10.14489/vkit.2019.05.pp.038-043

DOI: 10.14489/vkit.2019.05.pp.038-043

Ивкин А. Н., Бурлаков М. Е.
РЕАЛИЗАЦИЯ ПРЕДОТВРАЩЕНИЯ ИНФОРМАЦИОННЫХ ВТОРЖЕНИЙ НА ОСНОВЕ ЗАГОЛОВКОВ ПАКЕТОВ ПРОТОКОЛОВ МОДЕЛИ OSI
(с. 38-43)

Аннотация. Рассмотрена статистическая модель системы обнаружения вторжения, основанная на искусственной иммунной системе, наборы детекторов в модели выбираются на основе заголовков пакетов. Объединены теория негативной селекции и правила машинного обучения с целью предложить новую систему обнаружения вторжения. Во время тестирования предложенной модели используются наборы данных DARPA1999, модель показывает хорошую производительность по сравнению с предыдущими моделями.

Ключевые слова: искусственная иммунная система; система обнаружения вторжения; негативная селекция; машинное обучение.

Ivkin A. N., Burlakov M. E.
THE METHOD OF PREVENTION THE INFORMATION VULNERABILITIES BASED ON ANALYSIS PACKAGE HEADERS OF OSI PROTOCOLS
(pp. 38-43)

Abstract. The paper is devoted to the crucial problem of computer security. Computer security involves protecting computers and networks from malware, hackers and other threats while maintaining privacy on the Internet and on physical systems and networks. Today, the interest in artificial immune systems has increased many times, because immune system solves a large number of problems in the field of computer security. Intrusion detection is the process of monitoring the events occurring in your network and analyzing them for signs of possible incidents, violations, or imminent threats to your security policies. These security measures are available as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), which become part of your network to detect and stop potential incidents. The paper is aimed to show a statistical model of an IDS based on an artificial immune system, with the detector sets chosen based on packet headers. For correct operation of IDS, a deterministic set of operating parameters is required. Only header values are used to study the anomalous behavior of packets during transmission in any TCP / IP network traffic. Based on the test results, methods for improving the IDS have been proposed and implemented. The article analyzing the detection results in network and host models. The paper deals with negative selection theory and machine learning rules. The theory of negative selection is one of the most important theories of artificial immune systems. In the negative selection module, instead of using only the normal profile, to separate and classify the packages into two different classes, an additional check of each package is performed using expert rules created earlier on the basis of the normal profile table. Thus, the package goes through more stages, in order to specify whether the package is anomalous. As a result, the frequency of false positives is significantly reduced, and the frequency of detection increases. Generate detectors, a set of basic rules has been developed, using data analysis and machine learning software, and then new detectors were generated and detailed, inside the negative selection module. After testing the proposed model, using the DARPA1999 data set, the model showed good performance compared to previous models.

Keywords: Artificial immune system; Intrusion detection system; Negative selection; Machine learning.

+ - Информация об авторах (About the Authors) Click to collapse

Рус

А. Н. Ивкин, М. Е. Бурлаков (Самарский национальный исследовательский университет им. академика С. П. Королева, Самара, Россия) E-mail: Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript

Eng

A. N. Ivkin, M. E. Burlakov (Samara National Research University, Samara, Russia) E-mail: Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript

