Intruder can be considered as the main security threats across the network security and there are many intruder detection techniques across the literature proposed and most of them concentrate on the dynamic intruder actions. Frequency of the intruder actions has not given vital importance and in this project a frequency based intruder detection mechanism is explored using the OPNET modeler simulation.
Mobile Wireless Networks considered as the wireless network and three scenarios are created where a total of 3o mobile nodes are used and a single wireless LAN server is used for the simulation and to compare the performance of the proposed design three scenarios are created. First scenario has no intruder attack nodes and the second scenario has two intruder attack nodes, where the frequency of the intruder attack nodes is increased to three and the simulation is run for 5 minutes to evaluate the results and the key findings are as given below
Intruder actions and the corresponding detection mechanism is proposed in this simulation and in this context three scenarios are created and the simulation is run for 5 minutes to achieve the comparison result. From the comparison results that it is clear that when there are more intruder attacks on the network, the performance of the network is reduced a lot in terms of packets drops, route errors, cache replies sent, traffic sent and traffic received.
In this simulation the frequency of the intruder is increased gradually and with the increase in the intruder attack nodes all the DSR routing protocol parameters are changed in terms of the performance like more intruder traffic is sent and received when there are three attack nodes. Even the aspects like router errors sent, cache replies sent and the total number of packets dropped is more with the three attack nodes scenario and from this the actual intruder actions can be detected and eliminated further. Route discovery time is also more with the attack nodes scenarios and thus the server is busy in sending the routing requests and in this process the actual data packets are lost and based on all these analysis and comparison graph the intruder actions can be identified and eliminated completely.
Project background
Network security and information security are the two common issues faced across the networking world these days and there are many research papers and articles issued with respect to these two aspects. Network security of different networks is affected with lot of threats and there are many possible solutions introduced with respect to the network security and still there is always a new problem across the network security that makes the administrators sleep less.
Among most of the network security issues, intruders are given the top priority and there are many intruder detection techniques in place to identify and protect the network from these intruder attacks. Irrespective of the number of intruder detection techniques implemented, still there is an array of actions populated by the intruders which were undetectable by the existing intruder detection techniques. Filtering these intruders is always a challenging and never ending task to most of the organizations as the intruders always find new ways to disturb the network security.
There are many intruder detection techniques implemented by the organizations and no one is 100% secure with respect to identifying the intruder actions and most of these techniques fail at the initial stages only. In general a typical intruder detection system helps the security managers to detect the anomaly actions in prior to the attack or after the attack and most if the organizations are not confident about the performance of the IDS implemented across them and thus look for a new version of IDS that can work better in terms of intruder and anomaly detection aspects.
In this Intrusion Detection Techniques for Mobile Wireless Networks MS Project a frequency based intruder detection system is evaluated where few key aspects like the size of the packet payloads, inter arrival time of the packets, the number of IP addresses reached at a particular time and the number of ports accessed and this information is really helpful to develop a perfect IDS. Frequency of the intruder actions will impose intruder and anomaly traffic on the network and due to this the overall performance of the network and the applications and the prefect IDS required in this context to reduce the frequency of the intruder actions and also identifying the intruder actions across the network. In general the intruder actions will affect the complete behavior of the routing protocol used across the communication process and due to this the core parameters of the protocols are changed and they will impose vulnerable network traffic and the server and nodes of the network can’t handle this amount of traffic.
Due to this impact the network till develop the tendency to drop the packets and generates more routing errors on the network. If the packet drop and the routing errors on the network are more the routers and the servers across the network will be affected with the congestion and thus the optimal performance metrics are affected a lot due to this implementation. Thus the frequency of the intruder actions will place an recoverable impact on the network and thus a solution is required in this context and the main aim of this project is to develop an frequency based IDS and the main problem identified is given below
Problem definition
As mentioned the main aim of this project is to design and IDS that can detect the intruder actions to identify the frequency of the intruder impact and in this context a mobile ad hoc network is created using the OPNET modeler simulation tool. A single wireless LAN server and 30 mobile nodes are used in this simulation model and three scenarios are created where each scenario is designed with an aim to increase the frequency of intruder actions. First scenario is created with an aim to impose null intruder actions on the network and zero attack nodes are created, where the second scenario is created with two intruder nodes and the third scenario is created with three attack nodes and thus the frequency of the intruder actions is increased to impose the anomaly traffic on the network.
A routing protocol is always required to establish the connections across the wireless and mobile nodes and even the main target of the intruder actions is to violate the core functional behavior of the routing protocol and thus DSR is considered as the routing protocol. All the nodes identified to act the intruder nodes are changed against the DSR routing protocol in terms of the routing parameters and thus the three scenarios are compared and the overall performance of the network due to the attack nodes is analyzed. Few important performance metrics of the network like route discovery time, total packets dropped, total cache replies sent, total route errors sent are analyzed against the three scenarios created and performance of the proposed IDS is evaluated. The key aims and objective identified in this context are as given below
Aims and Objectives
Aim: To evaluate and design a frequency based intruder detection technique to detect the anomaly traffic using OPNET simulation.
Objectives
Following are the research objectives
- To critically review the network security and the impact of Intruders on the network security
- To review different types of intruder detection techniques and evaluate the limitations of them
- To design a Discrete Fourier Transform (DFT) based frequency analysis approach to detect the intruders
- To design the required scenarios using OPNET
- To implement the scenarios using OPNET simulation to detect the anomaly traffic data
- To evaluate the scenario results and estimate the performance of the system developed.
How the objectives are achieved
- Different articles, journal and ACM digital library is used to gather the required primary information
- These references are used to review the existing intruder detection techniques are evaluate the limitations of them
- Basic working principles of Discrete Fourier Transform (DFT) are analyzed with respect to frequency analysis issues in detecting the intruders
- Required network setup is designed with a firewall on each target system and all the systems are connected to the hub
- This network setup is designed using OPNET modeler tool and the design aspects followed are discussed in detail
- Different attacks like TCP based attacks and traffic data attacks are simulated using the OPNET simulation tool
- Almost 30 pc connections are considered and frequency patterns in detecting the attacks are analyzed
- This analysis is used across the results evaluation process and the results are analyzed with respect to the data traffic of the victim PC’s and the corresponding frequency patterns.