DSpace
 

University of Jos Institutional Repository >
Engineering >
Electrical/Electronics Engineering >

Please use this identifier to cite or link to this item: http://hdl.handle.net/123456789/1133

Title: Agent Based Campus Internal Network Intrusion Detection Model
Authors: Adedokun, E.A.
Mu'azu, M.B.
Bajoga, B.G.
Dajab, D.D.
Keywords: IDS
Adaptic agents
Issue Date: 2012
Publisher: International Journal of Electronics and Computer Science Engineering
Series/Report no.: Vol. 4;No. 1; Pp 50-57
Abstract: The aim of the research is the modeling and implementation of an intrusion detection system (IDS) with focus on internally generated intrusions on a multi-Disciplinary campus network using Ahmadu Bello University (ABU) Zaria as a case study. A.B.U Zaria campus network is a complex network covering three campuses, 12 faculties and over a hundred Departments and as such there are varied types of users with diverse application requirements. Traffic data for a period of 24 months (January 2011 to December 2012) comprising of local to local and local to remote were used in developing the knowledge base of the IDS. The overhead of each packet derived from properties and composition of each packet is determined and used to form the behavior base of the IDS. The overhead determined is compared to a threshold called the safe score. This is the maximum allowable overhead for an Ethernet frame and has a value of 0.45. The developed model hybridizes the knowledge –based and behavior- based detection techniques and is implemented as an agent based application (using autonomous and adaptic agents or workers) in a program written in C-sharp(C#). If any packet has an overhead greater than the safe score, it is logged for further analysis. In the validation stage, the model processed 3,422,000 packets and 2328 packets were logged. Using Wireshark for the analysis of the logged packets, 298 packets (13% of the logged packets) were determined not to be malicious but of applications and or protocols not in the original knowledge-base and as such the knowledge base was updated. The IDS model developed is capable of updating its knowledge base, can sniff traffic directly on the network and utilizes less than 15.5% of ROM and CPU capacity at peak traffic period. It also showed about 50% improvement in the number of unknown applications and protocols identified by Netflow analyzer upon implementation.
URI: http://hdl.handle.net/123456789/1133
ISSN: 2277-1956
Appears in Collections:Electrical/Electronics Engineering

Files in This Item:

File Description SizeFormat
Volume-4Number-1PP-50-57x.pdf131.72 kBAdobe PDFView/Open
View Statistics

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

 

Valid XHTML 1.0! DSpace Software Copyright © 2002-2010  Duraspace - Feedback