Canadian Journal on Network and Information Security Vol. 3 No. 1, August 2012
A Study to investigate the possibility of using a decision-making model with IPS Homam El-Taj Computer Engineering Fahad bin Sultan University Tabuk, KSA
[email protected] National Advanced IPv6 Centre (NAv6) Universiti Sains Malaysia
[email protected]
Hiba Al-Senawi Computer Science Fahad Bin Sultan University Tabuk, KSA
[email protected]
Firas Najjar V-Tech Systems Riyadh, KSA
[email protected]
access, internet layer, host-to-host layer and application layer)as shown in Figure 1. [29]
Abstract: Problems of network security are increased, and need to be up to date with all different attacks and intrusions, Intrusion prevention system will be an efficient technique to ensure network security. In this paper IPS will use a new and modern approach to achieve this aim, IPS will use one of the decision making model, and the new model has ability to recognize an attack, to differentiate one attack from another, ranking attack. The most important is to prevent new attacks.
B. Network security Security is the main goal in many areas. One of these areas is networking. Network security concerns about how to make network safe from unauthorized access, destruction. Ensure that no harmful effect for neither user nor for an employee. It also concern in how computer network infrastructure prepared to prevent and protect access to resources, security attacks can be classified as passive attacks and active attack. These attacks had some measures to be taken for securing the network by using different Tools. [1].
Keywords-component; Network Security; Decision Making; DOS; DDOS;IDS;IPS.
I. INTRODUCTION A Quick overview of network system will help in making basic knowledge about network concepts and network risk that maybe occur with any system and other different issues Network system. A. Network Defintion Computer network is simply two or more computers connected together so they can exchange information. Each network consists of three main components: node (PC’s), network hardware and network software, information transfer via network and this information need to protect it against attacker. [29]
Figure 1: OSI Reference model and TCP/IP model [29]
C. Network security Security is the main goal in many areas. One of these areas is networking. Network security concerns about how to make network safe from unauthorized access, destruction. Ensure that no harmful effect for neither user nor for an employee. It also concern in how computer network infrastructure prepared to prevent and protect access to resources, security attacks can be classified as passive attacks and active attack. These attacks had some measures to be taken for securing the network by using different Tools. [1].
transfer data in network can through two main type: Broadcasting and point to point link, broadcasting is the way where short message (Packet) that contain destination address, transfers via single communication channel shared between all nodes in network, point to point network consist of many connection between individual pairs of nodes, packets while transfers to destination, it may pass through one or more intermediate nodes. [29] Network systems are organized into layers, with each layer Designed for specific function. These functions are controlled by protocols, which are rules that control communication between devices and corresponding Layers. There are two main network architectures: Open system interconnection (OSI) and Transmission control protocol /Internet Protocol (TCP/IP), OSI consist of seven layers while TCP/IP four layer (network
There are many different ways to protect the network and access to a secure network, and firewall protection is one of these methods, where the firewall are the elements of the group that together constitute buffer between two networks, firewall has many types, application gateway, packet filtering, and hyper system.[35]
13
Canadian Journal on Network and Information Security Vol. 3 No. 1, August 2012 II. DECISION MAKING
2) Genetic algorithm (GA):
Decision making “is the study of identifying and choosing alternatives based on the values and preferences of the decision maker. Making a decision implies that there are alternative choices to be considered, and in such a case we want not only to identify as many of these alternatives as possible but to choose the one that best fits with our goals, objectives, desires, values, and so on”[18].
“Is a stochastic search method which has been widely used by the data mining community for discovering classification “, GA start by Creating the initial population (generation 0), 2nd evaluate fitness of each individual in the population for the current generation, 3rd select genetic operation, 4th reproduction, 5th mutation, 6th crossover (recombination) , 7th architecture altering operations, 8th select one or two individuals from the population probabilistically based on fitness, 9th perform the genetic operation, 10th Insert offspring into population, then Termination criterion finally Results designation.[26].
