CFP last date
22 April 2024
Reseach Article

HawkEye Solutions: Expectation Maximization based Network Intrusion Detection System

Published on None 2011 by I. Mukhopadhyay, M. Chakraborty
International Conference and Workshop on Emerging Trends in Technology
Foundation of Computer Science USA
ICWET - Number 1
None 2011
Authors: I. Mukhopadhyay, M. Chakraborty
cd7490dc-67ce-474a-97a6-9b9e0b1c48b6

I. Mukhopadhyay, M. Chakraborty . HawkEye Solutions: Expectation Maximization based Network Intrusion Detection System. International Conference and Workshop on Emerging Trends in Technology. ICWET, 1 (None 2011), 22-29.

@article{
author = { I. Mukhopadhyay, M. Chakraborty },
title = { HawkEye Solutions: Expectation Maximization based Network Intrusion Detection System },
journal = { International Conference and Workshop on Emerging Trends in Technology },
issue_date = { None 2011 },
volume = { ICWET },
number = { 1 },
month = { None },
year = { 2011 },
issn = 0975-8887,
pages = { 22-29 },
numpages = 8,
url = { /proceedings/icwet/number1/2059-aca33/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Proceeding Article
%1 International Conference and Workshop on Emerging Trends in Technology
%A I. Mukhopadhyay
%A M. Chakraborty
%T HawkEye Solutions: Expectation Maximization based Network Intrusion Detection System
%J International Conference and Workshop on Emerging Trends in Technology
%@ 0975-8887
%V ICWET
%N 1
%P 22-29
%D 2011
%I International Journal of Computer Applications
Abstract

In this paper the authors discuss about HawkEye Solutions, a Network Intrusion Detection System (NIDS) that detects abnormal Internet Protocol (IP) packets. An Intrusion Detection System (IDS) is a computer-based information system designed to collect information about malicious activities in a set of targeted IT resources, analyze the information and respond according to some predefined security policy. An NIDS is a computer-based information system designed to collect information about malicious activities in a set of targeted IT resources, analyze the information, and respond according to a predefined security policy. Authors here present the basic building blocks of the IDS that include mechanisms for carrying out TCP port scans, Traceroute scan, which in association with the ping scan can monitor network health. Finally the implementation of a Packet Sniffer provides generic level opportunity to detect various types of attacks, based on packet analyzing. The authors have also proposed and implemented a novel Expectation Maximization based intrusion detection algorithm called EMID. The implementation results in Matlab are presented and discussed. The authors endeavor to integrate EMID with HawkEye Solutions as a future work.

References
  1. Wikepedia Expectation-maximization algorithm, http://en.wikiped ia.org/wiki/Expectation-maximization_algorithm.
  2. Robin Hanson, Sterling Software, John Stutz "Bayesian Classification Theory" Technical Report FIA-90-12-7-01. Artificial Intelligence Research Branch NASA Ames Research Center, Mail Stop 244-17, Moffet Field, CA 94035, USA
  3. Pantos, “Packet Reading with libpcap”, April 2010 http://www.systhread.net/texts/200805lpcap1.php
  4. R. O. Duda, P. E. Hart, and D. G. Stork, Pattern Classification, 2 ed: John Wiley & Sons, 2001
  5. M. Aitkin and D. B. Rubin, "Estimation and hypothesis testing in finite mixture models," Journal of the Royal Statistical Society, vol. 47, pp. 67-75, 1985.
  6. M. A. T. Figueiredo and A. K. Jain, "Unsupervised Learning of Finite Mixture Models," IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 24, pp. 381-396, 2002.
  7. S. Theodoridis and K. Koutrombas, Pattern Recogni-tion, 3 ed: Elsevier Academic Press, 2006.
  8. RFC 768, “User Datagram Protocol”, http://www.faqs.org/rfcs/ rfc768.html
  9. 1998 DARPA Intrusion Detection Data Sets, “ http://www.ll.mit. edu/mission/communications/ist/corpora/ideval/data/index.html
Index Terms

Computer Science
Information Sciences

Keywords

Intrusion Detection System (IDS) Intrusion Prevention System (IPS) Host-based IDS Network-based IDS HawkEye Solutions Expectation Maximization Bayesian Classifier EMID