Table of Contents
Declaration i
Acknowledgements ii
Dedication iii
Certification iv
Table of contents v
List of Figures viii
Abstract ix
Chapter 1: Introduction 1
1.1 Background of the Study 1
1.2 Statement of the Problem 3
1.3 Aim and Objectives 3
1.4 Methodology 4
1.5 Scope of Study 4
1.6 Significance of the Study 4
1.7 Organization of Subsequent Chapters 5
Chapter 2: Literature Review 6
2.1 Introduction 6
2.2 The Web and it’s analysis 6
2.2.1 The Web in relation to Computer Security and Artificial Intelligence 7
2.3 Intrusion Detection and Prevention Systems 8
2.3.1 Events that can be detected by an IDS/IPS 9
2.3.2 Phases of Intrusion Detection and Prevention System 10
2.3.3 Examples of popular IDP systems 11
2.3.3.1 Snort 11
2.3.3.2 Suricata 12
2.4 Neural Networks as an aspect of AI 12
2.4.1 Paradigms of Learning in Neural Networks 13
2.4.2 Popular algorithms used to implement neural networks 14
2.4.3 Other implementations of neural networks 15
2.4.3.1 Facial recognition implementation 15
2.4.3.2 Speech recognition implementation 16
2.4.3.3 Fingerprint identification systems 16
2.4.3.4 Mobile robot motion 17
2.5 Review of related works 17
2.5.1 NNIDP implementation according to attacks 17
2.5.2 Anomaly neural network intrusion detection reviews 19
2.5.3 Neural network intrusion detection with fuzzy clustering 21
2.5.4 Neural network intrusion detection implementations with new algorithms 21
2.5.5 Implementation of NNs with other AI fields in intrusion detection 22
2.5.6 NNIDP implementation using back-propagation, Som’s, perceptron 24
2.6 Summary 25
Chapter 3: Methodology 26
3.1 Introduction 26
3.2 Software Development Model 26
3.3 System and User Requirements 27
3.3.1 Functional Requirements 27
3.3.2 Non-Functional Requirements 28
3.3.3 User Requirements 28
3.4 Software Development tools 28
3.4.1 MySQL Database 29
3.4.2 Apache Tomcat 29
3.4.3 Programming Languages 29
3.5 System Description 30
3.6 System Diagrams i.e. Use case, Activity, ER diagram 31
3.6.1 Use case Model 31
3.6.2 Data Flow Diagram 33
3.6.3 Activity Diagram 34
3.6.4 Flowchart 35
3.6.5 ER Diagram 38
3.6.6 Database Structure 39
Chapter 4: System Design, Implementation and Testing 40
4.1 Introduction 40
4.2 System Requirement and Specification 40
4.2.1 Software Requirement 40
4.2.2 Hardware Requirement 41
4.2.3 Software Specifications 41
4.2.4 Hardware Specifications 42
4.3 System Deployment 43
4.3.1 Setting up the Wamp server 43
4.3.2 Deploying the Application 43
4.4 NNIDPS Operation 44
4.5 System Execution 44
4.5.1 The Home Page 45
4.5.2 The Register Page 46
4.5.3 The Login Page 47
4.5.4 The Admin Page 48
4.5.5 The Client Page 49
4.6 System Testing 50
Chapter 5: Summary, Conclusion & Recommendations 54
5.1 Summary 54
5.2 Conclusion 54
5.3 Recommendations 54
References 56
Apendix 59
LIST OF FIGURES
Figure 3.1: Admin Use Case ……….……………………………………………………….31
Figure 3.2: Client Use Case …………………………………………………………….….32
Figure 3.3: Data Flow Diagram…………………………………………………………….33
Figure 3.4: Activity Diagram ……………..………………………………………………..34
Figure 3.5: Admin Flowchart .………………………………………………………….….35
Figure 3.6: Client Flowchart ……………………………………………………………….36
Figure 3.7: System Flowchart …………….……………………………………………….37
Figure 3.8: ER Diagram ………..………………………………………………………….38
Figure 3.9: Database Structure …………………………………………………………….39
Figure 4.1: Home Page …………………………………………………………………….45
Figure 4.2: Register Page ………………………………………………………………….46
Figure 4.3: Login Page …………………………………………………………………….47
Figure 4.4: Admin’s Intrusion Report Page ……………………………………………….48
Figure 4.5: Definition of intrusion Page …….…………………………………………….48
Figure 4.6: Client Page …………………………………………………………………….49
Figure 4.7: SQL injection on Electricity system .. .……………………………………….50
Figure 4.8: Newly detected undefined intrusion ………………………………………….50
Figure 4.9: Backdoor Penetration on SMS System ………..……………………….…….51
Figure 4.10: Undefined Intrusion report ….………………………………………………..52
Figure 4.11: Defined Intrusion Report ..…..………………………………………………53
ABSTRACT
In recent times, it has become a necessity to obtain a security measure for computer networks due to the high influx of perpetrators using the internet for malicious purposes. These perpetrators have caused the system and its users to loose confidential information for their own benefit. This work aims at providing a phenomenal solution to the problem of data intrusion. The research project is specified in the protection of web data intrusion i.e. the data that is stored on different websites or web applications.
