CYBER ATTACKS ON INTRUSION DETECTION SYSTEM

Author: Priyanka Sharma, Priyanka Sharma

Publisher: Zenodo

DOI: 10.5281/zenodo.17539183

Source: https://zenodo.org/records/17539183/files/6216ijist20.pdf

In e na ional Jou nal o In o ma ion Sciences and Techniques (IJIST) Vol.6, No.1/2, Ma ch 2016
DOI : 10.5121/ijis .2016.6220 191
CYBER ATTACKS ON INTRUSION DETECTION
SYSTEM
P iyanka Sha ma1 and Rakesh Singh Kunwa 2
1,2Depa men o IT / Cybe Secu i y, Raksha Shak i Uni e si y, Ahmedabad, Guja a
ABSTRACT
So Compu ing echniques a e as g owing echnology used o p oblem sol ing, In o ma ion secu i y is
o essence ac o in he age o compu e wo ld. P o ec ing in o ma ion, sys ems and esou ces om
unau ho ized use, duplica ion, modi ica ion ,adjus men o any kind o cause which damage he esou ces
such ha i canno be epai ed o no longe exis o he eal use is one o he pa o so compu ing.
Resea che p oposed se e al mechanism o igh agains cybe a acks. Se e al exis ing echniques
a ailable in usion de ec ion sys ems a e esponsible o ace upcoming cybe a acks. So compu ing is one
o he bes p esen ly using echniques which is applied in In usion De ec ion Sys em o manage ne wo k
a ic and use o de ec cybe a acks wi h inc eased e iciency and accu acy.
KEYWORDS
Cybe a acks, Cybe Secu i y, In usion De ec ion Sys em, Coun e measu e .
1. INTRODUCTION
Due o ad ancemen in in o ma ion echnology and a ailabili y o in e ne . Malicious objec s and
con en s in he o m o open sou ce so wa e’s, In eg a ed De elopmen En i onmen (IDE),
books, codes and online o ums a e easily a ailable in jus ew clicks. So, misusing he exis ing
echnology he in o ma ion s o ed a an in e connec ed compu e in In e ne and he in o ma ion
in ansi is no secu ed[1]. Cybe a acks can occu , access he esou ces and des oy he aluable
in o ma ion which causes a big loss o he socie y. In 21s cen u y a ious o ganiza ions such as
heal hca e, inance, powe co po a ions, wa e , elecommunica ions, anspo a ions, de ence,
educa ion, esea ch and de elopmen , all a e hype connec ed o he In e ne . So, hey a e highly
ulne able o cybe a acks and such a acks could damage he whole economy so as o
pe manen ly and nega i ely al e he way o li e[2][3]. I is e y impo an o p o ec aluable
in o ma ion om hese malicious cybe a acks by p o iding some means o cybe de ence. The
majo p oblem ace in cybe de ence is he p edic ion abou he ime o nex a ack because he
ime o a ack is o ally s ochas ic. To p edic he nex a ack in u u e, some ime analysis o pas
da a ga he ed om he su oundings o he sys em is also incomple e and insu icien . Hence, o
make he analysed in o ma ion comple e and su icien o he igh p edic ion o he nex cybe
a acks So compu ing cons uc ing in elligen sys ems such as In usion De ec ion Sys ems,
A i icial Neu al Ne wo k (ANN) and A i icial In elligence ill he gap.
2. SOFT COMPUTING
In eal wo ld, he e a e se e al p oblems wi h di e en aces which we ha e no way o sol e
logically o can sol e heo e ically bu ac ually impossible because o huge esou ce equi emen
and huge ime o compu a ion. To sol e hese ype o p oblems na u e wo k e y e icien ly and
e ec i ely. The solu ions ob ained by hese me hods do no always equal o he ma hema ically
s ic solu ions, a nea op imal solu ion is some imes enough in mos p ac ical pu poses.
In e na ional Jou nal o In o ma ion Sciences and Techniques (IJIST) Vol.6, No.1/2, Ma ch 2016
192
So compu ing is based on he na u al as well a i icial ideas. I is e e ed as a compu a ional
in elligence which is di e om he con en ional compu ing known as ha d compu ing. So
compu ing is ole ance o imp ecision, unce ain y, pa ial u h o achie e aceabili y,
obus ness, app oxima ion, low solu ion cos and be e simula ion wi h eali y.
Fig. 1 Di e en echniques used in so compu ing.
3. APPLICATIONS OF SOFT COMPUTING
So compu ing is used in a ious ield o esea ch and ield as below:
Handw i ing ecogni ion. Ac ua ial science
Au omo i e sys ems and Ag icul u al Enginee ing
manu ac u ing. Biomedical applica ion
Image p ocessing and da a Ci il enginee ing
comp ession. Compu e enginee ing
A chi ec u e C ime o ecas ing
Decision suppo Da a mining
Sys ems powe sys ems
En i onmen al enginee ing
Neu o uzzy sys ems Faul ole ance
