Biomedical Engineering Reference
In-Depth Information
Table 1 Various types of attacks described in four major categories
Denial of service
attacks
Back, land, neptune, pod, smurf, teardrop
User to root attacks
Buffer_overflow, loadmodule, perl, rootkit
Remote to local
attacks
Ftp_write, guess_passwd, imap, multihop, phf, spy, warezclient,
warezmaster
Probes
Satan, ipsweep, nmap, portsweep
Some of the features for each individual TCP connections are the duration of the
connection, the type of the protocol (TCP, UDP, etc.), and network service (http,
telnet, etc.).
• The content features suggested by domain knowledge are used to assess the
payload of the original TCP packets, such as the number of failed login attempts.
• Within a connection, the same host features observe the recognized connections
that have the same destination host as present connection in the past 2 s and the
statistics related to the protocol behavior, service, etc. are estimated.
• The similar same service features scrutinize the connections that have the same
service as the current connection in the past 2 s.
A variety of attacks incorporated in the data set fall into the following four
major categories: Denial of Service Attacks: A denial of service attack is an
attack where the attacker constructs some computing or memory resource fully
occupied or unavailable to manage legitimate requirements, or reject legitimate
users' right to use a machine. User to Root
Attacks: User to Root exploits are a category of exploits where the attackers
initiate by accessing a normal user account on the system (possibly achieved by
tracking down the passwords, a dictionary attack, or social engineering) and take
advantage of some susceptibility to achieve root access to the system.
Remote to User Attacks: A Remote to User attack takes place when an
attacker who has the capability to send packets to a machine over a network but
does not have an account on that machine, makes use of some vulnerability to
achieve local access as a user of that machine. Probes: Probing is a category of
attacks where an attacker examines a network to collect information or discover
well-known vulnerabilities. These network investigations are reasonably valuable
for an attacker who is staging an attack in future. An attacker who has a record,
of which machines and services are accessible on a given network, can make use
of this information to look for fragile points.
Table 1 illustrates a number of attacks falling into four major categories:
Method
The proposed system introduces intrusion detection system with KNN Classifi-
cation and DS theory with fuzzy logic. The input to the proposed system is KDD
Cup 1999 data set, which is separated into two subsets such as, training data set
Search WWH ::




Custom Search