The intrusion detection and prevention system makes use of an Artificial Neural Network (ANN) which adopts pattern matching algorithm that compares the current state of the system with the normal state. The Agile System Development Life Cycle (SDLC) was used in the development of the system. For the pattern matching, rules like; back door penetration, brute force attack on password/username, SQL injection and XSS injection were embedded in the system.
The developed system was tested on two different web applications and it successfully detected and prevented intrusions based on the rules that were defined by the Neural Network Intrusion Detection and Prevention System (NNIDPS).
Keywords: Intrusion Detection, Pattern matching, Artificial Neural Network.
Word Count: 188
CHAPTER ONE
INTRODUCTION
1.1 BACKGROUND OF THE STUDY
With the presence of information technology in this age; data can be stored, manipulated, transferred and processed but there are also some agents that want to make use of the data for negative intentions. Intrusions usually occur when unauthorized access is gained by an attacker to a valid users account so as to perform malicious deeds while masquerading as a real user. In order to prevent this, it is advisable to employ the use intrusion prevention and detection systems. An Intrusion detection and prevention system could be a software and/or a hardware that monitors a system or a network of systems against any malicious activity. An intrusion detection and prevention system has two different functions; prevention and detection. Prevention is the act of avoiding the intrusion while detection is observing any malicious activity that is present in a system.
Examples of intrusions include Attempted break-in/ Masquerade attacks which is an attack that uses fake identity to gain unauthorised access to private computer information through legitimate access identification. They are usually detected by a typical behaviour profile or violation of security constraints. This is an example under anomaly based intrusion system. Another example is the penetration of security control systems. This can be an unauthorised simulated attack on a computer system that looks for security weakness, potentially gaining access to the system’s features data. It can be detected by monitoring specific pattern of activity. Also, Leakage is another example of intrusion, this happens when a system reveals some information to unauthorised parties. It can be detected by a typical use of system resources. Malicious software are also intrusions that should be avoided, it can be any software used to disrupt computer operations, gather information and gain access to private systems. It is detected by typical behaviour profiles, violation of security constraints or the use of special privileges.
There are two intrusion detection based methods; Misuse based intrusion detection: which can also be knowledge based detection. (Devikrishna et al, 2013) It searches for activities that are similar to known signatures of intrusions. It detects any abnormal activities and renders any other activity in the system as normal. Its greatest advantage is the presence of low false positives but it is unable to detect unknown attacks, it can only detect attacks that have a pattern in the system. The second method is the Anomaly based intrusion detection which can also be known as behaviour based detection. (Devikrishna et al, 2013) It detects by searching for any abnormal network traffic. It is the opposite of misuse based detection in the sense that rather than detecting abnormal activities, it detects normal activities and renders any other activity as abnormal. It is very good in detecting unknown attacks i.e. doesn’t need prior knowledge of the attack but it has a high rate of false positives.