Decision making process is starting by Identify the problem and to have view about some parameter such as system boundary and root causes etc. 2nd, determine requirement, how solution for particular problem must meet. 3rd, step is to establish goal according to the specific requirement, 4th, define alternative also must meet requirement which determined in 2nd steps, 5th, define criteria must be based on the goal. [18]
3) Decision Matrix: “Is one of the simplest decisions making techniques Invented by Stuart Pugh the Decision Matrix Method, also called Pugh Method or Pugh Concept Selection, is a quantitative technique used to evaluate, compare and rank the alternative multi-dimensional options of a technical solution set”.[27]
There are many decision making methods such as Artificial Intelligence methods (neural networks, Fuzzy Logic and Genetic algorithm), and simple prioritization methods such as (decision matrix, multicriteria Decision Making, Analytical Hierarchy process, Bid responsibility determination and Bidder responsibility determination) and other method such as rational method (pros & cons) and flipisim, satisficing, opportunity cost, Simons normative model, info gap and possibility theory.[22, 23, 27, 28, 29, 34]
4)
Rational method:
“Descriptive and normative decision-making theories possess distinct characteristics and follow specific methodologies for selecting a course of action, Normative, or rational, theories of decision making are based on fundamental axioms.”[28]
A. Decision Making Methods 1) Neural network (NN): Neural networks is modern method where it simulates the shape of neuron cells to humans, this method has been applied successfully to speech recognition, image analysis, adaptive control, games and robots, system consist of three layers of input, hidden (process) and output nodes. [19], NN consists of a collection of processing elements that are highly interconnected where NN transform set of input using Hidden (process) to output. The result determined by elements prosperity and the weights associated with the interconnections among them. By modifying the connections between the nodes the network is able to adapt to the desired outputs [20].
5) Fuzzy logic: Fuzzy Logic was initiated in 1965 professor for computer science at the University of California in Berkeley. Basically, Fuzzy Logic (FL) is a multivalued logic that allows intermediate values to be defined between conventional evaluations like true/false, yes/no, high/low, etc. Notions like rather tall or very fast can be formulated mathematically and processed by computers, in order to apply a more human-like way of thinking in the programming of computers. [33]
III. NETWORK ATTACK
Artificial neuron processed many input and one output. Result of processing determined by some criteria such as element weight and characteristics. [4], Neural networks (NNs) Drawn attention because of the ability to create generations and classification [24].
Transmitted data in the open network environment faced various Security threats and different kind of attack such as Denial of service attack and Distributed Denial of Services attack.
A. Denial-of-Servies attack (DOS):
There are two main approaches for NN in learning phase: Supervised training algorithms: The network learns the desired output for a given input or pattern. Unsupervised training algorithms: The network learns without specifying desired output. [21]
There are many types of DOS attacks, classified in two categories (DOS by saturation, DOS by vulnerability exploitation), DOS come in different form for different services, most of these attacks are SYN Flooding, UDP Flooding, ICMP, Smurf, POD, Back, Land, Smurf, Neptune, and teardrop etc.[4] 14
Canadian Journal on Network and Information Security Vol. 3 No. 1, August 2012 Based Monitoring. NIDS gather information from network traffic when it transmits via network [9]; NIDS are intrusion detection systems that detect data packets traveling on the Network media and match them to a database of signatures. [7].
B. Distributed Denial of Services attack (DDOS): Nowadays computer systems and networks faced different types of attacks, and these attacks increase day by day, and one of these attacks is DDOS, this attack depends on overload the victim and renders it incapable of performing normal transactions. A successful attack allows the attacker to gain access to the victim’s machine, allowing stealing of sensitive internal data and possibly cause disruption and denial of service (DoS) in some cases. [2]
Two main detection methods and one hybrid method are used by IDS: misuse and anomaly, Misuse detection depends on description of known malicious activities. This description often referred to as attack signatures. An anomaly detection IDS looks for anomalies, meaning it thinks abnormally. It uses rules or predefined concepts about “normal” and “abnormal” system activity to classify anomalies from normal system behavior and to monitor report on, or block anomalies as they occur. [3], usually NIDS use misuse and HIDS use anomaly [9].
IV. INTRUSION DETECTION SYSTEM (IDS) Intrusion Detection System (IDS) is the process of monitoring events in a system or network to determine whether an intrusion occurred or not. IDS monitors network traffic and alerts network administrator against malicious attacks. IDS responsible on protect the availability, confidentiality and integrity of critical networked information systems.
