incoming sources identifying malware and hidden …the social network graphs are anonymized before...

1

IDENTIFYING MALWARE AND HIDDEN ATTACKER IN INCOMING SOURCES

R.Sridevi1, P.Valarmathi2, Y. Suganya3

1Associate Professor, Department of Computer Science and Engineering,K.Ramakrishnan College of Engineering

2Professor, Department of Computer Science and Engineering, Mookambigai College of Engineering

3Assistant Professor, Department of Computer Science and Engineering, Mookambigai College of Engineering

[email protected], [email protected], [email protected]

, 9443576718

ABSTRACT

The Privacy-Preservation in social networks was done by identifying malware. This identification was done by analyzing the hidden attacks from incoming sources. The information links of data holders between the nodes were controlled by the other data holders. The social network graphs are anonymized before being published to the others might be the third person, for data mining or statistical study of privacy preservation of social networks. One of the most used attacks was Distributed Denial of Service (DDoS) attacks. Since the crackers were using the multiple bots for sending the commands, it becomes very difficult in finding them. They are capable of sending a command by multiple bots from another network and then leave the bots quickly after the execution of commands. The strategy proposed here is to develop an intelligent detection system for DDoS attacks. The system packet analysis was done by detecting the data packets and exploiting machine learning techniques to study the patterns of DDoS attacks and the approach which employs data mining and forensic techniques has been proposed to identify the representative SC-patterns for a user.

Key words: privacy preservation, DDoS, hidden attacker identification, malware identification, forensic techniques identification

INTRODUCTION 1.1 NETWORK SECURITY

The Security policies and practices present in the network helps in prevention and monitoring the security threat factors such as unauthorized access, misuse, modification, etc. These policies ensure the preventive measures for denial of a computer network and network-accessible resources too. The Network administrator plays a major role in maintaining network security and ensures the authorization of access to data in the network. The admin defines the level of authorization access for the user. The User can logon based upon the login credentials provided by their respective admin. Based upon that, a user could get access to the information and programs. Both the Public and Private networks were covered by network security policies. These kinds of security policies applied to the day to day usage activities such as everyday jobs, making out transactions communication among the various agencies such as government as well as private business sectors. The following fig 1.1 shows the general agent diagram considered in real world [1-4].

Fig: 1.1 General agent diagram

WAFFEN-UND KOSTUMKUNDE JOURNAL

Volume XI, Issue VI, June/2020

ISSN NO: 0042-9945

Page No:72

mailto:[email protected]



2

Nowadays, even it applies to individuals. Managing the individual’s security is merely hard than maintaining a concern’s security aspects. Protecting a private network is merely a bigger problem while it's being accessed by public peers. Special attention should be given to the networks that are being public. Due to this, the network security policies maintain the simplest way of authentication by deploying the User id and password protection system. Encryption plays a vital role in communication between two nodes in a network for maintaining the privacy aspect. To make it much more effective there exist many techniques and tools for safer network practices. One of them is a Honeypot system. It ensures the essential protection for the network. It is capable of finding the vulnerabilities in a network and makes us aware of the deficiency existing in our network. So they were used for surveillance purposes and also as an early warning tool. But it is not recommended to deploy them in legitimate systems [5-7].Protecting the Network system is a bigger challenge. So, the way of authentication and authorization should also be get upgraded as the challenge for protection increases in an accumulative manner. Therefore, various authentication factors were introduced. The levels of authentication were made strong by using the combination of the factors implied for it. Single-factor authentication is having only simple protection by using password protection [9, 10]. The Two-factor authentication combines password along with pin generated randomly based on time unit. The Three-factor authentication is much better than its predecessor since it uses a password, pin, and a biometric imprint. Based upon this we could ensure the network protection in the system.

A firewall is responsible for enforcing access policies. It acts as a gateway for network access. An authenticated admin can handle the firewall access policies to authorize the users. Apart from this it can handle the thread-level or port-level access and avoid the intrusion. But it may incapable of protecting the network system against the harmful Trojans and worms. So we may use the proper antivirus to detect and quarantine the malware. Then for further protection from intrusion, we use the intrusion prevention system. Later anomaly-based prevention system was used for monitoring and providing higher protection [11-13]. It is capable of making the audits upon the network. But the forthcoming new-gen systems have the capability of combining the unsupervised machine learning with full network traffic analysis. So this provides the enhanced superior protection against the active network attackers and malicious attack upon the targeted external user machine or account.

