Word Files
Reference for Downloading Educational Files
  2. Computer Engineering
  3. Identifying intruders with the help of social network concept

Identifying intruders with the help of social network concept

Number of pages: 71 File Format: word File Code: 31080
Year: 2013 University Degree: Master's degree Category: Computer Engineering
Tags/Keywords: artificial intelligence - Computer networks - Computer networks - Computer networks - Identification systems - Information system - Information system security - Social network - Social networks
  • Part of the Content
  • Contents & Resources

  • Summary of Identifying intruders with the help of social network concept

    Master's thesis in the field of computer engineering (artificial intelligence)

    Abstract

    Identifying intruders in a social network

    In recent years, with the expansion of computer networks and the increase of people's access to it, this information platform has been increasingly subjected to infiltration, abuse and attack. Factors such as financial interests, political or military goals, as well as personal goals cause an increase in security incidents in information systems. As a result, the security of computer networks has become one of the main concerns of network experts and other people related to networks. Several tools have been developed to maintain the security of computer systems, one of which is the intrusion detection system [1]. Today, the intrusion detection system plays an important role in maintaining the security of information systems and their users against malicious attacks. The intrusion detection system is the only system that is able to actively identify unauthorized uses and misuse of information systems by internal and external attackers. As a result, this system is one of the most essential components in maintaining the security of information structures and can help maintain the security of the information system along with the firewall[2]. In this research, by applying the approach of analyzing social networks and presenting similarity criteria of people in the network, a model is presented to identify suspicious people in the network. Also, a model has been provided to simulate the test bed for flow-based intrusion detection systems.

    Key words: Intruder detection - flow-based detection methods - abnormality detection

    Chapter 1

    1. General

    1-1. Introduction

     

    The increasing use of computer networks and the Internet by individuals, organizations, government bodies and even vital infrastructures such as power plants has caused many personal and financial interactions to depend on computer networks. On the other hand, this issue has turned computer networks and their users into greed for profiteers. Many people have caused a lot of damage to individuals, organizations and even governments by infiltrating the network and stealing personal or financial information. In general, the word "intrusion" can be applied to the activities that are carried out by the intruder in order to enter the information system in order to read, damage and steal information. According to many estimates, a high percentage of intrusions - more than 85% - is done by internal users and the rest is done from outside the environment [5]. Therefore, no person or organization dealing with information systems can be immune from such security incidents. As a result, intrusion detection systems have become an integral part of the dominant security structure of information systems [17]. The intrusion detection system is the only system that is able to actively identify unauthorized uses and misuse of information systems by internal and external attackers. The intrusion detection system collects information related to various sources in computer networks and analyzes them in order to find out the intrusion activities.  Intrusion activities are often carried out in order to access, manipulate and disrupt computer systems. As a result, this system is one of the most essential components in maintaining the security of information structures and can help maintain the security of the information system along with the firewall [1]. Examples of intrusion detection systems include network intrusion detection systems, web firewalls, botnet malware detection systems, etc. pointed out In addition, the intrusion detection system is able to properly configure the firewall in order to protect the information system from dangerous attacks.

    1-2. Research objectives

    Today, the security of information networks is one of the challenging issues in the field of computer science. The range of attacks on computer networks is expanding every day; However, the responsibility of identifying and blocking attacks on end users and Internet servers has been assigned to the administrators of these systems. The existence of vulnerable points in information systems along with the explosive growth of different types of malware has caused the process of keeping signature-based intrusion detection systems up-to-date to be faced with difficulties. As a result, these systems will not be able to detect emerging attacks.. Anomaly-based intrusion detection systems, despite their adaptability and ability to identify emerging attacks, are very dependent on the definition of the normal model of the system.

    During the last few years, social networks have become the central hub of information and communication and have been increasingly targeted and attacked. This problem has caused the identification of intruders from normal users to become one of the challenging issues in relation to social networks. In the upcoming research, based on the anomaly-based approach, we will examine how to identify intruders in social networks. Our main focus is on being able to identify the intruder dynamically and with the least complexity of time and space and react to him actively.  

    One of the characteristics of social networks is that they clearly reflect the communication pattern and thus the pattern of social behavior of network users [5]. For this reason, in order to build a model of normal behavior in the network and identify deviations from this normal model in order to identify abnormal behavior of network users, our focus in this research will be on identifying intruders based on their behavior in social networks. In order to identify intruders in a network, a different concept of penetration is put as the basis of the work: "Infiltration is the entry of a person into a social [2] where he does not belong".  Based on this concept, the graph of network communication should be formed first, communities should be determined in the graph, and then the belonging or not of a person to a community should be extracted.

