A WEB-BASED INTRUSION DETECTION AND PREVENTION SYSTEM USING NEURAL NETWORKS

ABSTRACT
In recent times, it has become a necessity to obtain a security measure for computer networks due to the high influx of perpetrators using the internet for malicious purposes. These perpetrators have caused the system and its users to loose confidential information for their own benefit. This work aims at providing a phenomenal solution to the problem of data intrusion. The research project is specified in the protection of web data intrusion i.e. the data that is stored on different websites or web applications.
The intrusion detection and prevention system makes use of an Artificial Neural Network (ANN) which adopts pattern matching algorithm that compares the current state of the system with the normal state. The Agile System Development Life Cycle (SDLC) was used in the development of the system. For the pattern matching, rules like; back door penetration, brute force attack on password/username, SQL injection and XSS injection were embedded in the system.
The developed system was tested on two different web applications and it successfully detected and prevented intrusions based on the rules that were defined by the Neural Network Intrusion Detection and Prevention System (NNIDPS). 

TABLE OF CONTENTS
List of Figures
 Abstract

Chapter 1: Introduction
  1.1 Background of the Study
  1.2  Statement of the Problem
  1.3  Aim and Objectives
  1.4  Methodology
  1.5  Scope of Study
  1.6 Significance of the Study
  1.7 Organization of Subsequent Chapters

Chapter 2: Literature Review
2.1  Introduction
2.2  The Web and it’s analysis
2.2.1  The Web in relation to Computer Security and Artificial Intelligence
2.3  Intrusion Detection and Prevention Systems
2.3.1  Events that can be detected by an IDS/IPS
2.3.2  Phases of Intrusion Detection and Prevention System
2.3.3  Examples of popular IDP systems
2.3.3.1  Snort
2.3.3.2  Suricata
2.4  Neural Networks as an aspect of AI
2.4.1    Paradigms of Learning in Neural Networks
2.4.2    Popular algorithms used to implement neural networks
2.4.3    Other implementations of neural networks
                        2.4.3.1    Facial recognition implementation
                        2.4.3.2    Speech recognition implementation
                        2.4.3.3    Fingerprint identification systems
                        2.4.3.4     Mobile robot motion
   2.5  Review of related works
2.5.1    NNIDP implementation according to attacks
2.5.2    Anomaly neural network intrusion detection reviews
2.5.3    Neural network intrusion detection with fuzzy clustering
2.5.4    Neural network intrusion detection implementations with new algorithms
            2.5.5    Implementation of NNs with other AI fields in intrusion detection
2.5.6    NNIDP implementation using back-propagation, Som’s, perceptron
   2.6 Summary

Chapter 3: Methodology
3.1  Introduction
3.2  Software Development Model
3.3  System and User Requirements
3.3.1  Functional Requirements
3.3.2  Non-Functional Requirements
3.3.3  User Requirements
  3.4  Software Development tools
3.4.1  MySQL Database
3.4.2  Apache Tomcat
3.4.3  Programming Languages
  3.5  System Description
3.6  System Diagrams i.e. Use case, Activity, ER diagram
            3.6.1  Use case Model
3.6.2  Data Flow Diagram
3.6.3  Activity Diagram
3.6.4   Flowchart
3.6.5   ER Diagram
3.6.6   Database Structure

Chapter 4: System Design, Implementation and Testing
4.1  Introduction
    4.2  System Requirement and Specification
4.2.1  Software Requirement
4.2.2  Hardware Requirement
            4.2.3  Software Specifications
4.2.4  Hardware Specifications
4.3   System Deployment
4.3.1  Setting up the Wamp server
4.3.2  Deploying the Application
4.4  NNIDPS Operation
4.5 System Execution
4.5.1  The Home Page
4.5.2  The Register Page
4.5.3  The Login Page
4.5.4  The Admin Page
4.5.5  The Client Page
4.6 System Testing

Chapter 5: Summary, Conclusion & Recommendations
5.1  Summary
5.2  Conclusion
5.3  Recommendations
References
Apendix