2 EXISTING SYSTEM

A system exists for handling the web requests and responds to the server from the user. This system was called the DNS (Domain Name System). This was introduced to manipulating the relevant retrieval and provides comfort for the user in raising a web request. The DNS will make the readable domain name into the intended numerical IP address for the domain. This will make the request more ease at the user end. It also has a cache facility at each DNS system, to store the frequently used domains and retrieve them when required. This cache setup will increase the system performance and reduce the latency in retrieval, even this system also vulnerable to attackers in existing. This system may be dysfunctional due to false translation. The cache formed by using that content may degrade the performance of the system. We call this state a poisoned state. If the poisoned state exists then the system may malfunction in request and response retrieval. Due to this poisoned server, then they return an incorrect IP address to the user. Attackers use this state to make them profitable by generating traffic. So poisoning may also be done from the attacker's end to generate the traffic [14-16]. The attackers were monitored and techniques used by them were kept in track. By doing this we will get to know about the techniques used by them every time, before and after the attack is practiced. These analyses were made to make the protection strong and make the entire network system less vulnerable against their attacks. This protection was delivered by deploying the honeypot mechanism. This honeypot creates a virtual dummy kind of server, which was said as a decoy server. This decoy server grabs the attention of the attackers by diverting them to not attack the data existing on a real server. So, it gives virtual protection against the threats raised by the attackers and makes their thrust of time and energy upon the decoy servers. There exists another technique such as honeypot called a honeynet. This honeynet helps to analyze the attacker's strength by manipulating the resources and techniques used. This helps to make our system to be more resistive upon these kinds of harmful attacks and helps to protect our data. These honeynet acts as a root one by having one or more honeypots within their network [17, 18].

To overcome traditional issues in the network policies configuration SDN was introduced. This also helps in the improvement of the utilization of network equipment. This SDN helps in the various functionalities of the big data, such as data acquisition, transmission, storage. These functionalities of big data will impact on the design and operational processing unit of SDN. Especially the computing resources will impact the Network QoS.

A DDoS attack influences the system under network and makes their server down. This was hugely used to make an online service to go offline by sending a huge request from its end. Due to this the target server gets down and goes offline, this will happen when its load balancing capability gets failed. These kinds of attack were active even with the server that has SDN. The victim’s



ISSN NO: 0042-9945

Page No:73

3

server cannot handle huge data packets received simultaneously. So, it goes down rapidly. But the bandwidth wastage has occurred while sending these huge data packets [20].

The drawback of the existing systems available is it has the capability of analysing the complexity factors such as privacy and communication. It doesn’t suit the large networks since it is inefficient in maintaining the reliability and scalability factors. A native traditional anonymization technique was deployed in the network. So it leads to the removal of identifying attributes like names or social security numbers from the data. It becomes inefficient by not collecting information from a social graph in an efficient manner and the accuracy of the search results will not get improved since it collects and analyses the user's explicit or implicit information.

3 PROPOSED WORK

In the proposed work, the person’s details will be accessible if the friend request was got accepted. By deploying the secured multiparty protocol, it does not reveal any information about the parties based upon the input and the final output implied by them. But there exists an increasing interest to improve the information needs of the social peers by utilizing the existing underlying network structure. These observations lead to the improvement of performance in collecting information from the neighbourhood of the users existing in the social network among them. It is also capable of analyzing the incoming sources of the users. Wireless communications result from great progression in mobile users. By SDN facilitation capabilities for big data management, it is possible to achieve processing the big data. This will impact the design and operation of SDN. The modern DDoS flooding attacks were deployed to deactivate the server or an entire network.

The Security factors, still act as a challenging key concern in the growth reduction of SDNs. Apart from this the deployment of novel entities and the introduction of several architectural components belonged to SDNs, imposes as modern threats and vulnerabilities. Besides, the landscape of digital threats, the cyber-attacks are evolving tremendously by considering the SDNs as a potential target. This results in even more devastating effects than using simple networks.

The security factor was not considered as a part of the initial SDN design. This stood as an issue in the existing agenda. Here the possible attacks and threat vectors targeting different layers/interfaces of SDNs were described. The requirements, as well as key enablers, which were considered as essential and potential for securing the SDNs, were identified and act as great guidance for securing the SDNs. Finally, the open issues and challenges of SDN security should be deemed and tackled by researchers and professionals shortly in the future era. The experiment was conducted by using Java. Fig 3.1 depics the proposed work system architecture.

Fig: 3.1 System Architecture

The modules involved in the work were Anonymization by clustering, Measuring the loss of information, Anonymization by sequential clustering, the distributed Setting. The following section describes each module separately.