    To identify the communication patterns of users, network flow data[3] can be used, which includes the data flow between the final hosts indicated by IP addresses. As we know, many intrusion detection methods are not able to work with only this simple information and need several features about user communication in the network.

    One of the reasons that led us to focus our attention on the network flow data set in this research is that this type of data set has fewer features than the common data sets - which are used in the anomaly-based approach; As a result, it can help us in achieving the goal of this research, which is to use the system in the shortest time. This type of data set is collected based on the recorded information of firewalls from Internet service providers [4]. As mentioned, common datasets for research in the field of anomaly-based intrusion detection systems - such as KDD99 - have more features than network flow data. In addition, due to the emergence of new intrusion methods and malware, it is obvious that the use of data sets related to recent years can be prioritized.

    1-3. Basic definitions

    As mentioned, intrusion detection systems seek to find intrusive activities in the environment or an entity called an intruder. Below are the basic definitions that are raised in this area:

    1-3-1.  Penetration

    In general, the concept of the word penetration is defined according to the type of system that detects it, the system and services under investigation. The word "intrusion" refers to the activities that are carried out by the intruder in order to enter the information system to read, damage and steal information. These activities are divided into two categories[16]:

    Activities before penetration: These activities are done by the intruder to prepare for the penetration. As examples of these activities, we can mention port scanning [5] in order to find a way to enter the network and distorting the IP address [6] with the aim of secretly entering the network.

    Penetration: After entering the system, the intruder can launch an attack on the network structure. Attacks such as attacking the registry and changing its settings, stealing passwords [7] and abusing the access level of the authorized user, Trojan attacks and . considered it among the influence activities.

    1-3-2. Infiltrator

    In a comprehensive definition of the word infiltrator, it can be said: "Infiltrator is someone who seeks to gain unauthorized access to a computer system in order to steal information, misuse, or destroy a computer system"[10]. Intruders can be divided into two categories:

    External intruders [8]: those for whom no level of access to the system has been defined.

  • Contents & References of Identifying intruders with the help of social network concept

    List:

    1. Generalities. 2

    1-1. Introduction..2

    1-2. The purpose of the research. 3

    1-3. Basic definitions. 4

    1-3-1. influence 4

    1-3-2. intruder 5

    1-3-3. Intrusion detection systems. 6

    1-3-4. Intrusion prevention systems. 6

    1-3-5. fire wall 7

    1-4. Challenges of the problem. 7

    1-5. A look at the thesis chapters. 9

    2. Theoretical foundations of research. 12

    2-1. Introduction. 12

    2-2. Classification of intrusion detection systems. 13

    2-2-1. Information source. 13

    2-2-1. Analysis method. 15

    2-2-2. How to monitor. 16

    2-2-3. Response method. 17

    2-3. Network flow. 20

    2-3-1. Define network flow. 20

    2-4. Types of attacks. 22

    3. Research background. 28

    3-1. Introduction. 28

    3-2. Flow-based method against content-based method 28

    3-2-1. Network streaming data. 29

    3-2-2. Package-based methods. 30

    3-2-3. Flow-based methods. 30

    3-2-4. Worms 31

    3-2-5. Service Limiter. 34

    3-2-6. scanning 36

    3-2-7.  Botnet 39

    4. Suggested method. 43

    4-1. Introduction..43

    4-2. Data set .43

    4-3. Similarity criteria. 45

    4-3-1. Graph-based metrics. 45

    4-3-1-1. Local clustering coefficient. 45

    4-3-1-2. Local weighted clustering coefficient. 46

    4-3-2. Criteria based on node 48

    4-3-2-1. Average local similarity. 48

    4-3-2-2. Node degree ratio 49

    4-3-2-3. Zscore benchmark. 49

    4-4. Intruder detection. 51

    5. Tests and results. 53

    5-1. Introduction. 53

    5-2. Network graph simulation. 53

    5-3. Constructing a one-way graph. 56

    5-4. Comparison of similarity measures. 57

    5-5. Results. 58

    List of sources. 60

     

    Source:

    Q. Ding, N. Katenka, P. Barford, E. Kolaczyk, and M. Crovella, "Intrusion as (Anti)social Communication: Characterization and Detection", Proceeding of KDD Conference, Beijing, China, August 2012.

    K. Rajasekhar, B. Sekhar Babu, P. L. Prasanna, D. R. Lavanya, and T. V. Krishna, "An Overview of Intrusion Detection System Strategies and Issues", International Journal of Computer Science & Technology, vol. 2, issue 4, Oct.-Dec. 2011.

    M. Gandhi and S.K.Srivatsa, "Detecting and preventing attacks using network intrusion detection systems", International Journal of Computer Science and Security, vol. 2, Issue 1, 2008.

