REAL TIME INTRUSION AND WORMHOLE ATTACK DETECTION IN INTERNET OF THINGS
Need help with a related project topic or New topic? Send Us Your Topic
DOWNLOAD THE COMPLETE PROJECT MATERIAL
REAL TIME INTRUSION AND WORMHOLE ATTACK DETECTION IN INTERNET OF THINGS
Chapter One: Introduction
1.1 Background of the Study
We live in a dynamic and data-driven world connected by a series of networks. Such places, like any other structure, have the potential to be vulnerable to infiltration. As a result, there is a need to develop a technology approach to detecting and potentially resolving these breaches.
Machine learning offers a wide range of applications, including picture and audio recognition, general prediction, and online fraud detection. We will employ the features and structure of machine learning ideas to address wormhole infiltration and vulnerabilities.
The most typical intrusion issues or attacks handled by an intrusion system include:
Black hole: This occurs when all incoming traffic is diverted to a single node, which may not forward any traffic at all.
Wormhole Attack: A wormhole attack is a severe attack in which two attackers position themselves strategically within the network.
The attackers then continue to monitor the network and record wireless information.
Routing loop: A loop of operations may be used in a route path, causing no progress.
Network partition: In this instance, the nodes on different sub networks cannot communicate even when a route between them exists, and a connected network is partitioned into k(k>=2) subnetworks.
Selfishness: This occurs when a node does not act as a relay for other nodes.
Sleep deprivation: The battery power of a node is pushed to function until it is depleted.
Denial-of-Service (DoS) occurs when the source node is refused network services such as sending and receiving data packets.
Wormhole intrusion detection systems (NIDS) are often installed at strategic spots throughout the network to monitor traffic to and from all devices. It analyses all traffic coming through the subnet and compares it to a library of known attacks.
When an attack is detected or abnormal behaviour is observed, an alarm can be issued to the administrator. An NIDS could be installed on the subnet where firewalls are located to detect attempts to breach the firewall.
In an ideal world, one would scan all inbound and outbound traffic; nevertheless, doing so may result in a bottleneck that reduces the overall performance of the network. OPNET and NetSim are popular tools for simulating wormhole intrusion detection systems.
NID Systems can also compare signatures for comparable packets to link and delete dangerous identified packets with signatures that match the NIDS data. When we classify the NIDS design based on the system interaction property, we have two types: on-line and off-line NIDS, also known as inline and tap mode.
Online NIDS communicates with the network in real time. It analyses Ethernet packets and uses rules to determine whether or not they are an attack. Off-line NIDS works with saved data and runs it through some algorithms to determine whether it is an attack or not.
NIDS can be integrated with other technologies to improve detection and prediction rates. Because of the self-organizing structure that allows INS IDS to more efficiently recognise intrusion patterns, they are capable of intelligently analysing massive amounts of data.
Neural networks help IDS forecast assaults by learning from mistakes, and INN IDS contribute to the development of a two-layer early warning system. The first layer accepts single values, while the second layer accepts the first layer’s output as input;
the cycle repeats, allowing the system to automatically recognise new unanticipated patterns in the network. Based on research findings from 24 network attacks classified as DOS, Probe, Remote-to-Local, and user-to-root, this system has an average detection and classification rate of 99.9%.
The bulk of intrusion detection systems use one of three methods: signature-based, statistical anomaly-based, or stateful protocol analysis.
Signature-based detection: Signature-based intrusion detection systems (IDS) analyse network packets and compare them to pre-configured and predetermined attack patterns known as signatures.
Statistical anomaly detection: An anomaly-based intrusion detection system will monitor network traffic and compare it to a pre-established baseline. The baseline will establish what is “normal” for that network, such as the bandwidth and protocols used.
It may, however, provide a False Positive alarm for genuine bandwidth usage if the baselines are not appropriately specified.
Stateful protocol analysis detection: This method detects protocol state deviations by comparing observed events to “pre-determined profiles of generally accepted definitions of benign activity”.
MOTIVATION FOR THE STUDY
The study is inspired by the pressing necessity to address network security vulnerabilities in today’s data and information-intensive livelihoods. Another approach is to use the difficult process of machine learning algorithms to enhance network security.
AIMS AND OBJECTIVES OF THE STUDY
The goals and objectives of this study include:
To determine unauthorised access to a computer network
To analyse traffic on a computer network to detect evidence of malicious activity.
To develop a predictive model using machine learning that can discriminate between intrusions, attacks, and typical network connections and activities.
In addition to the foregoing, detect and repel wormhole attacks.
Need help with a related project topic or New topic? Send Us Your Topic