IDS work through take a copy of traffic and examined it if it infected or intact, this way has advantage and Disadvantage. it good because it will not make delay in transferring data that it check copy not original traffic, but it will not protect the destination from attacks because when the IDS checks copied traffic and detects the attack, at this time attacks reach goal and cause damages.[8]
IDS protects network traffic using different method first is misuse and anomaly. Misuse depends on a description of known malicious activities. This description is often modelled as a set of rules referred to as attack signatures. Anomaly detection IDS looks for anomalies, meaning up normal activity. [3]
Duraiswamy and Palanivel categorizing IDS into different types depending on the TCP/IP layers, AIDS (Application Layer), TIDS (Transport Layer) , NIDS ( Network Layer) and LIDS (Link Layer).[6]
V. INTRUSION PREVENTION SYSTEM (IPS) One of these methods is Intrusion Prevention System (IPS), also known as intrusion detection and prevention systems (IDPS). IPS combines between technique firewall and Intrusion Detection system (IDS), Nowadays, IDS got many limitation such as performance and flexibility, so IPS which is a new prevent approach in monitoring network and/or system activities for malicious activity, where Intrusion prevention system function can be summarized in three main points which is identify intrusion, and take decision to block or stop activity then give report about activity. [5]
Figure 2: Different IDS classification [9]
VI. RELATED WORK IDS analysis process consists of four main phases which is: Preprocessing, Analysis, Response and Refinement. First phase help in determine the format the data are put into, which would be a canonical format or a structured database. Once the data are formatted they are further classified, this classifications depends upon the analysis schemas being used. Analysis phase compared data record with the Knowledge base. The data record will either an intrusion event or it will be dropped. Response phase automatically performed, or manually after someone manually analyzed the situation and get fact. Last phase is Refinement helps in reducing false positive levels and to have more security tool. [10]
A. Intrusion Detection System (IDS): there are many attacks and intrusions which may damage and/or destroy information’s, detecting these intrusion before cause any damage will save data, so intrusion detection system (IDS) created. IDS are the process of monitoring events in a system or network to determine whether an intrusion occurred or not. An Intrusion Detection System (IDS) monitors network traffic for suspicious activity and alerts the system or network administrator against malicious attacks. There is two main Data source that IDS deal with it: Host Based information source (HIDS) and Network based information source (NIDS), HIDS Operating System Audit Trails, System Logs, Application Information and Target15
Canadian Journal on Network and Information Security Vol. 3 No. 1, August 2012 Akbar, Nageswara and Chandulalare displays genetic algorithm to select different kind malicious / attack of communication. This algorithm which takes into account various features of the network such as type of protocol type, duration, and the service, dst_host_srv_count to generate a classification rule set. Each rule identifies a certain type of attacks. [30] R. Shanmugavadivu, designed new approach to identify and detect attack using fuzzy logic. New approach depends on modify set of detect rule using automated strategy for generation of fuzzy rules, which Can be found Particular rules using frequent items. [31] Figure 4: IDS used PCA neural network [32]
Bahrololum and Salahi and Khaleghi proposed a new approach hybrid between misuse and anomaly detection for training of intact and infected packets respectively. Two approaches Neural network are used by combining between them which is unsupervised and supervised Neural Network (NN) for Intrusion Detection System. By the unsupervised NN attacks will be classified into smaller categories. Then unsupervised NN based on Back propagation will be used for clustering. [3] B. Intrusion Prevention System (IPS) At present time, IDS Technique is not an effective way to deal with new predictions mechanism of attacks, because there are many limitations such as performance, flexibility, and scalability. Even so, IPS is a modern approach system with new techniques that combine between the Firewall and IDS. IPS can pass through in between the devices and identifying and block malicious activities in network (in-line system) [11].
Figure 3: IDS used Fuzzy logic [31]
Jawhar and Mehrotra, show that the logic of the new approach and a hybrid fuzzy neural network system for intrusion detection. The main idea is to take advantage of the capabilities of different Ranking of fuzzy logic and neural network system for intrusion detection. New approach has ability to recognize an attack, to distinguish between an attack and one from another. Ranking the attack and, more importantly, to detect new attacks with high detection rate and false negative is low. [22]
Gore explains that IPS is in-line system which means it can pass through in between the devices. While IDS is out of the band system and this one can't sit within the network bath [14]. FuchsBerger complete classifying IPS into two main techniques which is: anomaly detection and Misuse detection, where anomaly detection method compares between normal behavior and abnormal behavior, anomaly method advantage It is capable to detect unknown attack, it is high rate detection but false positive with this method is also high. Misuse depends on comparing attack type with attack behavior, this method is low detection rate but high false positive rate, and misuse can’t detect unknown attack.
