too fast as well as it is too easy to organize. To some extent the attacker can change the attack to make it invisible through the signature based intrusion detection systems. Though the signature based detection is limited with in its ability for detection it could be more and more perfect.
The intrusion detection systems which will appear with in the traffic network as well as that will detect the data which is wrong, illegal as well as irregular is known as the anomaly based detection. This process is much more useful to detect the unnecessary traffic with is not recognized. For example, the internal protocol packet which is abnormal is been detected by the anomaly based intrusion detection system. It will not detect that it is abnormal with in particular manner but it will specify that it is anomalous.
Stateful Protocol Inspection
The Stateful protocol inspection is related to that of the anomaly based detection, since this Stateful protocol inspection will even analyze or evaluate the traffic with in the network as well as the transport layer and even the vender specific traffic with in the particular application layer in which the anomaly based detection is not capable of doing it.
False Positives and Negatives
It is not possible to the intrusion detection systems to be great or truthful, as the network traffic is totally difficult. The incorrect results with in the intrusion detection systems are been divided in to two different types such as the false positives as well as the false negatives. The false positives will take place with in the process when the intrusion detection systems incorrectly detect the problems or difficulties that will happen with in the traffic. Whereas, the false negatives will take place with in the process, where the intrusion detection system detects the unnecessary traffic. The false positives as well as the false negatives together will generate the problems for the security managers as well as they might need the system which is to be standardized.
Generally, the large number of the false positives is suitable but they may trouble the security manager with unmanageable amount of the data which is to be examined. Still the false negatives are not detected they will not pay the security manager for the chance to evaluate or analyze the data.
Mainly the intrusion detection systems are prepared with the components as follows:
In order to gather the data these sensors are organized with in the network. These sensors will collect the input from several resources which will include the network packets, log files as the system call traces. The input is been gathered, deployed as well as it is been forwarded to the single or several number of the analyzers.
With in the intrusion detection system the analyzers will gather the data which is been obtained form the sensors as well as they will verify the actual intrusion which is been happened. The output which is been produced by the analyzers must involve the verification which will support the intrusion report. The references as well as the assistance is been provided by the analyzers with in the improvement or mitigation steps.
The vision as well as the process to cooperate with the system is been provided by the user interface of the intrusion detection system. By making use of the interface the users or clients are capable of controlling as well as organizing the system. Even the report is been generated by several user interfaces.
With in the totally organized intrusion detection system, some of the managers or administrators will prefer to establish the honeypot which is required to the system components to build the attraction or else decoy to the intruders. For the purpose of the attacks the honeypots could be utilized as the warning systems, that distracts form the typical systems as well as the gathering of the data resources to analyze the attacks. For the purpose of research process, several number of dealers will sustain the honeypots as well as to improve the intrusion signatures which are new. It should be notices that the honeypot should be organized only when the companies are capable of having the sources to sustain or hold it. The honeypot which is missing unmanaged might happen to be the important problem, as the attackers might make use of the cooperation honeypot in order to attack another system.
The main objectives of this study is to
- Literature search: The investigation on the Impact of Feature Reduction on the Efficiency of Wireless Intrusion Detection Systems.
- Investigate and review the types of intrusion detection systems.
- To analyze or evaluate the impact of the feature reduction with in the efficiency of the wireless intrusion detection system.
- To make use of opnet in order to evaluate and compare the results.
How the objectives will be achieved:
- The qualitative research method of approach is been used in order to collect the information or data which is required to fulfill my research work.
- In order to obtain the information the different articles are taken in to consideration.
- These articles are gathered from different Internet sources to get the appropriate information.
- If these articles will not provide the required information, then different case studies which are been already reviewed on the relevant topic will be considered.
The process of information collection will not contain any ethical issues, as the information is been gathered in a proper way, if the articles or case studies which are to be gathered have any limitations like getting permission from the researcher of that particular articles, then the required permissions will be taken to consider that articles, and the information which is been collected will not be misused.
Reasons for selecting this project
The main reason for selecting this particular topic is that I have faced some problems when I was connected in the network, so I though it would be better to do my research work on intrusion detection system and its features. And even I am much more interested with in area of the network and my subject will even include this area, this reason initiated me to do the research work on this topic.
The main deliverables of this study are as below:
- Literature review on the different types of the intrusion detection systems including their performance.
- Detection types of the intrusion detection systems and their usage.