    G. M. Nazer and A. L. Selvakumar, "Current Intrusion Detection Techniques in Information Technology - A Detailed Analysis", European Journal of Scientific Research, vol. 65, no. 4, pp. 611-624, 2011.

    Y. Jin, E. Sharafuddin, and Z. Zhang, "Unveiling core network-wide communication patterns through application of traffic activity graph decomposition", Proceedings of ACM SIGMETRICS, Seattle, WA, June 2009.

    G. Cormode, F. Korn, S. Muthukrishnan, and Y. Wu, "On signatures for communication graphs", Proceedings of International Conference on Data Mining, Cancun, Mexico, April 2008.

    P. McDaniel, S. Sen, O. Spatscheck, J. Merwe, B. Aiello, and C. Kalmanek, "Enterprise security: A community of interest based approach", Proceedings of Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2006.

    S. Venkataraman, D. Song, P. B. Gibbons, and A. Blum, "New Streaming Algorithms for Fast Detection of Superspreaders", Proceedings of Network and Distributed System Security Symposium (NDSS), 2005.

    Y. Jin, J. Cao, A. Chen, T. Bu, and Zh. L. Zhang, "Identifying high cardinality Internet hosts", Proceedings of IEEE INFOCOM, Rio de Janeiro, Brazil, April 2009.

    E. E. Papalexakis, A. Beutel and P. Steenkiste, "Network Anomaly Detection using Co-clustering", Proceeding of International Conference on Advances in Social Networks Analysis and Mining (ASONAM), Istanbul, Turkey, 2012.

    M. Tubi, R. Puzis, and Y. Elovici, "Deployment of DNIDS in Social Networks", Proceeding of IEEE. Elovici, "Deployment of DNIDS in Social Networks", Proceeding of IEEE Intelligence and Security Informatics, USA, New Jersey, New Brunswick, May 2007.

    A. J. O'Donnell, W. C. Mankowski, and J. Abrahamson, "Using Email Social Network Analysis for Detecting Unauthorized Accounts", Proceedings of Conference on Email and Anti-Spam, Mountain View, CA, 2006.

    S. Rubin, S. Jha, and B. Miller, "Automatic generation and analysis of NIDS attacks", Proceedings of Annual Computer Security Applications Conference (ACSAC), Tucson, AZ, December, 2004.

    J. Ullrich, The Dshield Project, http://www.sans.org, 2012.

    Q. Ding, N. Katenka, P. Barford, E. Kolaczyk, and M. Crovella, "Intrusion as (anti)social communication: characterization and detection," Proc. of the 18th ACM SIGKDD international conference on knowledge discovery and data mining, pp. 886-894. ACM, 2012.

    A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller, "An Overview of IP Flow-Based Intrusion Detection," Communications Surveys & Tutorials, IEEE, vol.12, no.3, pp. 343-356, Third Quarter 2010.

    A. Sardar, I. Ul Haq, S. Rizvi, N. Rasheed, U. Sarfraz, S.A. Khayam, and F. Mirza, "On mitigating sampling-induced accuracy loss in traffic anomaly detection systems," ACM SIGCOMM Computer Communication Review 40, no. 3, pp. 4-16, 2010.

    P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maci?-Fern?ndez, and E. V?zquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," computers & security 28, no. 1, pp. 18-28, 2009.

    Wikipedia is a free encyclopedia, Available: http://en.wikipedia.org/wiki/ Intruder_detection.

    S. Venkataraman, D. Song, P.B. Gibbons, and A. Blum, "New streaming algorithms for fast detection of superspreaders," Department of Electrical and Computing Engineering, 6, 2005.

    J. Cao, Y. Jin, A. Chen, T. Bu, and Z.L. Zhang, "Identifying High Cardinality Internet Hosts," INFOCOM 2009, IEEE, pp.810-818, April 19-25, 2009.

    Q. Zhao, J. Xu, and A. Kumar, "Detection of Super Sources and Destinations in High-Speed ??Networks: Algorithms, Analysis and Evaluation," Selected Areas in Communications, IEEE Journal on, vol.24, no.10, pp.1840,1852, Oct. 2006.

    M. Tubi, R. Puzis, and Y. Elovici, "Deployment of DNIDS in Social Networks," Intelligence and Security Informatics, 2007 IEEE, pp.59,65, 23-24 May 2007.

    A. Wagner, and B. Plattner, "Entropy based worm and anomaly detection in fast IP networks," Enabling Technologies: Infrastructure for Collaborative Enterprise, 2005. 14th IEEE International Workshops on, pp.172,177, 13-15 June 2005.

    A.L. Barab?si, A. Réka, and H. Jeong, "Mean-field theory for scale-free random networks," Physica A: Statistical Mechanics and its Applications 272, no. 1, 173-187, 1999.