Adel Jahanbani and Hossein Karimi use Principal Component Analysis (PCA) which is neural network algorithm to find a new classification system. Proposed system can detect intrusions from normal connections with satisfactory detection rate and false positive. [32]
The goal of IPS is to monitor network assets in order to prevent misuse or anomaly behavior [11]. Gore show when IDS find malicious activities it will generate one trigger alerts. It might be false positive or false negative but no action taken in these activities. However, IPS can deal with this malicious activity because it detects then prevent, by block or drop or any other action based on severity of the attack. [14].
16
Canadian Journal on Network and Information Security Vol. 3 No. 1, August 2012 running on a host. 6th Network Traffic Sanitization: this type sanitization of traffic may rebuild all requests and responses directed to the host or coming from it, thus neutralizing certain unusual activity. 7th Signature Based, dictionary of known fingerprints is used and run across a set of input. Finally Anomaly Based, in this phase computer behavior is studied extensively under normal operating conditions. [17]
Inline network intrusion detection system, applicationbased firewalls/IDS, layer seven switches, network-based application IDSs and deceptive applications are IPS types that used in many different cases. there are three concepts could be achieved by using IPS which is : Confidentiality where IPS prevent unauthorized access for stored information , Integrity IPS prevent modification from unauthorized user and Availability IPS prevent any use or access from unauthorized user. [15], IPS can’t block behavior based DOS attack [25].
Farhaoui focuses on the IPS, which capable of taking immediate measures to deal with attacks and intrusions without manual interception. Then he shows features of the IPDS tools and displays them as follows:
There are two main types of IPS: Host IPS (HIPS) and Network IPS (NIPS). HIPS depend on agents installed on protected system. Connect with operating system (Kernel) and other services, monitoring system call in kernel and data stream and application environment to protect application from attack that don't have signature. But there is a problem with this system which is the direct connection with the operating system, when there is an upgrade for the OS this might cause a problem. The NIPS has at least two network interfaces, internal and external [16]. NIPS considered as the first line of defense for network infrastructure where it responsible of blocking internal and external on the wire, also NIPS use own processor and memory, NIPS are a single point of failure, which is considered a weakness , on the other hand, this property makes it simpler to maintain. NIPS can detect events scattered over the network and can react, whereas with a HIPS, only the host's data itself is available to make a decision. [16]
•
Online machine that can detect accurately the attack and block them.
•
Easy and quick adaptation with an anticipation of the unknown intrusions
•
Accurate interception.
•
Efficient security management. [13]
Einstein, a project built by The U.S. governments. Which is the solution for many intrusions and attack such as Internet security, Agency faced phasing, IP spoofing, bonnets, denials of service (DOS), and man-in-the-middle attacks. This software has three versions as follows: Einstein1 (E1): created to do to real-time, or near existenttime automatic collection, correlation, and analysis of computer intrusion information.
1) IDPS Typical components are IDPS components are Sensor/Agent, Monitors and analyze network activity. Database Server, Used as a store for event information recorded by the sensors. Management Server, receives, analyzes and manages event information from the sensors/agents. Console, Provides an interface for the users and administrators [17]
Einstein 2 (E2): work depending on devices located at the Internet access point, to monitor traffic coming into or exiting from government networks and to alert United States Computer Emergency Readiness Team (US-CERT) whenever traffic matching signatures, patterns of known malware. Einstein3 (E3): this version uses the IPS to stop malware reaching government sites. E3 devices will be performing deep packet inspection of content, discarding suspect traffic before it reaches union systems.
