AMITY SCHOOL OF ENGINEERING AND TECHNOLOGY

AMITY UNIVERSITY, SECTOR-125,

NOIDA-201303

INDUSTRY INTERNSHIP

Under the guidance of Mr. Mahir Gupta

A Project Report

On

SmartSecure
(An AI based Network Intrusion Detection System)

Submitted to: Submitted by:

Dr. Y.S.Rathore VAIBHAV SHARMA (A2305216314)

B. Tech-CSE

(2016-2020)

1
Table of Contents
1. ABSTRACT .................................................................................................................................. 5

2. INTRODUCTION .......................................................................................................................6
i.) OVERVIEW.........................................................................................................................
ii.) PROJECT APPROACH .................................................................................................7
iii.) PROBLEM STATEMENT/OBJECTIVE.................................................................................7

3. MATERIALS AND METHODS ..................................................................................................... 8

i.) SOFTWARE REQUIREMENTS .........................................................................................
ii.) TECHNOLOGIES USED ....................................................................................................8

4. RESULTS AND DISCUSSION ..................................................................................................... 19

5. CONCLUSION ........................................................................................................................... 20

6. IMPLICATIONS FOR FUTURE RESEARCH ................................................................................. 21

7. REFERENCES............................................................................................................................. 22

2
 1. ABSTRACT
“
The project titled “SmartSecure (an AI based Network Intrusion Detection System)” used the
following technologies namely, Machine Learning model, SNMP attributes (to find malicious
data packet sent over any network), MIBs(to extract real time attributes for dataset utilization
and creation), RFCs(to find the desirable attributes that are responsible for cyber-attacks in each
and every protocol), Raspberry Py(for real time environment integration) and a router(to network
those data packets). The purpose of this project was to find a way to put an end to the Cyber
Crimes happening all over the world and escalating day by day, the most powerful being
‘phishing’. We all come across many spam mails in our accounts sometimes found in spam, but
sometimes so craftily created, they manage to reach the Inbox. Once the user selects them, and
clicks on the link attached in it, or any attachment that comes with it, they are done for good. The
Cyber Criminals get their way into their lives through this little Backdoor the user himself
created. To stop this type of attacks and many more, this project was started. With this, the data
packets sent over the network are analysed for any malicious behaviour, if any found, they are
reported to the user with the probable reason as predicted by our AI based model.
“

3
 2. INTRODUCTION

2.1 Overview

Protocols are standardized rules that help a user to send and receive data and also means of
communication over a network. Without protocols, it is almost impossible to find and maintain
order of anything, the same way, the rules we follow at our workplace, in societies and
everywhere else we are at. The basic usage of protocols is to guide the data packets sent over the
network. In order to do so, the data packets are divided into various parts and each part is
managed by a particular attribute/interface in each protocol. Here’s an example, a simple data
transfer from your ISP to your PC via router is managed by SNMP protocol. In SNMP, if a
request is sent to the ISP for information, it is managed by snmpInPkts(1.3.6.1.2.1.11.1)
attribute/interface of SNMP protocol. So each and every protocol works simultaneously and
continuously for successful communication between ISPs and Pcs. In this project, we worked on
extracting real time values through configuring the router and found the malicious code, if any,
to be handled accordingly. Suppose in Man-in-the-Middle attack, the user request data is
tampered and finally a different user receive data is sent back to the user through the attacker,
this will disrupt the user and his/her vital information can be lost. Hence whenever a data is
tampered with, or anything malicious is suspected, our AI based model recognizes it and
instantly informs the user with possible reason for this disruption in service and also guides them
to prevent such things from happening.”

4
2.2 Project Approach

First we need to find a probable Machine Learning method which will yield the highest accuracy
and also predicts correctly to find a way to solve this problem of phishing. Also, gathering real
time values is also a tricky part as extracting those data values and managing them in a format
that is understandable by the model all at once, is a tiresome job. So, in order to do that, I had to
find a way to do everything simultaneously and that too without user effort. Automation is the
key to everything but in order to do it, we have to understand completely how it works.

Possible ways

There are many methods of Machine Learning that contributes to AI. For example, we can use
KNN, Random Forest, SVM, and many more to make this model, however making model isn’t
the tricky part here. Extracting those attributes in real time and managing them is the difficult
part, cause no one has ever done that. The technology isn’t made till now. We are the first ones
to do so.

Chosen Way

We used Random Forest method for making the model. After doing a lot of research, we found
that, this classifier helps in maintaining, gathering and managing data values in real time. Also,
we found a way to access those attributes of every protocol that is used over the network.

2.2 Problem Statement /0Objective

The problem in this project was to find which attribute affects the most, in each and every
protocol responsible for sending data packets over the network. After finding those attributes we
had to find a way to configure those attributes and extract them over the network. The solution to
this problem was to configure the router accordingly, however the extraction of the attributes
was done according to the various MIBs and RFCs that work in them.