CHAPTER ONE
INTRODUCTION
1.1 BACKGROUND OF THE STUDY
With the presence of information technology in this age; data can be stored, manipulated, transferred and processed but there are also some agents that want to make use of the data for negative intentions. Intrusions usually occur when unauthorized access is gained by an attacker to a valid users account so as to perform malicious deeds while masquerading as a real user. In order to prevent this, it is advisable to employ the use intrusion prevention and detection systems. An Intrusion detection and prevention system could be a software and/or a hardware that monitors a system or a network of systems against any malicious activity. An intrusion detection and prevention system has two different functions; prevention and detection. Prevention is the act of avoiding the intrusion while detection is observing any malicious activity that is present in a system.
Examples of intrusions include Attempted break-in/ Masquerade attacks which is an attack that uses fake identity to gain unauthorised access to private computer information through legitimate access identification. They are usually detected by a typical behaviour profile or violation of security constraints. This is an example under anomaly based intrusion system. Another example is the penetration of security control systems. This can be an unauthorised simulated attack on a computer system that looks for security weakness, potentially gaining access to the system’s features data. It can be detected by monitoring specific pattern of activity. Also, Leakage is another example of intrusion, this happens when a system reveals some information to unauthorised parties. It can be detected by a typical use of system resources. Malicious software are also intrusions that should be avoided, it can be any software used to disrupt computer operations, gather information and gain access to private systems. It is detected by typical behaviour profiles, violation of security constraints or the use of special privileges.
 There are two intrusion detection based methods; Misuse based intrusion detection: which can also be knowledge based detection. (Devikrishna et al, 2013) It searches for activities that are similar to known signatures of intrusions.  It detects any abnormal activities and renders any other activity in the system as normal. Its greatest advantage is the presence of low false positives but it is unable to detect unknown attacks, it can only detect attacks that have a pattern in the system. The second method is the Anomaly based intrusion detection which can also be known as behaviour based detection. (Devikrishna et al, 2013) It detects by searching for any abnormal network traffic. It is the opposite of misuse based detection in the sense that rather than detecting abnormal activities, it detects normal activities and renders any other activity as abnormal. It is very good in detecting unknown attacks i.e. doesn’t need prior knowledge of the attack but it has a high rate of false positives.
There are several intrusion detection and prevention systems but this research will be focused on developing a Neural Network Intrusion Detection and Prevention (NNIDP) systems. A neural network is the imitation of the connection of the human brain with the nerve cells of the body. The adaptation of a neural network makes intrusion detection systems more efficient. An NNIDP can be trained to learn patterns in a system so as to detect intrusions by recognizing patterns of intrusions and thereby preventing them. There are three steps involved in making a neural network; pre-process the data, train the network and test the data. (Om & Sarkar, 2010)

1.2 STATEMENT OF THE PROBLEM

The presence and activities of intruders to forcefully gain access to highly classified and private information especially those stored on the database has rapidly increased over time as a result of technological growth. In curbing this, intrusion detection and prevention systems has been developed to detect and prevent intruders who might want to jeopardize system efficiency as a result of intrusion. The pattern recognition ability and machine learning ability of the Artificial Neural Network has brought advanced IDPS which can effectively detect and prevent intruders. Thus the need to develop an advanced Artificial Neural Network Intrusion Detection and Prevention system for combatting intrusions effectively.

1.3 AIM AND OBJECTIVES
The aim of this research is to develop an Intrusion Detection and Prevention System that uses a Neural Network model for the detection and prevention of web attacks. The specific objectives are to:
1.      Survey web attack methods so as to identify intrusion attempts and aid effective detection of intrusion attempts.
2.      Design an intrusion detection and prevention system as a third party security software to enhance the intrusion detection and prevention process.
3.      Develop a robust database that will keep records of intrusion attempts and identify the source thereby preventing the intruders from gaining further access.
4.      Implement a Neural network technology on the Intrusion Detection System so as to effectively enhance the system.

1.4 METHODOLOGY

To achieve the set objectives, the following methodology will be adopted.
1.      An extensive literature review will be done so as to determine up-to-date intrusions attacks and attempts and also to acquire suitable tools in developing the IDPS.
2.      Software development tools like Java Server Pages (JSP), Apache Tomcat, CSS, HTML, and Bootstrap will be used to develop and implement the Intrusion detection and prevention System (IDPS).
3.      MySQL DBMS will be used to develop the database.
4.      The Pattern matching algorithm will be adopted in the development of the Neural Network in the IDPS.

1.5 SCOPE OF STUDY
The system will be limited to the detection of web attacks and will only implement pattern matching as the neural network algorithm. The research work will not cover other types of intrusion attacks neither will it cover other ANN algorithms.

1.6 SIGNIFICANCE OF THE STUDY
The successful completion of this project will:
     1.      Add to the already existing solutions in preventing intrusions.
     2.      Improve the security of data especially the ones acquired from websites.
     3.      Highlight diverse web attacks and possible ways of tackling them.
     4.      Prove that pattern matching algorithm can effectively detect and prevent intrusions.

1.7 ORGANIZATION OF CHAPTERS
Chapter one is the introduction to the project. It highlights what the project is about and what will be done in subsequent chapters.
Chapter two is the literature review which will discuss the related works, shed more light on IDPS, enlighten about ANN and web attacks, and discuss different neural network algorithms.
Chapter three is the methodology, it will contain the analysis of the system, the design methodology, the system specifications and requirements.
Chapter four is the design and implementation of the system, it entails all the information about the system, screenshots of the system, description of how the system functions and how it is tested.
Chapter five is the summary, conclusion and further recommendations. It gives a summary of the entire project and also some recommendations.

For more Computer Science Projects click here
================================================================
Item Type: Project Material  |  Size: 63 pages  |  Chapters: 1-5
Format: MS Word   Delivery: Within 30Mins.
================================================================

Share:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Search for your topic here

See full list of Project Topics under your Department Here!

Featured Post

HOW TO WRITE A RESEARCH HYPOTHESIS

A hypothesis is a description of a pattern in nature or an explanation about some real-world phenomenon that can be tested through observ...

Popular Posts