Intrusion detection is the process of attempting to identify instances of attacks comparing current activity against the expected actions of an intruder. Most current approaches to intrusion detection involve the use of rule-based expert system to identify indications of known attacks. However, these techniques are less successful in identifying attacks which vary from the expected patterns. The proposed system shows that evidence of many of these attacks can be found by a statistical analysis of network data. It also illustrates that Hidden Markov models can efficiently detect these activities. The system is tested against denial of service attacks, distributed denial of service attacks, and port scans. Also most of the current intrusion detection systems are central in nature. In a large network with heavy traffic the amount of data to be monitored and analyzed is too huge to be processed in a central place. The proposed system introduces a novel configurable distributed agent-based architecture that overcomes the problems of central processing. |