2) Types of IDPS Technique: Performance on a wide range of recording data related to events detected in the network. You can use this data later to make sure health alerts, investigation, and to link the events between displaced and other sources from the registry. [17]
E3 has been tested only by using data single medium-sized. DOS attacks is daunting; Federal agency had been measured DOS attacks at 100 GB/s. it is unlikely that the current generation of any network device would bubble to resist the DOS attacks at this rate let alone modern attack rates soon. However, it is likely that new DOS attacks will be developed using Einstein's monitoring functionality for the attack triggering. [12]
1st Code Analysis, which identified malicious activity by analyzing attempts to execute code. 2nd Network Traffic Analysis and Filtering, based on the Analyses network, transport and application layer protocols and include processing for common applications. 3rd File System Monitoring, contains different type of methods like file integrity checking, file attribute checking. Log Analysis identifies malicious activity by monitoring and analyzing system and application logs. 4th Network Configuration Monitoring based on monitor a host’s current network configuration and detects changes to it. 5th Process Status Monitoring monitors the status of the processes and services
VII. CONCLUSION Attacks leave harmful result and failures, Therefore there are so many ways to address these intrusions and attacks, IPS is a suitable solution to prevent these attacks, while IDS can detect these attacks. IPS is an effective and efficient system to detect and prevent attacks by using many methods. However, 17
Canadian Journal on Network and Information Security Vol. 3 No. 1, August 2012 [2]
IPS used many analysis methods to prevent attacks Decision making methods is a new approach which not been investigate to be used as a preventing method for one of the IPS.
[3]
Decision making methods are used as an IDS detection method such as neural network, fuzzy logic, pros and cons and GA. So, since it can be use decision making in IDS. [4]
IPS is very useful in large networks, IPS will prevent attacks from harming the network, using security resources, and reduce the operating costs of deployment simply one.
[5]
[6]
In figure 5, the IPS will use one of decision making methods to get a series of actions actn. IPS system consists of two main type detecting method and decision making method. We have positive view for using decision making with IPS, where it shows great result with IDS such as using neural network with fuzzy logic in IDS the result is to achieve classification model with high intrusion detection accuracy and mainly with low false negative;. So, it will be good to have IPS system with one of decision making and it will be the good start point to use other different decision making methods.
[7]
[8] [9]
[10]
Start [11] incoming packet [12]
NO
IDS
Out coming packet
[13]
Yes Detected Packet END
[14]
[15]
[16] [17]
[18] [19]
[20]
end
[21] [22]
Figure 5: Flow chart show DM in IPS system
VIII. [1]
REFERENCES
[23]
pandey, s. (5 may 2011). "modern network security: issues and challenges." international journal of engineering science and technology (ijest).
18
Kanwal Garg , R. C., , et al. (2011). "DETECTION OF DDOS ATTACKS USING DATA MINING " International Journal of Computing and Business Research (IJCBR) 2(1).. M. Bahrololum, E. S. a. M. K. (2009). "ANOM A L Y I NT RUSION DE TE CT ION DE SIGN USING H Y BRID OF U NSUPE RV ISE D A ND S UPE RV ISE D N E URA L A BS T RACT N ET WORK " International Journal of Computer Networks & Communications (IJCNC), 1(2). ] iftikhar ahmad , a. B. A. A. A. S. A. (october 6–10, 2009). Application of artificial neural network in detection of dos attacks sin’09,North cyprus, turkey, acm 978-1-60558-412-6/09/10. stiawan, d., a. H. Abdullah, et al. (2011). "pitcher flow: unified integration for intrusion prevention system " international conference on computer communication and management. K.Duraiswamy, G. P. and ( March 2010 ). "Intrusion Detection System in UDP Protocol " IJCSNS International Journal of Computer Science and Network Security, 10(3). Rehman, R. U. (© 2003 Pearson Education, Inc.). Intrusion Detection Systems with Snort Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID. Bhaiji, Y. (Apr 27, 2009). Network Security Technologies and Solutions (CCIE Professional Development Series) Cisco Press. B. Pahlevanzadeh, S. A. H. S., T.C. Wan, R. Budiarto, Mohammed