Misbehaving activity detection using RSS with MAC

Saravavan T, Lalith kumar B,Santhosh Kumar A.

Department of Information Technology, Jeppiaar Engineering College, Chennai, India

ABSTRACTIn Distributed networks are vulnerable to spoofing attacks, which allows for many other forms of attacks on the networks. Although the identity of a node can be verified through cryptographic authentication, authentication is not always possible because it requires key management and additional infrastructural overhead. In this paper we propose a method for both detecting spoofing attacks, as well as locating the positions of adversaries performing the attacks. We first propose an attack detector for network spoofing that utilizes MAC (Media access Control) and RSS (Received Signal strength) analysis. Next, we describe how we integrated our attack detector into a real-time indoor localization system, which is also capable of localizing the positions of the attackers. We then show that the positions of the attackers can be localized using either area-based or point-based localization algorithms with the same relative errors as in the normal case. Our results show that it is possible to detect network spoofing with both a high detection rate and a low false positive rate,

KEYWORDS:MAC,RSS,spoofing.

1.INTRODUCTION:

Multivariate correlation analysis is a method used for detecting the IP spoofing by Triangle Area Based principle for protecting the legitimate user. It briefly uses the concept of multithreading for providing services to the clients. Correlation is a statistical principle used for Portfolio management in order to prevent the unauthorized user from accessing the network service Cloud service providers offer users efficient and scalable data storage services with a much lower marginal cost than traditional approaches . DOS(denial of service) can take place by using the IP spoofing method which disrupts the normal flow of the network. Several measures are used to prevent IP spoofing, one of the most important concept used in this project is RSS with MAC. MAC address istypically used as a unique identifier for all the nodes on the network. The objective of our project Anomaly detection system based on entropy and entropy rate to detect DDoS attack in Grid environment. We use normalized entropy which calculates the over all probability distribution in the captured flow in our algorithm to get more accurate result. The aim of attack detection and recovery is to detect DDoS attack before it affects the end user .Intrusion detection systems are widely used for DDoS detection. An Intrusion detection system (IDS) is software and/or hardware which will monitor the network or a computer system for suspicious activity and alerts the system manager or network administrator. We can classify the IDS based the target of implementation as host based and network based. The technique adopted by IDS for intrusion detection classifies IDS in to two types signature based and anomaly based.

2.RELATED WORK:

Many system and techniques are used to find the Misbehaving activity and detect it.

Vern Paxon developed a system called "Bro" a system for finding a network attacker in real time. It is a independent system that highlights real time, hign speed monitoring.

D.E.Denning proposed a system "An Intrusion Detection Model" used for detecting break-ins penetrations and the computer stealing is described.

G.Thatte,U.Mitra developed a system"Parametric Methods for Anamoly detection in Agregate traffic" used a probability distribution statistics for identifying the events during the overload of IP addess.

3.PROPOSED SYSTEM:

we proposed a method for detecting spoofing attacks as well as localizing the adversariesin network and sensor networks. In contrast to traditional identity-oriented authentication methods, our RSS based approach does not add additional overhead to the network devices and sensor nodes. We formulated the spoofing detection problem as a classical statistical significance testing problem. We then utilized the MAC(Media access Control) and RSS(Received Signal strength) cluster analysis to derive the test statistic. Further, we have built a real-time localization system and integrated our spoofing detector into the system to locate the positions of the attackers and as a result to eliminate the adversaries from the network.

4.SYSTEM MODEL:

In this module, Multipath routing is considered an effective mechanism for fault and intrusion tolerance to improve data delivery in WSNs. The basic idea is that the probability of atleast one path reaching the sink node or base station increases as we have more paths doing data delivery. we have to create the user interface for establishing the connection between the sender and the receiver. Here the user has to prepare the data that has to send to the particular destination. For every transaction, user interface is the main part for establishing connection between the sender and the receiver

In a system, every processor has been provided a unique MAC address that cannot be duplicated. we have found that the distance between the centroids in signal space is a good test statistic for effective attack detection.All the Client nodes always login with our Specific IP and MAC addressattackers can't easily forge their MAC address so they can avoid IP spoofing attacks.Due to the open-nature of the wireless medium, it is easy for adversaries to monitor communications tofind the layer-2 Media Access Control (MAC) addresses of the other entities. Recall that the MAC address is typically used as a unique identifier for all the nodes 2 on the network. The Module Architecture given below define several steps involved in the detection process.This module continuously monitoring the all request from the Client. When the request is coming, it identifies the IP address with MAC address and stored in cache and starts counting the request from the same IP address and also maintains the timer. More than 20 requests within one second from same IP address are considered as DDOS attack. Then the IP address is blocked for certain time periods (e.g. 5 minutes).