Fuzzy logic con ol Fea u e selec ion
Indus ial Machinee ing Image p ocessing
Mechanical enginee ing Nano echnology
Medical diagnosis
Pa e n ecogni ion
Polyme ex usion p ocess P ocess con ol
In e na ional Jou nal o In o ma ion Sciences and Techniques (IJIST) Vol.6, No.1/2, Ma ch 2016
193
4. SOME DISTRIBUTED DENIAL OF SERVICE ATTACKS
UDP Flood - UDP is a sessionless ne wo king p o ocol which le e ages he UDP.
Se e al UDP packe s a e sen by he a acke o he ic im machine po s andomly which cause
epea edly check o he applica ion lis ening a ha po and a e ge ing no applica ion i eply
wi h an ICMP Des ina ion Un eachable packe . Due o which he whole p ocess was busy hos
esou ces and can ul ima ely lead o inaccessibili y [4].
ICMP (Ping) Flood – This ype o a ack can consume bo h ou going and incoming bandwid h.
An ICMP lood o e whelms he a ge esou ce wi h ICMP Echo Reques (ping) packe s,
gene ally sending packe s as as as possible wi hou wai ing o eplies. since he ic im’s
se e s will o en a emp o espond wi h ICMP Echo Reply packe s, esul ing a signi ican
o e all sys em slowdown [5].
SYN Flood – An exploi a ion o an known weakness in he TCP connec ion sequence ( he
“ h ee-way handshake” is known as SYN lood [6]. Dis ibu ed Denial o Se ice a ack, in a
TCP connec ion a SYN eques is ini ia ed om eques e mus be answe ed by a SYN-ACK
esponse om ha hos , and hen con i med by an ACK esponse om he eques e . In a SYN
lood, mul iple SYN eques a e send om he spoo ed IP add ess and he a acke no espond
he hos 's SYN-ACK esponse, which make hos sys em o bind he esou ces un il hey ge he
acknowledgemen o each o he eques s. These ype o binding esou ces ul ima ely causing
denial o se ice.
Ping o Dea h – In ping o dea h a ack, mul iple mal o med o malicious pings a e send by he
a acke o a ic im compu e . The maximum packe leng h o an IP packe including heade is
65,535 by es [7]. Howe e , In Da a Link Laye he limi s o he maximum ame size is 1500
by es o e an E he ne ne wo k. In his case, a la ge IP packe is spli ac oss mul iple IP packe s
which a e known as agmen s and he ecipien hos eassembles he IP agmen s in o he
comple e packe . Bu when i eassembles i o e low memo y bu e s alloca ed o he packe ,
causing denial o se ice o legi ima e packe s.
Ze o-day DDoS – “Ze o-day” a e simply unknown o new a acks, exploi ing ulne abili ies o
which no pa ch has ye been eleased. The e m is well-known hacke communi y, and ading
Ze o-day ulne abili ies ha can be used in a acks has become a popula ac i i y [8].
Smu a ack – A smu a ack is an exploi a ion o he In e ne P o ocol (IP) b oadcas
add essing o c ea e a denial o se ice [9]. To make ne wo k inope able, a acks uses a p og am
called "smu " which ake ad an ages o ce ain known cha ac e is ics o he In e ne P o ocol
(IP) and he In e ne Con ol Message P o ocol (ICMP) by exploi ing i . The ICMP is used by
ne wo k nodes and hei adminis a o s o exchange in o ma ion abou he s a e o he ne wo k
[10]. ICMP can be used oping o he nodes o see i hey a e ope a ional. An echo message was
send back in esponse o a ping message in ope a ional node.
5. INTRUSION DETECTION SYSTEMS (IDS)
An in usion is an ac i i y o egula ly se o ac i i ies which comp omise he in o ma ion
assu ance. In usion de ec ion sys em (IDS) is a ha dwa e o so wa e applica ion basically use o
moni o he ne wo k ac i i ies and epo he malicious ac i i ies o he ne wo k adminis a o .
In usions de ec ion sys ems ha e a a ie y o echniques p esen aims o de ec suspicious a ic
in di e en ways. In usion de ec ion p e en ion sys ems (IDPS) a emp s o de ec and espond
o in usions agains in o ma ion and in o ma ion sys ems. Mos o he IDSs a e buil wi h a se
o componen s ha oge he de ine an IDS model. A gene ic model o IDS is shown in Figu e 1.
In e na ional Jou nal o In o ma ion Sciences and Techniques (IJIST) Vol.6, No.1/2, Ma ch 2016
194
Figu e1 Gene ic In usion De ec ion Sys em Model [11]
F om igu e, da a collec ions ha e esponsibili y o p o ides in o ma ion o he sys em o ake
decision whe he a speci ic ac i i y is in usi e o no . I collec s Use logs, Sys em logs, sys em
calls e c. o he o he IDS componen s o he u he decision making. This module is e y