M. Kadhum (21 - 22 November 2008). A Cluster-Based Distributed Hierarchical IDS for MANETs International Conference on Network Applications, Protocols and Services 2008 (NetApps2008) ,Executive Development Center, Universiti Utara Malaysi. Yogesh Kumar, S. D. ( January 2012). "A REVIEW ON INFORMATION FLOW IN INTRUSION DETECTION SYSTEM " IJCEM International Journal of Computational Engineering & Management 15. a. Fuchsberger, “intrusion detection systems and intrusion prevention systems,” information securitytechnical report, vol. 10, 2005, pp. 134139. o. Robinson, "harnessing the univac computer and 802.11 mesh networks using donat," ntt technical review, vol. 76, pp. 76-97, oct. 2002. farhaoui, y. (7 july 2011). "performance method of assessment of the intrusion detection and prevention systems." international journal of engineering science and technology (ijest). gore, a. S. A. A. S. (2011). "difference between intrusion detection system (ids) and intrusion prevention system (ips) " communications in computer and information science Amjad Abdallah Abdelkarim, H. H. O. N. and (January, 2011,). "INTRUSION PREVENTION SYSTEM "INTERNATIONAL JOURNAL Of ACADEMIC RESEARCH 3(1). Group, T. N. (January 2004 ). Intrusion Prevention Systems (IPS) Indraneel Mukhopadhyay, M. C., Satyajit Chakrabarti (2011). "A Comparative Study of Related Technologies of Intrusion Detection & Prevention Systems " Journal of Information Security,. Harris, R. (December 2, 2009 ). "Introduction to Decision Making." from http://www.virtualsalt.com/crebook5.htm mikelloydtech. (October 22, 2011). "Artificial Intelligence in Schooling Systems." From http://edutechassociates.net/2011/10/22/artificialintelligence-in-schooling-systems. A.A, O. J. C. a. I. (May 2011 ). "Decision Support System for the Intelligient Identification of Alzheimer using Neuro Fuzzy logic." International Journal on Soft Computing ( IJSC ) Vol.2. PLANQUART, J.-P. (2001) "Application of Neural Networks to Intrusion Detection." mehrotra, m. M. T. J. A. M. (jul 2010). "design network intrusion detection system using hybrid fuzzy-neural network , " international journal of computer science and security, volume (4). dermott, d. M. (2006-2012 ). "an overview of decision making models." from http://www.decision-making- confidence.com/decision-makingmodels.html.
.
Canadian Journal on Network and Information Security Vol. 3 No. 1, August 2012 [24] trademarks of Sourcefire, I. (2010). Snort and Sourcefire from http://www.snort.org./. [25] LTD., e. (2001-2012) "(D)DoS Attack (Denial-of-service).", http://blog.eukhost.com/webhosting/ddos-attack-denial-of-service/ [26] Holland, J. (2003). INTRODUCTION TO GENETIC OGRAMMING. [27] Navas, H. V. G. B., David F. N. (septiembre 2011). "Selection of a Stirrer Drive Configuration Using Pugh Decision Matrix Methodology." Network of Scientific Journals 15(1665-0654). [28] Oliveira, A. (2007). "A Discussion of Rational and Psychological Decision-Making Theories and Models: The Search for a CulturalEthical Decision-Making Model." Electronic Journal of Business Ethics and Organization Studies Vol. 12, No. 2. [29] NGUYEN, P. M. N., NGUYEN, QUYNH ANH (Spring 2012). TRANSITION FROM IPv4 TO IPv6 Best Transition Method for Large Enterprise Networks Information Technology Lahti University of Applied Sciences Bachelor’s 97 pages, 25 pages of appendices
[31] Shanmugavadivu, R. (2010). "NETWORK INTRUSION DETECTION SYSTEM USING FUZZY LOGIC " Indian Journal of Computer Science and Engineering (IJCSE) Vol. 2 No. 1(ISSN : 0976-5166). [32] Adel Jahanbani, Hossein Karimi (2012). " A new Approach for Detecting Intrusions Based on the PCA Neural Networks " Journal of Basic and Applied Scientific Research (ISSN 2090-4304 ). [33] Prof. K.Angayarkkani, D. N. R. (2009). "Efficient Forest Fire Detection System: A Spatial Data Mining and Image Processing Based Approach " International Journal of Computer Science and Network Security VOL.9 No.3. [34] Jamshidi, H. (12-14 Dec. 2011). Fusion of digital map traffic signs and camera-detected signs. Signal Processing and Communication Systems (ICSPCS). Blekinge Inst. of Technol., Karlskrona, Sweden [35] PANDEY, S. ( 2011). "MODERN NETWORK SECURITY: ISSUES AND CHALLENGES " International Journal of Engineering Science and Technology Vol.3.
[30] Shaik Akbar, D. K. N. R., Dr.J.A.Chandulal (2011). "Implementing Rule based Genetic Algorithm as a Solution for Intrusion Detection System " IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.8.
19
