INDRUSION DETECTION SYSTEM

IN DISTRIBUTED ENVIRONMENT
USING DATA MINING TECHIQUES
PRAMOTH KUMAR. P.
S(110811104061)

Guided By
Mr. M. Iraniya Pandian
AP/CSE

OBJECTIVE OF THE PROJECT

These research focus on solving the issues intrusion

detection communicate that can help the admin to

make preprocessing, classification, labelling of data,
and to mitigate the outcome of DDOS attacks.
It has also become a most priority and challenging

tasks for network administrators and security experts

EXISTING SYSTEM
The Intrusion Detection System (IDS) plays a vital

role in detecting anomalies and attacks in the network.

In this work, data mining concept is integrated with
IDS to identify the relevant, hidden data of interest for
the user effectively and with less execution time.
The existing methods used SVM and hybrid PSO

algorithm that can deal with nominal attributes without

going for the both conversion and nominal attribute
values.

PROPOSED SYSTEM
It proposes the new method for controlling and

detecting Denial Service Attack using Hybrid IDS

model and Varying HOPERAA Algorithm
respectively.
The advantage of our methods are used for both
misuse and anomalies detection. And also we applied
Alert aggregation as a subtask of intrusion detection.
The proposed algorithm has been tested using KDD
Cup dataset.

SYSTEM FEATURES
Misuse and Anomalyies Detection

It define abnormal system behaviour at first, and then

define any other behaviour, as normal behaviour.

Anomaly

detection (or outlier detection) is the

identification of items, events or observations which
do not conform to an expected pattern or other items
in a dataset.

Cont..
Detecting Denial Service Attack

Distributed Denial of Service attack is a coordinated

attack, generally performed on a massive scale on the

availability of services of a target system or network
resources.
Due to the continuous evolution of new attacks and

ever-increasing number of vulnerable hosts on the

Internet, many DDoS attack detection or prevention
mechanisms have been proposed

SYSTEM ARCHITECTURE

MODULES
Server
Client
KDD Cup 99 Dataset
Hybrid Intrusion Detection System
Mitigate DOS Attack

Server
Server module is the main module for this project. This module acts
as the Intrusion Detection System. This module consists of four layers viz.
sensor layer (which detects the user/client etc.), Detection layer, alert
processing layer and reaction layer. In addition there is also Data Log,
where all the alerts and Data are stored for the references. This Data Log
can also be saved as Log file for future references for any network
environment.

Client
Client module is developed for testing the Intrusion Detection
System. In this module the client can enter only with a valid user name
and password. Then the client sends their requests to collect the data from
the server. In this case if the intruder is occurred then the client is using
the steps which are included below for destroying the intrusion.

Kdd Cup 99 Dataset

The IDS is installed to capture the network packets in real time
and also KDD Cup 99 dataset is used. KDD Cup 99 data set contains
23 attack types.

Hybrid Intrusion Detection System

SNORT is a signature based method because it detects the
attack based on the set of rules that are predefined within the SNORT.
Signature-based IDS monitors packets in the network, and compares
them with pre-configured and pre-determined attack patterns, known
as signature. If any attack data is found, it automatically drops the
packet otherwise the particular record is considered as a normal one.

Mitigate Dos Attack

To mitigate the Effectiveness of Distributed Denial of

Service Attack Varying HOPERAA Algorithm is used. A
variable clock drift method is proposed to avoid the client
waiting time for server and at the same time message loss
is avoided greatly. It includes three functions,
Contact initiation part
Data transmission part
Varying HOPERAA Algorithm

RESULT
KDD Cup 99 data set has been used in this research

of which 60% is treated as training data and 40% is

considered as testing data.
Performance of four proposed methods such as,

Classification of network data using EDADT

algorithm,Proposed Hybrid IDS,Performance of
Semi-Supervised Approach for IDS and, Mitigating
DDoS attacks using Varying Clock Drift Mechanism.

SOFTWARE USED
It works on the Operating System such as Windows XP.
Here Front End as Java, RMI, JDBC are the software

used in this project.

CONCLUSION
This

approach helps to overcome the human

interaction toward preprocessing. Finally, based on the
mitigation of DDoS attack scenarios, the port hopping
concept is used depending upon the message length.
Hence the message loss is greatly reduced and it does
not create severe damage if happens. Both the
security and performance measures with a variable
clock drift mechanism have been evaluated. With the
help of varying clock drift, the client can easily
communicate with the server with minimum contact
initiation trails and the improved maximum delivery
latency has been achieved.

REFERENCES
1. Monowar H. Bhuyan,Bhattacaryya DK,Kalitha JK(2012), An effective

unsupervised network anomaly detection method, In: International

conference in computing ,communications and informatics, P. 533-9.

2. Sethuramalingam S. ( 2011), Hybrid feature selection for network

intrusion, Int J comput sci Eng;3(5):1773-9

3. Olung Wang, Vasileios Megalooikonomou (2005), A clustering algorithm for

intrusion detection.In: International conference on datamining , intrusion

assurance, and data mining, intrusion detection, information assurance, and data
networks, security, 5(12), P. 31-8.

4. Holden Alex Nicholas, Freitas. A (2008), A hybrid PSO/ACO algorithm for

discovering classification rules in data mining, J Artif Evol Appl 2:111

5. Catania Carlos A, Garino Carlos Garca (2012), Automatic network intrusion

detection: current techniques and open issues, Elsevier Comput Electr Eng
38(5):106272.