+ - Библиографический список (References) Click to collapse

Рус

1. Shamsuddin S. B., Woodward M. E. Modeling Protocol Based Packet Header Anomaly Detector for Network and Host Intrusion Detection Systems // Proc. of the 6th Intern. Conf. on Cryptology and Network Security (CANS’07). 2007. P. 209 – 227.
2. The 1999 DARPA Off-Line Intrusion Detection Evaluation / R. Lippmann et al. // Computer Networks. 2000. V. 34, No. 4. P. 579 – 595.
3. Mahboubian M., Hamid N. A. W. A. A Naturally Inspired Statistical Intrusion Detection Model // Proc. of ICINC 2010. Malaysia, 2010.
4. Weka 3: Machine Learning Software in Java / The University of Waikato. Hamilton, New Zealand. URL: http://www.cs.waikato.ac.nz/ml/weka (дата обращения: 15.05.2019).
5. Shamsuddin S. B., Woodward M. E. Applying Knowledge Discovery in Database Techniques in Modeling Packet Header Anomaly Intrusion Detection Systems // Journal of Software. December 2008. V. 3, No. 9. P. 68 – 76.
6. Wang K., Stolfo S.J. Anomalous Payload-based Network Intrusion Detection // RAID 2004. LNCS. Vol. 3224 / E. Jonsson, A. Valdes, M Almgren (eds.). Heidelberg: Springer, 2004. P. 201 – 222.
7. Mahoney M.V., Chan P.K. Learning Rules for Anomaly Detection of Hostile Network Traffic. In Proceeding of the 3rd IEEE International Conference on Data Mining, 2003
8. Luo S., Marin G.A. Modeling Networking Protocols to Test Intrusion Detection Systems. In: LCN 2004. Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks, 2004
9. Ertoz L., Eilertson E., Lazarevic A. et al. Detection of Novel Network Attacks Using Data Mining // Proc. of SIAM Conf. Data Mining, 2003

Eng

1. Solahuddin B. Shamsuddin, Michael E. Woodward. (2007). Modeling Protocol Based Packet Header Anomaly Detector for Network and Host Intrusion Detection Systems (Department of Computing, School of Informatics University of Bradford, United Kingdom) January.
2. Lippmann R. P., Haines J. W., Fried D. J. (2000). The 1999 DARPA Off-Line Intrusion Detection Evaluation. MIT Lincoln Lab Technical Report.
3. Mahboubian M., Hamid N. A. W. A. (2010) A Naturally Inspired Statistical Intrusion Detection Model. In Proceedings of ICINC 2010. Malaysia.
4. Weka 3: Machine Learning Software in Java. The University of Waikato, Hamilton, New Zealand. Available at: http://www.cs.waikato. ac.nz/ml/weka.
5. Shamsuddin S. B. (2008). Applying Knowledge Discovery in Database Techniques in Modeling Packet Header Anomaly Intrusion Detection Systems. Journal of Software, 3(9).
6. Wang, K., Stolfo, S.J. (2004). Anomalous Pay-load-based Network Intrusion Detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 201–222. Springer, Heidelberg.
7. Mahoney, M.V., Chan, P.K. (2003) Learning Rules for Anomaly Detection of Hostile Network Traffic. In Proceeding of the 3rd IEEE International Conference on Data Mining.
8. Luo, S., Marin, G.A. (2004). Modeling Networking Protocols to Test Intrusion Detection Systems. In: LCN 2004. Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks.
9. Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P.N., Dokas, P., Kumar, V., Srivastava, J. (2003). Detection of Novel Network Attacks Using Data Mining. In: Proc. of SIAM Conf. Data Mining.

+ - Заказать электронную версию статьи (Purchase digital version of a single article) Click to collapse

Рус

Статью можно приобрести в электронном виде (PDF формат).

Стоимость статьи 350 руб. (в том числе НДС 18%). После оформления заказа, в течение нескольких дней, на указанный вами e-mail придут счет и квитанция для оплаты в банке.

После поступления денег на счет издательства, вам будет выслан электронный вариант статьи.

Для заказа скопируйте doi статьи:

10.14489/vkit.2019.05.pp.038-043

и заполните форму

Отправляя форму вы даете согласие на обработку персональных данных.

Eng

This article is available in electronic format (PDF).

The cost of a single article is 350 rubles. (including VAT 18%). After you place an order within a few days, you will receive following documents to your specified e-mail: account on payment and receipt to pay in the bank.

After depositing your payment on our bank account we send you file of the article by e-mail.

To order articles please copy the article doi:

10.14489/vkit.2019.05.pp.038-043

and fill out the form