There are several intrusion detection and prevention systems but this research will be focused on developing a Neural Network Intrusion Detection and Prevention (NNIDP) systems. A neural network is the imitation of the connection of the human brain with the nerve cells of the body. The adaptation of a neural network makes intrusion detection systems more efficient. An NNIDP can be trained to learn patterns in a system so as to detect intrusions by recognizing patterns of intrusions and thereby preventing them. There are three steps involved in making a neural network; pre-process the data, train the network and test the data. (Om & Sarkar, 2010)
1.2 STATEMENT OF THE PROBLEM
The presence and activities of intruders to forcefully gain access to highly classified and private information especially those stored on the database has rapidly increased over time as a result of technological growth. In curbing this, intrusion detection and prevention systems has been developed to detect and prevent intruders who might want to jeopardize system efficiency as a result of intrusion. The pattern recognition ability and machine learning ability of the Artificial Neural Network has brought advanced IDPS which can effectively detect and prevent intruders. Thus the need to develop an advanced Artificial Neural Network Intrusion Detection and Prevention system for combatting intrusions effectively.
1.3 AIM AND OBJECTIVES
The aim of this research is to develop an Intrusion Detection and Prevention System that uses a Neural Network model for the detection and prevention of web attacks. The specific objectives are to:
- Survey web attack methods so as to identify intrusion attempts and aid effective detection of intrusion attempts.
- Design an intrusion detection and prevention system as a third party security software to enhance the intrusion detection and prevention process.
- Develop a robust database that will keep records of intrusion attempts and identify the source thereby preventing the intruders from gaining further access.
- Implement a Neural network technology on the Intrusion Detection System so as to effectively enhance the system.
1.4 METHODOLOGY
To achieve the set objectives, the following methodology will be adopted.
- An extensive literature review will be done so as to determine up-to-date intrusions attacks and attempts and also to acquire suitable tools in developing the IDPS.
- Software development tools like Java Server Pages (JSP), Apache Tomcat, CSS, HTML, and Bootstrap will be used to develop and implement the Intrusion detection and prevention System (IDPS).
- MySQL DBMS will be used to develop the database.
- The Pattern matching algorithm will be adopted in the development of the Neural Network in the IDPS.
1.5 SCOPE OF STUDY
The system will be limited to the detection of web attacks and will only implement pattern matching as the neural network algorithm. The research work will not cover other types of intrusion attacks neither will it cover other ANN algorithms.
1.6 SIGNIFICANCE OF THE STUDY
The successful completion of this project will:
- Add to the already existing solutions in preventing intrusions.
- Improve the security of data especially the ones acquired from websites.
- Highlight diverse web attacks and possible ways of tackling them.
- Prove that pattern matching algorithm can effectively detect and prevent intrusions.
1.7 ORGANIZATION OF CHAPTERS
Chapter one is the introduction to the project. It highlights what the project is about and what will be done in subsequent chapters.
Chapter two is the literature review which will discuss the related works, shed more light on IDPS, enlighten about ANN and web attacks, and discuss different neural network algorithms.
Chapter three is the methodology, it will contain the analysis of the system, the design methodology, the system specifications and requirements.
Chapter four is the design and implementation of the system, it entails all the information about the system, screenshots of the system, description of how the system functions and how it is tested.
Chapter five is the summary, conclusion and further recommendations. It gives a summary of the entire project and also some recommendations.
DISCLAIMER: All project works, files and documents posted on this website, UniProjectTopics.com are the property/copyright of their respective owners. They are for research reference/guidance purposes only and some of the works may be crowd-sourced. Please don’t submit someone’s work as your own to avoid plagiarism and its consequences. Use it as a reference/citation/guidance purpose only and not copy the work word for word (verbatim). The paper should be used as a guide or framework for your own paper. The contents of this paper should be able to help you in generating new ideas and thoughts for your own study. UniProjectTopics.com is a repository of research works where works are uploaded for research guidance. Our aim of providing this work is to help you eradicate the stress of going from one school library to another in search of research materials. This is a legal service because all tertiary institutions permit their students to read previous works, projects, books, articles, journals or papers while developing their own works. This is where the need for literature review comes in. “What a good artist understands is that nothing comes from nowhere. All creative work builds on what came before. Nothing is completely original.” - Austin Kleon. The paid subscription on UniProjectTopics.com is a means by which the website is maintained to support Open Education. If you see your work posted here by any means, and you want it to be removed/credited, please contact us with the web address link to the work. We will reply to and honour every request. Please notice it may take up to 24 – 48 hours to process your request.