3.1 ANONYMIZATION BY CLUSTERING The study of anonymizing social networks has concentrated so far on centralized networks, i.e., networks that are held by one data holder. However, in some settings, the network data is split between several data holders, or players. For example, the data in a network of email accounts where two nodes are connected if the number of email messages that they exchanged was greater than some given threshold, might be split between several email service providers. As another example, consider a transaction network where an edge denotes a financial transaction between two individuals; such a network would be split between several banks. In



ISSN NO: 0042-9945

Page No:74

4

such settings, each player controls some of the nodes (his clients) and he knows only the edges that are adjacent to the nodes under his control.

3.2 MEASURING THE LOSS OF INFORMATION Given a social network SN and a clustering C of its nodes, the information loss associated with replacing SN by the corresponding clustered network, SNC, is defined as a weighted sum of two metrics,

I(C) = w · ID(C) + (1 − w) · IS(C);

Here, w ∈ [0, 1] is some weighting parameter; ID(C) is the descriptive information loss that is caused by generalizing the exact quasi-identifier records R to R, while IS(C) is the structural information loss that is caused by collapsing all nodes of V in a given cluster of VC to one super-node.

3.3 ANONYMIZATION BY SEQUENTIAL CLUSTERING It considers anonymizations of a given social network utilizing clustering. Let C = {C1... CT} be a partition of V into disjoint subsets, or clusters; i.e., V = ∪T t=1Ct and Ct∩ Cs = ∅ for all 1 ≤ t ̸= s ≤ T. The corresponding clustered graph GC= (VC, EC) is the graph in which the set of nodes is VC= C, and an edge connects Ct, and Cousin ECiff E contains an edge from a node in Cotto a node in Cs. Each node Ct∈ VCis accompanied by two pieces of information — |Ct| (the number of original V -nodes that Contain), and et, which is the number of edges in E that connect nodes within Ct.

3.4 THE DISTRIBUTED SETTING Network measurements are the only way to gain an understanding of how the networks are working and whether network resources are running low.it surveys the field of network measurement. The project aims to offer an all-around understanding of the different aspects of the subject: what network measurement means, what, and why do need to measure, and how it performs the measurements. There may be a demonstrable relationship and a positive correlation between dependent and independent variables. However, such a relationship cannot readily be proven to be causal.

There are two scenarios to consider in this setting: Scenario A: Each player needs to protect the identities of the nodes under his control from other players, as well as the existence or non-existence of edges adjacent to his nodes. Scenario B: All players know the identities of all nodes in V; the information that each player needs to protect from other players is the existence or no existence of edges adjacent.

4. RESULTS AND DISCUSSION

The work carried out in the windows platform in Java and the following were the snapshots of the results obtained for this work from the process of starting the server, how the port number is received and the process has initiated its work so on to connecting the number of clients involved in the process.



ISSN NO: 0042-9945

Page No:75

5



ISSN NO: 0042-9945

Page No:76

6

After all the clients can be connected, how the packets sending and receiving taken place , the actual attacking process along with its time tracing in embedded. After that the exact attacker is traced and identified.



ISSN NO: 0042-9945

Page No:77

7



ISSN NO: 0042-9945

Page No:78

8

7.1 CONCLUSION

An approach that employs data mining and forensic techniques has been proposed to identify the representative SC-patterns for a user. The time that a habitual SC pattern appears in the user’s log file is counted, the most commonly used SC-patterns are filtered out, and then a user’s profile is established. By identifying a user’s SC-patterns as his/her computer usage habits from the user’s current input SCs, the IIDPS resists suspected attackers. This can also detect malicious behaviors for systems employing interfaces and then prevent the protected system from being attacked. The strategy proposed here is to develop an intelligent detection system for DDoS attacks. The system packet analysis was done by detecting the data packets and exploiting machine learning techniques to study the patterns of DDoS attacks and the approach which employs data mining and forensic techniques has been proposed to identify the representative SC-patterns for a user. The work helps to quickly approximate the number of users exist in a user’s neighbourhood network and endorsing an item can be done, minimize the total number of nodes that exist in the network by correlations across samples and it helps how to demonstrate the utilities required for approach.

The proposed model can be further used to increase detection accuracy and improve the decisive rate. The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing 10 continually, developing



ISSN NO: 0042-9945

Page No:79

9

flexible and adaptive security-oriented approaches is a severe challenge. Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. In this context, signature-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities.

REFERENCES:

1. Chen, S. Abdelwahed, and A. Erradi, “A model-based approach to protection in computing system,” in Proc. ACM Cloud Autonomic Comput. Conf., Miami, FL, USA,(2013), pp. 1–10.

