User Account

All Pages

Implement an intrusion detection system in java

Assignment Help Computer Engineering
Reference no: EM13916497

You are to implement an intrusion detection system in java.

We are assuming all activities are associated with the same user. Please don't implement a GUI, the only required into is at the start and the output should all be to standard out on a terminal.

You must provide compilation instructions for your program and the produced program should be IDSE. It should run with the command:

IDSE Events.txt Base-Data.txt Test-Events.txt

where the three files do not need to have those names but will follow the formats given below. A Java program should run with Java in front of the command.

There are some files that you will work from. An example of each and the generic structure of each are provided. Examples of the required output will be demonstrated. A specific example of the first file, Events.txt is 5

Logins:2:Total time online:1:Emails sent:1:Orders processed:1: Pizza's ordered online:0.5:

The general format is Number of monitored events

Event-1:Weight-1:Event-2:Weight-2:Event-3:Weight-3:Event-4:Weight-4: Event-5:Event-5: ....:....

Only four events are recorded per line. There will be multiple lines, as many as are necessary to give the details of the specified Number of Monitored Events. Number of Monitored Events will be a positive integer no greater than 20.

The second file, Base-Data.txt contains data based on measuring output associated with the events described in the file Events.txt. Part of a specific example of the second file, associated with the specific example of the first file above, is: 3:290:61:148:2:
2:370:50:173:4:
5:346:87:131:1:
.
.
. 3:325:60:145:5:

The general format for a single line of the file is

Measure-Event-1:Measure-Event-2:Measure-Event-3:....:Measure-Event-Number of monitored events:

Each line contains the measures from a particular day. Each entry is the value associated with that event on a particular day. You can assume that all measures of an event have the same units. The units are assumed to be known and you do not need to report them. The intrusion detection is based on standard deviations.

The third file, Test-Events.txt, has the same form as Base-Data.txt, but each line is to be processed and tested against the base profile. Each corresponds to a days activity. These lines are not to be taken into account in determining the baseline behavior of

the user. A specific example is: 5:387:75:120:2:
1:123:25:50:5:

The general format for a single line of the file is

Measure-Event-1:Measure-Event-2:Measure-Event-3:....:Measure-Event-Number of monitored events:

What do you need to do?

1. Read in the first two files, produce a base profile, and report it, as in the example below. As mentioned earlier, this is all assumed to be for a single user. You have been given the event names and the weights in the first file, Events.txt. You need to calculate the average and standard deviation (stdev) based on the data given in the second file, Base-Data.txt. The average and standard deviation should be listed to two decimal places only.

Event Average Stdev Weight Logins 4.50 1.25 2

Total time online 287.15 42.12 1

Emails sent 65.40 30.71 1

Orders processed 150.73 20.13 1

Pizza's ordered online 2.03 1.06 0.5

Your output doesn't need to follow this exact format but it should be clear.

2. Calculate a threshold for detecting an intrusion. The threshold is 2*(Sums of weights). This should be reported. For the table above we have Threshold 11

Your output doesn't need to follow this exact format but it should be clear.

3. For each item in the third file, Test-Events.txt, you need to report on whether the there is an intrusion detected. You do this by measuring adding up the weighted number of standard deviations each specific tested event value is from the average for that event, where the standard deviation and average are those you have generated from the base data and reported. For example, if 2 Logins occur in a day, we are 2 standard deviations from the average. Since Logins have a weight of 2 this contributes a distance 4 to our measure.

For each event you should report the distance value and whether or not an alarm is raised.

Line 1 -- 5:387:75:120:2: Distance: ... Alarm: No

Line 2 -- 1:123:25:50:5: Distance: ... Alarm: Yes Yes Yes

Again, your output doesn't need to follow this exact format but it should be clear.

Reference no: EM13916497

Questions Cloud

Separate performance obligations in the contract : Indicated below whether each item is a separate performance obligation and allocate the transaction price of 120,000 Pro tab Packages to the separate performance obligations in the contract.
Most common types of ratios : What are the three most common types of ratios? Why are they important? Which ratios would you use to determine the long-term viability of an organization? Why?
Five core principles of nclb 2001 : Strong Accountability for Results: The pros of this principle are that is compares students performances data to the standards and not to the students around them.
What actions can companies take in response to influence : Should organizations fear Web sites where consumers post negative messages about products and services? What actions can companies take in response to this disruptive influence?
Implement an intrusion detection system in java : You are to implement an intrusion detection system in java - There are some files that you will work from. An example of each and the generic structure of each are provided
Development of a marketing plan : The term project is the development of a marketing plan. The plans are evaluated according to the quality of information obtained, the quality of analysis, the feasibility of the recommendations (do they flow from the analysis?), the evidence of u..
Why apply agile pm as opposed to traditional pm approach : Analyze the advantages and disadvantages of Agile project management approach. When and why we should apply Agile PM as opposed to traditional PM approach?
Problem regarding the compensatory time valid : Your boss then instructs you to research the issue and prepare a research paper addressing the following issues: 1) Are the directors' complaints about not receiving compensatory time valid? Be specific as to why or why not.
Freud psychoanalytic theory : One of the very first cases that caught Freud's attention when he was starting to develop his psychoanalytic theory was that of Anna O, a patient of fellow psychiatrist Josef Breuer. Although Freud did not directly treat her, he did thoroughly ana..

Reviews

Write a Review

Computer Engineering Questions & Answers

  Sdlcs and other sites explaining some of the tools

Visit web sites for the few leading information systems consulting the firms. Try to determine the information regarding the approach they utilize in order to develop systems. Specify whether SDLCs are described there? Also state do their sites ex..

  What is the difference between a policy and a procedure

What is the difference between a policy and a procedure. How do regulations affect network policies

  In class we spent a lot of time describing the different

in class we spent a lot of time discussing the different architectures and services that can be used to implement

  Do clear data from my maskedtextbox named "mtbpac"

I am using Visual Basic.NET with Microsoft Visual Studio 2005. I have a project with a User Control that I have created. I have a button that I named Clear. I require to clear the data from my maskedtextbox named "mtbPAC".

  Which array types can hold object references

What is the default initialization value for a integer array.

  Question1 generate a mockup of the page to show how it will

question1. generate a mockup of the page to show how it will look. this can be done in a number of ways - you could use

  Alternative design strategies for a system

A secondary purpose is to emphasize to you that the consideration of a packaged software solution should be done after the analysis efforts are complete, not as a substitute for analysis. Let us now begin. What processes are needed in order to sha..

  Compare and contrast the useradd

Compare and contrast the useradd and adduser commands in Linux. What is their purpose? Which one would you use? What other processes besides using these two commands might you employ to accomplish the same task?

  What are the errors

What are the errors

  Why server side computing has been a more affordable

The Cloud, that is synonymous with the internet, became a common phrase which infers that everybody can keep files and records in a trusted site. So what is the difference between uploading a file to a file server and uploading a file to a cloud.

  Design a script that will allow the user to enter one

make a script that will allow the user to enter one of several choices from the command line.

  What would the new tree look

The Binary Tree is one of the best ways to organize data while you need fast access. For this assignment, we will organize a list of names and perform various operations on those names.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd