Online Intrusion Detection System using C4.5 Algorithm...
Transcript of Online Intrusion Detection System using C4.5 Algorithm...
Internet
IDS and
director
Honeypot DB
Production system
Sensor andmonitor
Alerting anddirectorication
Detection andclassif
Analysis andlog module
FTP serverport (21, 20)
HTTP serverport (80)
DNS serverport (53)
Telnetport (23, 90, 40, 100)
Suspicious traf?c
Database forsave logs
Traffic Extract IP
Search list
Is IP exit in list?
Detection model
Database store
suspicious IP
Production system Honeypot system
United StatesCanadaChinaMauritiusUnited KingdomSpainGermanyFrance
Table 1: Number of connection to honeypot from specific countryCountry No. of IPsUnited States 651Canada 17China 10Mauritius 6United Kingdom 6Spain 4Germany 3France 2
Table 2: Ports with highest number of connectionsConnections Local honeypot port72 80152 1422168 43254 82471 1375920 781208 625587 5416416 4234968 1442
(1)
100
90
80
70
60
50
40
30
20
10
00.01% 0.01% 0.01% 0.00% 0.01%
5000 7400 9999 12498 24996
99.58% 99.56% 99.62% 99.54% 99.55%
DRA
Perc
enta
ge
100
90
80
70
60
50
40
30
20
10
00.00% 0.00% 0.00% 0.00% 0.00%
24995 37493 39992 42492 44991
99.75% 99.77% 99.77% 99.78% 99.79%