Introduction:-

An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSs have become a necessary addition to the security infrastructure of nearly every organization. Intrusion detection is a problem of great significance to protecting information systems security, especially in view of the worldwide increasing incidents of cyber attacks on the critical infrastructures. We a comparative study of using artificial neural networks (ANNs), and linear genetic programs (LGPs) for intrusion detection. We investigate and compare the performance of IDSs based on the mentioned techniques, with respect to a well-known set of intrusion evaluation data gathered by Lincoln Labs.

The main task of intrusion detection systems is defense of a computer system by detecting an attack and possibly repelling it. Detecting hostile attacks depends on the number and type of appropriate actions. Intrusion prevention requires a wellselected combination of baiting and trapping aimed at both investigations of threats. Diverting the intruders attention from protected resources is another task. Both the real system and a possible trap system are constantly monitored. Data generated by intrusion detection systems is carefully examined (this is the main task of each IDS) for detection of possible attacks (intrusions).

Problem Definition:-

Literature survey:Some relevant works have been studied and discussed here. Srinivas Mukkamala and Andrew H. Sung Due to increasing incidents of cyber attacks and heightened concerns for cyber terrorism, implementing effective intrusion detection systems (IDSs) is an essential task for protecting cyber security--as well as physical security because of the great dependence on networked computers for the operational control of various infrastructures. Building effective IDSs, unfortunately, has remained an elusive goal owing to the great technical challenges involved; and applied AI techniques are increasingly being utilized in attempts to overcome the difficulties. This paper presents a comparative study of using support vector machines (SVMs), artificial neural networks (ANNs), multivariate adaptive regression splines (MARS) and linear genetic programs (LGPs) for intrusion detection. We investigate and compare the performance of IDSs based on the mentioned techniques, with respect to a wellknown set of intrusion evaluation data gathered by Lincoln Labs. Through a variety of experiments and analysis, it is found that, with appropriately chosen population size, program size, crossover rate and mutation rate, LGPs outperform other techniques in terms of detection accuracy at the expense of time. SVMs outperform MARS and ANNs in three critical aspects of intrusion detection: accuracy, training time, and testing time.

Anup K. Ghosh, Aaron Schwartzbard, and Michael Schatz Profiling the behavior of programs can be a useful reference for detecting potential intrusions against systems. This paper presents three anomaly detection techniques for profiling program behavior that evolve from memorization to generalization. The goal of monitoring program behavior is to be able to detect potential intrusions by noting irregularities in program behavior. The techniques start from a simple equality matching algorithm for determining anomalous behavior, and evolve to a feed-forward backpropagation neural network for learning program behavior, and _nally to an Elman network for recognizing recurrent features in program execution traces. In order to detect future attacks against sys- tems, intrusion detection systems must be able to generalize from past observed behavior. The goal of this research is to employ machine learning tech- niques that can generalize from past observed be- havior to the problem of intrusion detection. The performance of these systems is compared by testing them with data provided by the DARPA Intrusion Detection Evaluation program.

Ajith Abraham wrote that an Intrusion Detection System (IDS) is a program that analyzes what happens or has happened during an execution and tries to find indications that the computer has been misused. A Distributed IDS (DIDS) consists of several IDS over a large network (s), all of which communicate with each other, or with a central server that facilitates advanced network monitoring. In a distributed environment, DIDS are implemented using co-operative intelligent

agents distributed across the network(s). This paper evaluates three fuzzy rule based classifiers to detect intrusions in a network. Results are then compared with other machine learning techniques like decision trees, support vector machines and linear genetic programming. Further, we modeled Distributed Soft Computing-based IDS (D-SCIDS) as a combination of different classifiers to model lightweight and more accurate (heavy weight) IDS. Empirical results clearly show that soft computing approach could play a major role for intrusion detection.

Methodology used:The proposed methodology learns the typical behavior (profile) of terrorists by applying a Neural Network Back propagation algorithm and Genetic technique to the textual content of terror-related Web sites. The resulting profile is used by the system to perform detection of malicious sites used in terrorist activities. Results from both back propagation algorithm and Genetic technique were compared. Results indicate that Back propagation technique exhibit high accuracy at the cost of long training time.

Software & Hardware Requirements:-

External Interface Required User Interfaces The external users can use the software to train the network using precollected datasets and then they can test the system for given datasets against the intrusion Hardware Interfaces The external hardware interface used for accessing the datasets record is the official/personal computers of the user. Software Interfaces The Operating Systems can be any version of Windows, Linux, or Unix . Performance Requirements The PCs used must be at least Pentium 4 machines so that they can give optimum performance of the product. Design Constraints The constraints at the designing time are that the needs of the user may keep on changing so the designers must keep this in view and design the product in this way that it is easily updatable. Other Requirements The software is such that as the time goes by the need of users may keep on changing thus it is made to change from time to time

Software Requirements :Application Program Interface is mainly required to read datasets bitwise which is normally embadded with every Opering system.

Hardware Requirements :-

RAM: 64mb. Processor : Pentium IV or above. Operating System : Platform Independent

Limitations:Noise Noise can severely limit an Intrusion detection systems effectiveness. Bad packets generated from software bugs, corrupt DNS data, and local packets that escaped can create a significantly high false-alarm rate. Too few attacks It is not uncommon for the number of real attacks to be far below the false-alarm rate. Real attacks are often so far below the false-alarm rate that they are often missed and ignored. Signature updates Many attacks are geared for specific versions of software that are usually outdated. A constantly changing library of signatures is needed to mitigate threats. Outdated signature databases can leave the IDS vulnerable to new strategies.

Bibliography:http://www.wikipedia.org/ http://www.11.mit.edu/IST/ideval/data/data_index.html