.

5 SYSTEM TESTING AND IMPLEMENTATION

5.1 INTRODUCTION

Software testing is a critical element of software quality assurance and represents the ultimate review of specification, design and coding. In fact, testing is the one step in the software engineering process that could be viewed as destructive rather than constructive.

A strategy for software testing integrates software test case design methods into a well-planned series of steps that result in the successful construction of software. Testing is the set of activities that can be planned in advance and conducted systematically. The underlying motivation of program testing is to affirm software quality with methods that can economically and effectively apply to both strategic to both large and small-scale systems.

5.2. STRATEGIC APPROACH TO SOFTWARE TESTING

The software engineering process can be viewed as a spiral. Initially system engineering defines the role of software and leads to software requirement analysis where the information domain, functions, behavior, performance, constraints and validation criteria for software are established. Moving inward along the spiral, we come to design and finally to coding. To develop computer software we spiral in along streamlines that decrease the level of abstraction on each turn.

A strategy for software testing may also be viewed in the context of the spiral. Unit testing begins at the vertex of the spiral and concentrates on each unit of the software as implemented in source code. Testing progress by moving outward along the spiral to integration testing, where the focus is on the design and the construction of the software architecture. Talking another turn on outward on the spiral we encounter validation testing where requirements established as part of software requirements analysis are validated against the software that has been constructed. Finally we arrive at system testing, where the software and other system elements are tested as a whole.

5.3 Bar chart:

6.CONCLUSION AND FUTURE WORK:

This paper has presented the detection process using the RSS and MAC address. The former system is inadequate for IP-spoofing so we are implementing the MAC which can't be spoofing. The RSS will help to authenticate in eliminating the hacker from the network by using the weight of the signal. By implementing this system the legitimate user will not be affected. The Multivariate Correlation Analysis uses Triangle-Area Based method. The system is verified using KDD cup99 process

The future work can be done on the DOS detection system and make the network safer from the unauthorized user

.

7.REFERENCES:

[1] V. Paxson, “Bro: A System for Detecting Network Intruders in Real-Time,” Computer Networks, vol. 31, pp. 2435-2463, 1999.

[2] P. Garca-Teodoro, J. Daz-Verdejo, G. Maci-Fernndez, and E. Vzquez, “Anomaly-Based Network Intrusion Detection: Techniques, Systems and Challenges,” Computers and Security, vol. 28, pp. 18-28, 2009.

[3] D.E. Denning, “An Intrusion-Detection Model,” IEEE Trans. Software Eng., vol. TSE-13, no. 2, pp. 222-232, Feb. 1987. [4] K. Lee, J. Kim, K.H. Kwon, Y. Han, and S. Kim, “DDoS Attack Detection Method Using Cluster Analysis,” Expert Systems with Applications, vol. 34, no. 3, pp. 1659-1665, 2008.

[5] A. Tajbakhsh, M. Rahmati, and A. Mirzaei, “Intrusion Detection Using Fuzzy Association Rules,” Applied Soft Computing, vol. 9, no. 2, pp. 462-469, 2009.

[6] J. Yu, H. Lee, M.-S. Kim, and D. Park, “Traffic Flooding Attack Detection with SNMP MIB Using SVM,” Computer Comm., vol. 31, no. 17, pp. 4212-4219, 2008.

[7] W. Hu, W. Hu, and S. Maybank, “AdaBoost-Based Algorithm for Network Intrusion Detection,” IEEE Trans. Systems, Man, and Cybernetics Part B, vol. 38, no. 2, pp. 577-583, Apr. 2008.

[8] C. Yu, H. Kai, and K. Wei-Shinn, “Collaborative Detection of DDoS Attacks over Multiple Network Domains,” IEEE Trans. Parallel and Distributed Systems, vol. 18, no. 12, pp. 1649-1662, Dec. 2007.

[9] G. Thatte, U. Mitra, and J. Heidemann, “Parametric Methods for Anomaly Detection in Aggregate Traffic,” IEEE/ACM Trans. Networking, vol. 19, no. 2, pp. 512-525, Apr. 2011.

[10] S.T. Sarasamma, Q.A. Zhu, and J. Huff, “Hierarchical Kohonenen Net for Anomaly Detection in Network Security,” IEEE Trans. Systems, Man, and Cybernetics, Part B: Cybernetics, vol. 35, no. 2, pp. 302-312, Apr. 2005.