2. R.Sridevi, S.Srimathi,(2020),” Populating Indian GST Details Into Java Apache Derby Database Powered By Glass Fish Server” Inventive Communication and Computational Technologies, springer series, Page(s): 409-421.

3. Mrs.M.Sumathi,” Enhanced Elliptic Curve Cryptography Technique for protecting sensitive data inCloudComputing”, IEEE Xplore , Aug_2019.

4. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, “DREBIN: Effective and Explainable Detection of Android Malwarein Your Pocket,” In Proc. the Network and Distributed System Security Symposium (NDSS), vol. 14, pp. 23-26, (2014).

5. R.Sridevi , S.Srimathi , (2019), "Dynamic Malware Attack Detection And Prevention In Real Time IoT With Hybrid Signature Free Method", IJIERT - International Journal of Innovations in Engineering Research and Technology, Volume 6, Issue 6, ISSN : 2394-3696, Page No. 48-56.

6. R.Sasi Kumar and S.DeviPriya ,”Combining Deduplication and String Comparison for Avoiding Redundant Data with Enhanced Authentication Approach on Cloud”, International Journal of Advanced Research in Computer and Communication Engineering Issue6, Vol.8, June 2019.

7. Demontis, M. Melis, B. Biggio, D. Maiorca, D. Arp, K. Rieck, I. Corona, G. Giacinto, F. Roli, “Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection ,” IEEE Transaction on Dependable and Secure Computing,(2016).

8. R.Sridevi, N.Nithya,(2020),” Intrusion Detection System Using Wosad Method” Inventive Communication and Computational Technologies, springer series, Page(s): 423-430.

9. Gajek, A. Sadeghi, C. Stuble, and M. Winandy, “Compartmented security for browsers—Or how to thwart a phisher with trusted computing,” in Proc. IEEE Int. Conf. Avail., Rel. Security, Vienna, Austria, Apr.(2007), pp. 120–127.

10. Hao, B. Liu, S. Nath, W. G. Halfond, and R. Govindan, “PUMA: Programmable UI-automation for Large-scale Dynamic Analysis of Mobile Apps,” In Proc. of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), pp. 204-217, (2014).

11. R.Sridevi, Bhavani, Meena,(2020),” Suggesting A System To Enhance Decision Making In Location Based Social Networks” Lecture Notes on Data Engineering and Communications Technologies, springer series, Page(s): 412-419.

12. Ismail Bin, D. Usman, “Standardization and Its Effects on K-Means Clustering Algorithm,” Research Journal of Applied Sciences, Engineering and Technology, vol. 6, no. 17,(2013).

13. King ma, J. Ba, “Adam: A method for stochastic optimization,” arXiv:1412.6980,(2014).14. Leu, M. C. Li, J. C. Lin, and C. T. Yang, “Detection workload in a dynamic grid-based intrusion detection environment,”

J. Parallel Distrib. Comput., vol. 68, no. 4, pp. 427–442, Apr.(2008).15. Lu, B. Zhao, X. Wang, and J. Su, “DiffSig: Resource differentiation based malware behavioral concise signature

generation,” Inf. Commun. Technol., vol. 7804, pp. 271–284, (2013).16. Luke, V. Notani, and A. Lakhotia, “Droidlegacy: Automated familial classification of android malware,” In Proc. of the

ACMSIGPLAN on Program Protection and Reverse Engineering Workshop, pp. 3,(2014).

17. Mal-Genome project. (September, 2017) [Online]. Available: http://www.Malgenomeproject.org18. Shan, X. Wang, T. Chiueh, and X. Meng, “Safe side effects commitment for OS-level virtualization,” in Proc. ACM Int.

Conf. Autonomic Comput., Karlsruhe, Germany, (2011), pp. 111–120.19. Zhang, Y. Duan, H. Yin, and Z. Zhao, “Semantics-aware Android malware classification using weighted contextual API

dependency graphs,” In Proc. of the ACM Conference on Computer and Communications Security (CCS), pp. 1105-1116, (2014).

20. Zhongyang, Z. Xin, B. Mao, L. Xie, “DroidAlarm: an all-sided static analysis tool for Android privilege-escalation malware,” In Proc. of the 8th ACM SIGSAC symposium on Information, computer and communications security, pp. 353-358, (2013).



ISSN NO: 0042-9945

Page No:80

http://www.Malgenomeproject.org

incoming sources identifying malware and hidden …the social network graphs are anonymized before...

Documents