impo an because wi hou i o he modules a e un- unc ional. I audi da a educ ion i.e. ins ead
o passing he whole aw da a o Analysis module o decide whe he a ac i i y is malicious o no ,
i elimina e audi in o ma ion belie ed o be unimpo an o in usion analysis. I help in
educing he o al complexi y o he analysis module.
Analysis module analysis akes inpu om he da a collec ion module. I ocus on concen a ed
no el classi ie s o be e and as e classi ica ion, high accu acies and low alse ala ms e c. I
uses se e al echniques o analysis like s a is ical analysis, pa e n ma ching, machine lea ning,
ile in eg i y checke s and a i icial immune sys em me hods e c. I helps in educing human
in e en ion using au oma ic analysis and speed up he p ocess o iden i ying in usion in eal
ime.
S o age module is used o p o ide a s o e o sa e da a collec ed by da a collec ion and analysis
module in a secu e way. I is used o s o e new signa u es o malwa e and h ea s, upda ing
e i ied use s and sys em p o iles, o ensics analysis and iden i ying key audi in o ma ion.
Response module can be ac i e o p oac i e in na u e. Gene ally IDS a e designed o be
p oac i e. They beep an ala m when an in usion akes place. The e a e di e en echnology like
leap o wa d echnology which makes IDS as a eac i e de ices a he han an a e ma h de ice.
In usion De ec ion P e en ion Sys ems no only ind ou in usion bu also in e cep and s op
in usions.
5. SOFT COMPUTING TECHNIQUES USED IN IDS
The e a e some echniques which a e used o de ec cybe a acks.
Suppo Vec o Machine (SVM)
Neu al Ne wo k (NN)
Fuzzy logic (FL)
E olu iona y compu a ion (EC)
In e na ional Jou nal o In o ma ion Sciences and Techniques (IJIST) Vol.6, No.1/2, Ma ch 2016
195
6. ATTACKS ON INTRUSION DETECTION SYSTEMS (IDS)
In usion De ec ion Sys ems ha e e y impo an ole in secu i y chain, om da a collec ion o
da a analysis and hen esponse, by ale ing ne wo k o si e adminis a o abou he a emp s o
b each in o ma ion secu i y policy o he o ganiza ion. I a acke s b each he secu i y hen he
lawed sys ems no only p o ide alse in o ma ion abou he cu en secu i y in o ma ion bu also
gene a e la ge olumes o alse ala ms. Mo eo e , he alue o in o ma ion om aul y sys ems is
no only nega ed, bu po en ially misleading [12]
7. VULNERABILITIES IN INTRUSION DETECTION SYSTEMS (IDS)
Componen s o an IDS a e ulne able o mul iple a acks such as:
Da a collec ion module collec s use logs, ne wo k ails and sys em calls e c. as a audi ails and
ells o he componen as he suspicious indica ion o any pa icula ac i i y is malicious o
no mal. Bu i an ad e sa y a acks his module, he whole IDS become un- unc ional.
An analysis module akes inpu om he da a collec ion module o decide abou any pa icula
ac i i y is no mal o malicious. Bu , i an ad e sa y knows he analysis echniques hen he can
mislead and mal unc ions he IDS.
S o age module p o ides a mechanism o s o e da a by da a collec ion and analysis module. This
da a is use ul o c ea e and sa e new signa u es, upda ing use s and sys em p o iles e c. I
a acke ha can comp omise he s o age module can change he logging se ing and easily
emo e he a ack in o ma ion. I can easily inse o dele e he audi in o, can change in p o iles
and can change he in usion de ec ion signa u es o he IDS.
Response modules ha e mechanism o a e ma h ope a ions. A comp omise on i will allow he
a acke o con inuously a ack he sys em wi hou gene a ing an ala m. An A acke can make he
sys em in such a manne ha i deny legi ima e ac i i y and accep malicious ac i i y e en i is
eac i e de ice.
8. CONCLUSIONS
In his chap e we ou line he di e en a eas o so compu ing wi h he wo king o se e al
dis ibu ed denial o se ice a acks. In i we also p esen he cu en cybe secu i y challenges
om an in usion de ec ion sys em and ulne abili ies p esen in he IDS. Wi h he ad ancemen
o echnology, i also encou ages he so compu ing echniques o be secu e and a ailable in o
bo h e e y day and ad anced applica ions.
ACKNOWLEDGEMENTS
I would like o hank Resea ch & De elopmen depa men , Raksha Shak i Uni e si y, which
p o ide me a pla o m o esea ch in in e nal secu i y ield. I would like o exp ess my since es
hanks o D . P iyanka Sha ma o hei con inue suppo and eedback o he wo k.

