Observation and Findings

Transcription

1 Chapter 6 Observation and Findings 6.1. Introduction This chapter discuss in detail about observation and findings based on survey performed. This research work is carried out in order to find out network security related issues and to find challenges to intrusion detection system Observation and findings based on survey 1. Intrusion detection systems are highly required to ensure computer network security. 93% companies agree or strongly agree that IDS intrusion detection system is must for computer network security, Most important fact observed about network security is no single solution protects system from a variety of threats. There is need of multiple layers of security. If one fails, others still stand.network security is accomplished through hardware and software. A network security system usually consists of many components. Ideally, combined and layered approach minimizes maintenance and improves network security. In order to strengthen the security, single tool do not provide foolproof solution. Hence a firewall and antivirus must go together with Intrusion Detection Tools. 2. Anomaly Based IDS are more suitable than Signature Based IDS for intrusion detection purpose organization. 80% companies,agree or strongly agree that Anomaly Based IDS are more suitable for our organization than Signature Based IDS. Anomaly based intrusion detection system identify valid network activity, so it allow only 156

2 valid activity and make detection of abnormal activity in data. Anomaly detection refers to storing features of normal behaviors into knowledgebase and compares current behavior with those in knowledgebase. Anomaly detection mainly involves the creation of knowledge bases and anomaly detection. Whereas signature based system works on signatures. Signatures are patterns to known attacks or misuses of systems. Signature detection mainly searches for signature,signatures are specific to known attacks and they are stored in signature database. It advances in the high speed of detection and low percentage of false alarm. However, it fails if signature is missing in signature database, so it cannot detect the numerous new attacks. 3. The most critical security threat to computer network security is unauthorized access. 63% respondents identifies most critical security threat is Unauthorized access. Unauthorized access usually refers to gaining access to any computer or network without authorization. Usually such access is obtained by extending existing privileges or stealing privileges. This is most serious security threat. 4. False alarm about intrusion is the most challenging factor to monitor intrusions using IDS Most critical challenge for intrusion detection system as per 53% pune IT industrial units are false alarm generation. False alarm refers to two types of alerts first is False positive (FP) and second is false negative. False positive means network traffic is normal but identified attack whereas false negative means network traffic has attack but identified normal. Both the cases causes compromise with reliability IDS. False alarm is inversely proportional to accuracy i.e. more the false alarm; less is the accuracy. 5. Accuracy of intrusion detection is most important parameter while selecting IDS (intrusion detection system) for the security management of your organization. 77% of pune IT industrial units says Accuracy of intrusion detection is most important. Accuracy is the proportion of the total number of predictions that 157

3 were correct; accuracy is also represented through correctly classified instances. It shows the percentage of test instances that were correctly classified. The percentage of correctly classified instances is often called accuracy or sample accuracy. 6. Security attacks are viable on any computer connected through network 87% companies agree or strongly agree that there is strong possibility of security attack to computer. IT industries consider that intrusion attacks are viable on computers.any computer connected through network has possibility of intrusion attack. An intrusion attack is realization of threat, the harmful action aiming to find and exploit the system vulnerability. Computer attacks causes various affect to computer ; attack destroy or access unauthorized data, may involve destroying or accessing data, threaten the computer by degrading its performance. Computer and network attacks have evolved greatly over the last few decades. The attacks are increasing in number and also improving in their strength and sophistication. The detection of intrusions in network traffic is a challenging task. In order to deal with inherent challenges, such as the ever changing environment and increasing levels of threats, there is a need for different perspectives and alternative approaches to secure systems. 7. Conf identical data is stored on the computers of IT industrial units. 59% companies agree or strongly agree that highly confidential data is stored on the computers. Security is mandatory because confidential data is stored on the computers. 8. Network security is associated with cost (hardware cost, software cost, maintenance cost, cost of data loss, cost of incorrect decision making). Compromise with security is associated with cost. 100% companies agree or strongly agree that Computer network security is very essential because Compromise with security affects cost. Compromise with security has financial consequences. Network security is associated with 158

4 cost (hardware cost, software cost, maintenance cost, cost of data loss, cost of incorrect decision making). 9. Antivirus and firewall together do not provide full proof solution to network security. 64% companies consider that Antivirus and firewall together do not provide full proof solution to network security. Network Security Management process mainly involves components like antivirus, firewall and intrusion detection system. Antivirus, is one of most important factor of computer network security. Anti-virus prevents and gets rid of viruses. A virus programme presents harmful software from installing and damaging computer. Antivirus software protects the computer from infected files. Antivirus detects the infections in the system and heals it, depending on the updated version. Other important factor of computer network security is firewall. Firewalls act as a barrier between corporate (internal) networks and the outside world (Internet), and filter incoming traffic according to a security policy. Firewalls are not completely foolproof. A firewall generally makes pass-deny decision on the basis of allowable network addresses. Intrusion detection is a passive approach to security as it monitors information systems and raises alarms when security violations are founded. Examples for security violations contain the abuse of privileges or the use of attacks to exploit software or protocol vulnerabilities. The detection of intrusions in network traffic flows and host activities is a challenging task. In order to deal with inherent challenges, such as the ever changing environment and increasing levels of threats, we clearly need different perspectives and alternative approaches to secure our systems - the approaches that can adapt to drifting concepts and provide flexibility when the systems are targeted. 159

5 6.3. Observation and findings based on experiments 1. Data mining provides useful alternative for anomaly based intusion detection 2. Decision tree based methods perform better than baysian method and rule based methods when used for intrusion detection.accuracy of J48 method gives high accuracy. 3. Information gain based feature selection methods are suitable for data preprocessing before intrusion detection. 4. Ensemble methods give slow performance for intrusion detection. 5. Supervised algorithm provides accurate predictions about intrusion attack Chapter summary From the overall observation and findings it can be said that computer network security is very essential because highly confidential data is stored on computers and compromise with security causes financial consequences. Intrusion detection systems are very indispensable for computer network security. For intrusion detection usability depends upon the accuracy of detection. So there is need to develop intrusion detection framework which provides higher accuracy. 160