1.1 BACKGROUND OF THE STUDY
With the presence of information technology in this age; data can be stored, manipulated, transferred and processed but there are also some agents that want to make use of the data for negative intentions. Intrusions usually occur when unauthorized access is gained by an attacker to a valid users account so as to perform malicious deeds while masquerading as a real user. In order to prevent this, it is advisable to employ the use intrusion prevention and detection systems. An Intrusion detection and prevention system could be a software and/or a hardware that monitors a system or a network of systems against any malicious activity. An intrusion detection and prevention system has two different functions; prevention and detection. Prevention is the act of avoiding the intrusion while detection is observing any malicious activity that is present in a system.
Examples of intrusions include Attempted break-in/ Masquerade attacks which is an attack that uses fake identity to gain unauthorised access to private computer information through legitimate access identification. They are usually detected by a typical behaviour profile or violation of security constraints. This is an example under anomaly based intrusion system. Another example is the penetration of security control systems. This can be an unauthorised simulated attack on a computer system that looks for security weakness, potentially gaining access to the system’s features data. It can be detected by monitoring specific pattern of activity. Also, Leakage is another example of intrusion, this happens when a system reveals some information to unauthorised parties. It can be detected by a typical use of system resources. Malicious software are also intrusions that should be avoided, it can be any software used to disrupt computer operations, gather information and gain access to private systems. It is detected by typical behaviour profiles, violation of security constraints or the use of special privileges.
There are two intrusion detection based methods; Misuse based intrusion detection: which can also be knowledge based detection. (Devikrishna et al, 2013) It searches for activities that are similar to known signatures of intrusions. It detects any abnormal activities and renders any other activity in the system as normal. Its greatest advantage is the presence of low false positives but it is unable to detect unknown attacks, it can only detect attacks that have a pattern in the system. The second method is the Anomaly based intrusion detection which can also be known as behaviour based detection. (Devikrishna et al, 2013) It detects by searching for any abnormal network traffic. It is the opposite of misuse based detection in the sense that rather than detecting abnormal activities, it detects normal activities and renders any other activity as abnormal. It is very good in detecting unknown attacks i.e. doesn’t need prior knowledge of the attack but it has a high rate of false positives.
There are several intrusion detection and prevention systems but this research will be focused on developing a Neural Network Intrusion Detection and Prevention (NNIDP) systems. A neural network is the imitation of the connection of the human brain with the nerve cells of the body. The adaptation of a neural network makes intrusion detection systems more efficient. An NNIDP can be trained to learn patterns in a system so as to detect intrusions by recognizing patterns of intrusions and thereby preventing them. There are three steps involved in making a neural network; pre-process the data, train the network and test the data. (Om & Sarkar, 2010)
1.2 STATEMENT OF THE PROBLEM
The presence and activities of intruders to forcefully gain access to highly classified and private information especially those stored on the database has rapidly increased over time as a result of technological growth. In curbing this, intrusion detection and prevention systems has been developed to detect and prevent intruders who might want to jeopardize system efficiency as a result of intrusion. The pattern recognition ability and machine learning ability of the Artificial Neural Network has brought advanced IDPS which can effectively detect and prevent intruders. Thus the need to develop an advanced Artificial Neural Network Intrusion Detection and Prevention system for combatting intrusions effectively.
1.3 AIM AND OBJECTIVES
The aim of this research is to develop an Intrusion Detection and Prevention System that uses a Neural Network model for the detection and prevention of web attacks. The specific objectives are to:
- Survey web attack methods so as to identify intrusion attempts and aid effective detection of intrusion attempts.
- Design an intrusion detection and prevention system as a third party security software to enhance the intrusion detection and prevention process.
- Develop a robust database that will keep records of intrusion attempts and identify the source thereby preventing the intruders from gaining further access.
- Implement a Neural network technology on the Intrusion Detection System so as to effectively enhance the system.
To achieve the set objectives, the following methodology will be adopted.
- An extensive literature review will be done so as to determine up-to-date intrusions attacks and attempts and also to acquire suitable tools in developing the IDPS.
- Software development tools like Java Server Pages (JSP), Apache Tomcat, CSS, HTML, and Bootstrap will be used to develop and implement the Intrusion detection and prevention System (IDPS).
- MySQL DBMS will be used to develop the database.
- The Pattern matching algorithm will be adopted in the development of the Neural Network in the IDPS.
1.5 SCOPE OF STUDY
The system will be limited to the detection of web attacks and will only implement pattern matching as the neural network algorithm. The research work will not cover other types of intrusion attacks neither will it cover other ANN algorithms.
1.6 SIGNIFICANCE OF THE STUDY
The successful completion of this project will:
- Add to the already existing solutions in preventing intrusions.
- Improve the security of data especially the ones acquired from websites.
- Highlight diverse web attacks and possible ways of tackling them.
Prove that pattern matching algorithm can