5
 3. MATERIALS AND METHOD

3.1 SOFTWARE REQUIREMENTS:

S. NO. HARDWARE SOFTWARE

1. Intel Core i7 Operating System: Linux, Kali Linux,
Security Onion, Rasp environment
2. 16 GB RAM Jupyter-Notebook
3. Raspberry Py v3 MS Word
4. Dual band Router Snipping Tool
5. Wi-Fi Adapter TP Link MIB Browser

3.2 TECHNOLOGIES USED:

3.2.1 RANDOM FOREST CLASSIFIER

”

6
An Example of Why Uncorrelated Outcomes Are So Great
The wonderful effects of having many uncorrelated models is such a critical concept that I want
to show you an example to help it really sink in. Imagine that we are playing the following
game:”

7
information available on an entity .The software that performs the parsing is a MIB compiler.”

8
3.2.3 SNMP VERSIONS AND MIB HIERARCHY

9
10
3.2.3 REQUEST FOR COMMENTS(RFCs)

11
experimental in nature and are not standards. Request for Comments documents were invented

There are 318 RFCs in the first 5000 RFCs from the IETF that contain MIBs. This list is a mere
fraction of the MIBs that have been written:

12
3.2.5 POPULAR MIB BROWSERS:”

 mbrowse: A graphical SNMP MIB browser for Linux, based upon GTK+ and Net-
SNMP. “

13
3.2.6 NETWORK INTRUSION DETECTION SYSTEM

14
Here’s a basic idea of how MIB browser works and extracts those features:

15
 4.RESULTS AND DISCUSSION:

The purpose of this project was to find a way to extract real time attributes from a router
connected to a network and find a way to manage it and maintain it in a given environment of
Raspberry Py. To send this real time data values in a model readable format for the machine to
work upon it, and yield the desired output. Here, we used Random Forest Classifier to classify
the various attributes (important ones) out of all the attributes that we extracted for each and
every protocol. Since, SNMP protocol is the tricky one, and the most important ones, because
each and every network protocol is somehow linked to it, So, extraction of SNMP attributes from
various MIBs corresponding to various RFCs is the trickiest part because no one has ever done
this. As a result, a few MIB browsers were found suitable to do the trick i.e., extract those
attributes.

After extracting those attributes, we had to integrate those attributes into a real time project, and
run the model in a real time environment of Raspberry Py. A Raspberry Py is a small computer
type hardware, into which a user can upload any program and the py works accordingly.

The next challenge was to integrate this py with the live router and do the hardware as well as
software configuration of the router.

** Not everything can be disclosed here as this was Cyber Security Project done for the
GOVERNMENT OF INDIA to decrease the cyber-crimes and such attacks (majorly phishing
attacks). This was done for one of the partner firms of the company, COUNCIL OF
INFORMATION SECURITY, INDIA. It is a government initiative and is responsible for the
Cyber Security of the nation.

16
 5. CONCLUSION

In conclusion, this is an AI based Network Intrusion Detection System. In this our Machine
Learning Based model, takes real time values and dynamically predicts the authenticity of the
data packet being sent. This model itself, searches for important attributes and classifies
accordingly. The attributes are extracted from MIB browsers through various MIBs for various
RFCs that store and configure all the attributes of all the protocols available over the network.

This prevents the user from various cyber-attacks, guides them if someone tries to steal their
important information and predicts the source of the data tampering / the attackers behind this
cyber-attack.

In the emerging Digital Era, this is something to keep people safe and keep their lives in order,
cause an attack not only brings chaos, but also threatens the integrity of the person as a whole.

** Not everything can be disclosed here as this was Cyber Security Project done for the
GOVERNMENT OF INDIA to decrease the cybercrimes and such attacks (majorly phishing
attacks). This was done for one of the partner firms of the company, COUNCIL OF
INFORMATION SECURITY, INDIA. It is a government initiative and is responsible for the
Cyber Security of the nation.

17
 6.IMPLICATIONS FOR FUTURE RESEARCH

Since this is first-of-its-kind integration of NIDS with router to remove the use of Firewall and
NIDS separately installed, once its established and configured correctly, it will be open for
commercial use and many more.

It’s one of the first prototype of the project and strictly restricted to government use, over time
this will help the people globally to protect themselves of cybercrimes and live freely and
without terror thinking anything could go wrong any second while making a transaction, or
opening a mail, or as simple as swiping a digital card.

The possibilities are endless and right now, I am not at the liberty to talk much about it.

** Not everything can be disclosed here as this was Cyber Security Project done for the
GOVERNMENT OF INDIA to decrease the cybercrimes and such attacks (majorly phishing
attacks). This was done for one of the partner firms of the company, COUNCIL OF
INFORMATION SECURITY, INDIA. It is government initiative and is responsible for the
Cyber Security of the nation.

18