Security in wireless network faces depreciation due to far-reaching Distributed Denial-of-Service (DDoS). DDoS attacks normally engage early on stage actions such as multistep utilization, low-frequency vulnerability scanning, and compromising notorious suspect able virtual machines as zombies, and to end with DDoS attacks in the course of the compromised zombies. We propose an Enhanced Network Intrusion Detection System using IDS Framework to overcome the DDoS attack. The proposed system builds a monitoring and control mechanism
over the scattered nodes and mitigates attack consequences using relay nodes. The attacker zone is isolated forming an attack path from the normal transmission path using the relay nodes.
Security in wireless network faces depreciation due to far-reaching Distributed Denial-of-Service (DDoS). DDoS attacks normally engage early on stage actions such as multistep utilization, low-frequency vulnerability scanning, and compromising notorious suspect able virtual machines as zombies, and to end with DDoS attacks in the course of the compromised zombies. We propose an Enhanced Network Intrusion Detection System using IDS Framework to overcome the DDoS attack. The proposed system builds a monitoring and control mechanism
over the scattered nodes and mitigates attack consequences using relay nodes. The attacker zone is isolated forming an attack path from the normal transmission path using the relay nodes.
Security in wireless network faces depreciation due to far-reaching Distributed Denial-of-Service (DDoS). DDoS attacks normally engage early on stage actions such as multistep utilization, low-frequency vulnerability scanning, and compromising notorious suspect able virtual machines as zombies, and to end with DDoS attacks in the course of the compromised zombies. We propose an Enhanced Network Intrusion Detection System using IDS Framework to overcome the DDoS attack. The proposed system builds a monitoring and control mechanism
over the scattered nodes and mitigates attack consequences using relay nodes. The attacker zone is isolated forming an attack path from the normal transmission path using the relay nodes.
IJSRET @ 2014 Scrutinizing Vulnerable Attacks in Cloud Infrastructure Mrs.Rajasri.K *, Kanimozhi.S **,Dhivya Bharathi.Dja ***,Shankari.R **** *Senior Assistant Professor, CSE, Christ College of Engg & Tech, Pondicherry, India ** Student, CSE, Christ College of Engg & Tech, Pondicherry, India ***Student, CSE, Christ College of Engg & Tech, Pondicherry, India ****Student, CSE, Christ College of Engg & Tech, Pondicherry, India Abstract Security in wireless network faces depreciation due to far-reaching Distributed Denial-of-Service (DDoS). DDoS attacks normally engage early on stage actions such as multistep utilization, low-frequency vulnerability scanning, and compromising notorious suspect able virtual machines as zombies, and to end with DDoS attacks in the course of the compromised zombies. We propose an Enhanced Network Intrusion Detection System using IDS Framework to overcome the DDoS attack. The proposed system builds a monitoring and control mechanism over the scattered nodes and mitigates attack consequences using relay nodes. The attacker zone is isolated forming an attack path from the normal transmission path using the relay nodes. Keywords Attack graph, Cloud computing, D.O.S, NICE-A, Spam 1 Introduction A mobile ad-hoc network is an autonomous network system of routers and hosts connected by wireless links. They can be setup somewhere without any need for external transportation like wires or base stations. The routers are gratis to move arbitrarily and systematize themselves capriciously. Acronym is MANET. Each device in the network is called an NODE. We address the problem of packet inspection and security towards eves dropping attack in this paper. The past works have concentrated in port monitoring in a centralized system where a server takes control over the hardware and communicating links of the network. We propose a secure relay based IDS (SR-IDS) where re- locatable relay nodes serve the purpose. These relays are placed based on the shortest distance by which a relay node can cover a maximum number of nodes at its zone. 1.1 Cloud computing Cloud computing has become the novel hum word driven largely by advertising and service contributions from large corporate players like Google, IBM and Amazon. Cloud computing is the use of network .Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network. Computing resources (hardware and software) that are delivered as a service over a network. Fig 1.1 Working of cloud Here are mainly three form of cloud computing: Public Cloud: IT resources on hand as a service and collective across multiple organizations, managed by an external service provider Private Cloud: IT resources devoted to a single organization and obtainable on demand Hybrid Cloud: a combine of private and public clouds manage as a single entity to expand capacity across clouds as needed. International Journal of Scientific Research Engineering & Technology (IJSRET) Volume 2 Issue 10 pp 623-626 January 2014 www.ijsret.org ISSN 2278 0882 IJSRET @ 2014 Fig 1.2 Cloud computing types 1.2 Distributed Deniel-Of-Service In computing,a denial-of-service attack (DoS attack) or distributed denial- of-service attack (DDoS attack) is an attempt to create a machine or network resource engaged to its intended users. Although the means to perform, motives for, and targets of a DoS attack can vary, it normally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Perpetrators of DoS attacks typically target sites or services hosted on high- profile web servers such as banks, credit card payment gateways, and even root name servers. 2 Existing System Initially they have used to identify an intrusion in a Centralized Network .Here the attack is only found out if they have attacked the server. If there is attack in the host it is never found out. The proposed structure leverages Open Flow network encoding APIs to build a observe and control plane over scattered programmable virtual switches to considerability improve attack detection and alleviate attack consequences. The system and security evaluations reveal the competence and effectiveness of the proposed solution. NICE is Network Intrusion Detection and Counter measure Selection in Virtual Network Systems, builds a graph based model in it and a framework is been designed, which monitor and control the entire network. It is done in three phases PHASE 1 Deploy a lightweight mirroring-based network intrusion detection agent (NICE-A) on every cloud server to confine and scrutinize cloud traffic. A NICE-A regularly scan the virtual system vulnerabilities surrounded by a cloud server to establish Scenario Attack Graph (SAGs), and then based on the severity of identified vulnerability toward the mutual attack goals, NICE will choose whether or not to set a VM in network examination state. PHASE 2 On one occasion, a VM enter inspection state, Deep Packet Inspection (DPI) is applied, and/or implicit network reconfigurations can be deploy to the inspect VM to compose the potential attack behaviors prominent. NICE significantly advances the current network IDS/IPS solutions by employing programmable virtual networking loom that allows the system to construct a dynamic reconfigurable IDS system. By using software switching techniques, NICE constructs a mirroring-based traffic capture framework to minimize the interference on users traffic compared to traditional bump-in-the-wire IDS/IPS. The programmable virtual networking structural design of NICE enables the cloud to establish assessment and quarantine modes for suspicious VMs according to their current vulnerability state in the current SAG. PHASE 3 Countermeasure Selection is very important method in which it is based on two features namely, (i)Hardware oriented: It includes the Attack analyzer and VM profiling method. (ii)Network oriented: It includes the Network controller, which is used to know what type of protocol used, how much time it is been activated and how many data transfer is been done by the protocol. 2.2 Countermeasure-Selection Algorithm Algorithm2: Countermeasure Selection Require: Alert; GE; V ; CM 1: Let vAlert Source node of the Alert 2.1 Alert Co-Relation Algorithm Algorithm 1:Alert_Correlation Require: alert ac, SAG, ACG 1: if (ac is a original alert) then 2: generate node ac in ACG 3: n1 vc 2 mapac 4: for all n2 2 parentn1 do 5: create edges (n2:alert; ac) 6: for all Si contain a do 7: if a is the last element in Si then 8: append ac to Si 9: else 10: create path Si1 fsubsetSi; a; acg 11: end if 12: end for 13: add ac to n1:alert 14: end for 15: end if 16: return S 2.2 Countermeasure Selection Algorithm International Journal of Scientific Research Engineering & Technology (IJSRET) Volume 2 Issue 10 pp 623-626 January 2014 www.ijsret.org ISSN 2278 0882 IJSRET @ 2014 Algorithm2: Countermeasure Selection Require: Alert;GE; V ; CM 1: Let vAlert Source node of the Alert 2: if Distance to TargetvAlert > threshold then 3: Update ACG 4: return 5: end if 6: Let T DescendantvAlert [ vAlert 7: Set PrvAlert 1 8: Generate_Risk_Problem(T) 9: Let benefitjTj; jCMj_ ; 10: for each t 2 T do 11: for each cm 2 CM do 12: if cm:conditiont then 13: Prt Prt _ 1 _ cm:effectiveness 14: Estimate_Risk_Problem(Descendantt) 15: benefitt; cm_ _Prtarget node. (7) 16: end if 17: end for 18: end for 19: Let ROIjTj; jCMj_ ; 20: for each t 2 T do 21: for each cm 2 CM do 22: ROIt; cm_ benefitt;cm_ cost: cmintrusiveness:cm . (8) 23: end for 24: end for 25: Update SAG and Update ACG 26: return Select Optimal CMROI 2.3 DRAWBACKS IN EXISTING SYSTEM Nice is limited to centralized architecture VM profiling consumes additional delay. Attackers link failures are not addressed Data consistency levels are low. 3 Proposed System In the proposed system we choose a relay node and the number of active nodes. Here the relay nodes are mainly chooses to isolate the secured and non secured nodes and this is done based on the distance of connecting paths between nodes. We can easily replace or move the relay nodes. If one node is out of range, then we can replace it by relay nodes. And by isolating secure and non secure nodes we can avoid transferring data in non-secured nodes. And attacks are been reduced. Choosing a relay node depends on: TTL of the Node Number of active links Mobility Let M be the nodes mobility and L be the active links the node serves/ served, then Mi<Mj<Mk<..Mn such that Mi is inversely proportional to B. Where, B is the bandwidth operated. For a constant throughput the number of data transferred must be constant. Mi*B ~= 1 +/- E Where, E is the error correction while the bandwidth is adjusted. R1, R2, Rn must satisfy the above condition to be a re-locatable IDS relay. Calculating the maximum transmission distance: Pr/Pt= Ft*((B/4piR)^2) Where,B- bandwidth of the end node Pt- Transmitter power of the sender Pr- Receiver power of the end node Ft- Loss factor R- End nodes transmission radius Number of active connections is calculated by checking if ,BR range of the end nodes lies within BR of the Relay Node. The communicating radius: r= (BR1 + BR2 + BRn)/ BRr BR- Broadcasting Range Mark each r1, r2, rn such that all active nodes are taken into account. Figure 3.1 Network structure using reliable nodes International Journal of Scientific Research Engineering & Technology (IJSRET) Volume 2 Issue 10 pp 623-626 January 2014 www.ijsret.org ISSN 2278 0882 IJSRET @ 2014 3.1 ADVANTAGE OF PROPOSED SYSTEM Attacker's link failures are addressed. Secured paths are identified for data transfer. Streamless communication is possible. Fastware redirection can be done by the use of relay nodes. Low wait and hold. 4 Conclusions and Future Work Our project is about, detecting attacks. Eves dropping attack is isolated from the network by forming a secure and non-secure zone using dynamic IDS relays. The zone is differentiated using secure path and non secure path based on maximum connectivity and the distance at which the end node communicates at each instance, reducing the possibility of the attackers. Acknowledgement This work is supported by Hewlett-Packard Labs Innovation Research Program Grant and the Office of Naval Research Young Investigator Program Awards. REFERENCES [1] Coud Sercurity Alliance, Top Threats to Cloud Computing v1.0, https://cloudsecurityalliance.org/topthreats/csathreats. v1.0.pdf,Mar. 2010 . 2] H. Takabi, J.B. Joshi, and G. Ahn, Security and Privacy Challenges in Cloud Computing Environments, IEEE Securityand Privacy, vol. 8, no. 6, pp. 24-31, Dec. 2010. [3]Open vSwitch Project, http://openvswitch.org, May 2012. [4] Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, and J. Barker, Detecting Spam Zombies by Monitoring Outgoing Messages, IEEE Trans. Dependable and Secure Computing, vol. 9, no. 2, pp. 198-210, Apr. 2012. [5] G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee,BotHunter: Detecting Malware Infection through IDS-drivenDialog Correlation, Proc. 16th USENIX Security Symp. (SS 07),pp. 12:1-12:16, Aug. 2007. [6] X. Ou, S. Govindavajhala, and A.W. Appel, MulVAL: A Logic-Based Network Security Analyzer, Proc. 14th USENIX Security Symp., pp. 113-128, 2005. [7] R. Sadoddin and A. Ghorbani, Alert Correlation Survey: Framework and Techniques, Proc. ACM Intl Conf. Privacy, Security and Trust: Bridge the Gap between PST Technologies and Business Services (PST 06), pp. 37:1-37:10, 2006 [8] S. Roschke, F. Cheng, and C. Meinel, A New Alert Correlation Algorithm Based on Attack Graph, Proc. Fourth Intl Conf.Computational Intelligence in Security for Information Systems,pp. 58-67, 2011. [9] Mitre Corporation, Common Vulnerabilities and Exposures,CVE, http://cve.mitre.org/, 2012 [10] O.Database,Open Source Vulnerability Database (OVSDB), http://osvdb.org/, 2012. [11] Metasploit http://www.metasploit.com, 2012. [12] Armitage,http://www.fastandeasyhacking.com, 2012.