    T. Opsahl, and P. Panzarasa. "Clustering in weighted networks." Social networks 31, no. 2, 155-163, 2009.

    D. M. Pennock, G. W. Flake, S. Lawrence, E. J. Glover, and C. L. Giles, "Winners don't take all: Characterizing the competition for links on the web," The National Academy of Sciences 99, no. 8, 5207-5211, 2002.

    L.T. Heberlein, G.V. Dias, K.N. Levitt, B. Mukherjee, J. Wood, and D. Wolber, "A network security monitor," Research in Security and Privacy, 1990. Proceedings, 1990 IEEE Computer Society Symposium on, pp.296, 304, May 7-9, 1990.

    K.A. Zweig, "How to Forget the Second Side of the Story: A New Method for the One-Mode Projection of Bipartite Graphs," Advances in Social Networks Analysis and Mining (ASONAM), 2010 International Conference on, pp.200,207, 9-11 Aug. 2010.

    E.A. Horvat, and K.A. Zweig, "One-mode Projection of Multiplex Bipartite Graphs," Advances in Social Networks Analysis and Mining (ASONAM), 2012 IEEE/ACM International Conference on, pp.599-606, Aug. 26-29. 2012.

    J. Vykopal, M. Dra?ar, and Ph. Winter, "Flow-based Brute-force Attack Detection," Advances in IT Early Warning.

Identifying intruders with the help of social network concept
How To Access The File
Related Contents:
Number of pages: 82 Category: Computer Engineering

Master's Thesis in Computer Engineering-Artificial Intelligence Abstract Identifying Overlapping Organizations in Dynamic Networks Many complex natural and social structures can be considered as networks [1]. Roads, Internet sites, social networks, organizational communication, kinship relationships, electronic mail exchange, telephone calls and financial transactions are just a ...

Number of pages: 47 Category: Computer Engineering

Master's Thesis in Computer Engineering, Major: Current abstract software using wireless sensor networks (Wireless Sensor Network) in its expanded form. Due to the predominant use of batteries to supply the energy consumption of these sensors and also the lack of easy access to sensors in many of these applications, engineers and researchers are encouraged to design routing ...

Number of pages: 91 Category: Computer Engineering

Computer Engineering (Artificial Intelligence) Master's Dissertation Abstract Recommender systems are software tools and techniques that introduce items according to the user's needs. Content-oriented methods and shared filtering are successful solutions in recommender systems. The content-oriented method is defined based on the characteristics of the items. This method checks ...

Number of pages: 138 Category: Psychology

Dissertation for Master's Degree (M.A.) Major: General Psychology. The abstract of the present research is to investigate the effectiveness of emotional intelligence in reducing the dependence on Facebook of female high school students in Tehran. The hypotheses of the research are: 1- Training to improve emotional intelligence reduces the dependence of high school students on ...

Number of pages: 124 Category: Electrical Engineering

Abstract Changing the parameters in an industrial process causes the process to go out of its optimal working point. This change, in turn, will reduce the efficiency of closed-loop controllers that are designed for the optimal operating point of the system. Therefore, it is necessary to first detect and identify these changes as a defect and then correct the system behavior by ...

Number of pages: 130 Category: Social Sciences - Sociology

Master's Thesis in Advertising and Cultural Communication Abstract The present research has studied the relationship between the use of social networks and the religious identity of users with the aim of knowing the relationship between the individual characteristics of users and political and social factors with their religious identity and in order to answer the basic question ...

Number of pages: 88 Category: Computer Engineering

Non-continuous master's degree in computer engineering Abstract Today, the popularity of social networking sites among people is undeniable, sites that provide users with many possibilities for communication between people. One of the basic problems in analyzing these types of networks is predicting new connections between people in the network. Fuzzy method, as one of the ...

Number of pages: 75 Category: Electronic Engineering

The master's thesis for obtaining a master's degree is an abstract of facial recognition in the fields of biometrics, machine vision, and pattern recognition, and has a wide range of applications, including issues related to security systems. Since various factors such as ambient lighting, noise, and image opacity are more or less effective in the performance of face recognition ...

Number of pages: 139 Category: Biology - Environment

Master's thesis abstract shows the necessity of having a healthy environment and raising the health level of the society, the need to have proper planning to reduce the sources of air pollutants production and predicting these pollutants to prevent its harmful effects is inevitable. Prediction of pollutants can be useful in air pollution management and control. In this research, ...

Number of pages: 131 Category: Computer Engineering

Thesis for obtaining a master's degree in the field: computer, software, abstract. In a sensor network, which is a pervasive distributed system, communication synchronization is one of the discussed cases. One of the main tasks of synchronizing processes is mutual exclusivity. The new algorithms provided are more fair compared to the old algorithms. In this thesis, we present a ...