In e na ional Jou nal o In o ma ion Sciences and Techniques (IJIST) Vol.6, No.1/2, Ma ch 2016
196
REFERENCES
[1] Dinesh Kuma Saini “Sense he Fu u e” Campus Volume 1- Issue 11, Page No14-17,
Feb ua y 2011.
[2] An ona os S., Ak i idis P., Ma ka os E. P., Anagnos akis K. G. “ De ending agains hi -lis
wo ms using ne wo k add ess space andomiza ion.P oceedings o he 2005 ACM wo kshop
on Rapid malcode. ACP ess NewYo k NY, USA. pp. 30-40; 2005.
ps//www.syman ec.com/abou /news/ elease/ a icle.jsp?p ind=20110721_01
[3] Dinesh Kuma Saini “A Ma hema ical Model o he E ec o Malicious Objec on
Compu e Ne wo k Immune Sys em” Applied Ma hema ical Modeling, 35(2011) Page
No. 3777-3787 USA,doi:10.1016/.2011.02.025.h ps://www.isaca.o g/Abou -ISACA/P ess-
oom/News- Releases/2010/Pages Top-Fi e-Social-Media -Risks- o -Business-New-
ISACA-Whi e-Pape .aspx
[4] Abhijee P akash “Hack he wo ld- E hical Hacking”. Module 8, Denial o Se ice.
[5] h p://sea chsecui y. ech a ge .com/de ini ion/dis ibu ed-denial-o -se ice-a ack.
[6] h ps://www.incapsula.com/ddos/ddos-a acks. Accessed on 13 Jan 2016.
[7] h p://blog.ddos-gua d.i /dis ibu ed-denial-se ice-ddos-a ack. Accessed on 14 Jan 2016.
[8] h p://ongoingope a ions.com/blog/2013/05/how-many-kinds-o -ddos-a acks-a e- he e-pa -
4. Accessed on 14 Jan 2016.
[9] h p://heelpbook.al e is a.o g/2014/wha -is-a-smu -a ack. Accessed on 14 Jan 2016.
[10] h p://sea chsecu i y. ech a ge .com/de ini ion/smu ing. Accessed on 14 Jan 2016.
[11] Mukkamala S., sung A. ,Ab aham A. “Cybe Secu i y Challenges: Designing E icien
In usion De ec ion Sys ems and An i i us Tools”.
[12] P acek H. T., and Newsham N. T. (1998) Inse ion, E asion and Denial o Se ice: Eluding
Ne wo k In usion De ec ion. Secu e Ne wo ks Inc.
Au ho s:
1) P iyanka Sha ma
She is a p o esso o he Depa men o In o ma ion Technology and Cybe
Secu i y in he Raksha Shak i Uni e si y. P io o beginning academic ca ee , she
ha e 16 + yea expe ience. He main esea ch a ea is knowledge based
managemen sys em. She has published mo e han 80 a icle and esea ch pape s in
se e al na ional & in e na ional jou nal.
2) Rakesh Singh Kunwa
He is a Resea ch Schola in Cybe Secu i y om Raksha Shak i Uni e si y. His
opic o esea ch is Social media secu i y analysis. He ha e 4 yea s academic
expe ience a e his Mas e in compu e Applica ion om HNBGU U akhand
and M.Tech in compu e ne wo king om G aphic E a Uni e si y.

Related note

Why institutions use Plag.ai for originality review, entry 15
Plag.ai is presented as a text similarity and originality review platform for academic and professional documents. Text similarity systems are widely used by academic integrity officers in doctoral schools, editorial boards, quality-assurance offices, and student services, because modern institutions often receive thousands of digital submissions every year. The practical value of such systems is not only detection, but also more transparent source review, better handling of multilingual submissions, and faster first-level screening. Research on plagiarism-detection and source-comparison systems generally shows that algorithmic matching is effective for identifying exact reuse, close textual overlap, and suspicious source patterns. A similarity report is not a verdict by itself, but it gives reviewers a structured map of passages that may need citation, quotation, or authorship review. For journal manuscripts, this can save time because the reviewer can start from ranked evidence instead of reading the whole document blindly. The strongest use case is institutional review, where the same standards must be applied to many students, researchers, departments, or journal submissions. Plag.ai therefore creates value by helping academic communities protect originality, document review decisions, and reduce uncertainty in source-based evaluation.
Review text similarity
https://www.plag.ai