MCL

Restoring privacy of users to foster Mobile Collaborative learning (MCL) 1

Abdul Razaque, 2Khaled Elleithy

Abstract – Mobile collaborative learning (MCL) is highly acknowledged and focusing paradigm in educational institutions and several organizations across the world. It exhibits intellectual synergy of various combined minds to handle problem and stimulate social activity of mutual understanding. To improve and foster baseline of MCL, several supporting architectures, frameworks including number of the mobile applications have been introduced. No one has particularly focused to enhance the security of those paradigms to provide secure MCL to users. The paper handles issues of rogue DHCP server that highly affects network resources during MCL. The rogue DHCP is unauthorized server that releases incorrect IP address to users and sniffs the traffic illegally. The contribution specially provides privacy to users and enhances security aspects of mobile supported collaborative framework (MSCF). The paper introduces multi-frame signature-cum anomaly-based intrusion detection system (MSAIDS) supported with novel algorithm. The major target of contribution is to detect malicious attacks and blocks illegal activities of rogue DHCP server. This innovative security mechanism reinforces the confidence of users, protects network from illicit intervention and restore privacy of users. Finally, the paper validates the idea through ns2 simulations. General terms: Design; Development; Theory. Keywords: Client; DHCP server; rogue DHCP server; mobile learning environment; algorithms; signature-cum anomaly based Intrusion detection.

INTRODUCTION The rapid developments in information technologies (IT) have improvised the use of mobile devices in open, large scale and heterogeneous environments. The mobile devices provide the bridge to connect users anytime and anywhere in the world. The deployment of mobile devices has not only underpinned communication but also created many chances for malicious attackers to crack the integrity and privacy of users. The mobile users are highly dependent on DHCP server for issuance of IP addresses. The DHCP server provides highly organized and useful administrative service to mobile devices. However, unauthorized and misconfigured DHCP server (rogue DHCP) is used into a network; it creates problems for users, breaking the security. It invites intruders to redirect and intercept network traffic of any device that uses the DHCP. Intruder modifies original contents of communication. The malware and Trojans horse install rogue DHCP server automatically on network and affect legitimate servers. If rogue DHCP server assigns an incorrect IP address faster than original DHCP server, it causes potentially black hole for users. To control the malicious attacks and avoiding network blockage, the network administrators put their efforts to guarantee components of server, using various tools. The graphical user interface (GUI) tool is used to prevent the attacks of rogue detection [5]. Idea of using multilayer switches may be configured to control the attacks of rogue DHCP server but it is little bit complex and not efficient to detect rogue DHCP server and its malicious consequences. According to statement of Subhash Badri, the representative of DHCP Server team mentions in his online report that GUI tool cannot make difference between malicious DHCP servers and erroneously configured rogue [7]. The DHCP spoofing is another solution for detecting rogue DHCP server. However, if single segment is spoofed that damages whole network. Spoofing method takes long time till attacker has enough time to capture traffic and assign the wrong IP addresses [8]. Time-tested, DHCP Find Roadkil.net’s, DHCP Sentry, Dhcploc.exe and DHCP-probe provide solution to detect and defend rogue DHCP server malware [6]. ________________________ 1

Computer Science and Engineering Department, University of Bridgeport, [email protected]

2

Computer Science and Engineering Department, University of Bridgeport, [email protected]

2012 ASEE Northeast Section Conference

University of Massachusetts Lowell

All of these tools cannot detect the new malicious attacks. Intrusion detection systems (IDS) are also introduced to ensure protection of systems and networks. However, IDS cannot detect the intrusion due to increase in size of networks. The Signature based detection does not have capacity to compare each packet with each signature in database [2]. Distributed Intrusion Detection System (DIDS) is another technique to support the mobile agents. This technique helps the system to sense the intrusion from incoming and outgoing traffics to detect the known attacks [1]. Ant colony optimization (ACO) based distributed intrusion detection system is introduced to detect intrusions in the distributed environments. It detects the visible activities of attackers and identifies the attack of false alarm rate [3]. Anomaly based intrusion detection are introduced to detect those attacks for which no signatures exist [4], [6], [10].Both signature based and anomaly based IDS have not been used to detect the problems of rogue DHCP server. This paper introduces MSAIDS supported with novel algorithm to detect the malicious attacks for privacy of users.

RELATED WORK The modern technologies and its deployment in computer and mobile devices have not only created new opportunities for better services but from other perspective, privacy of the users is highly questionable. The network-intruder and virus contagion extremely affect computer systems and its counterparts. Handling these issues and restoring security of systems, IDS are introduced to control malicious attackers.IDS are erroneous and not providing the persistent solution in its current shape. The first contribution in the field of intrusion detection was deliberated by J.P Anderson in [24]. The author introduced notion about security of computer systems and related threats. Initially, Author discovered three attacks that are misfeasors, external penetrations and internal penetrations. The classification of typical IDS is discussed in [17]. The focus of the contribution is about reviewing the agentbased IDS for mobile devices. They have stated the problems and strength of each category of classification and suggested methods to improve performance of mobile agent for IDS design. Four types of attacks are discussed in [21] for security of network. They have also simulated the behavior of these attacks by using simulation of ns2. A multi-ant colonies technique is proposed in [18] for clustering the data. It involves independent, parallel ant colonies and a queen ant agent. They state that each process for ant colony takes dissimilar forms of ants at moving speed. They have generated various clustering results by using ant-based clustering algorithm. The findings show that outlier’s lowest strategy for choosing the recent data set has better performance. The contribution covers the clustering-based approach. The discussed work in [22], implements the genetic algorithm (GA) with IDS to prevent the network from attack of intruders. The focus of technique is to use information theory to scrutinize the traffic and thus decrease complexity. They have used linear structure rules to categorize activities of network into abnormal and normal behaviors. The work done in [1] is about the framework of distributed Intrusion Detection System that supports mobile agents. The focus of work is to sense the both outside and inside network division. The mobile-agents control remote sniffer, data and known attacks. They have used data mining method for detection and data analysis. Dynamic Multi-Layer Signature based (DMSIDS) is proposed in [2]. It detects looming threats by using mobile agents. Authors have introduced small and well-organized multiple databases. The small signature-based databases are also updated at the same time regularly. Algorithm is presented for adaptive network intrusion detection (ANID). The base of algorithm is on naive decision tree and naive Bayesian classifier [19]. The algorithm performs detection and keeps the track of false positive at balanced level for various types of network attacks. It also handles some problems of data mining such as dealing with lost attribute values, controlling continuous attributes and lessening the noise in training data. Work is tested by using KDD99 benchmark for intrusion detection dataset. The experiment has reduced the false positive by using limited resources. Moreover, all of the proposed techniques cover general idea of network detection but proposed MSAIDS technique handles the irreplaceable issues of DHCP rogue server in specific network. It controls signature and anomaly based attacks to be generated by DHCP rogue. The contribution also prevents almost all types of attacks. One of the most promising aspects of this research is uniqueness because there is no single contribution is available in survey to control DHCP rogue.

ARCHITECTURE FOR MSCS The architecture for MSCS is envisioned as promising platform that supports latest technologies and mobile applications to meet pedagogical requirements and other collaborative activities within educational institutions and beyond. This integrates various functional components to cover all necessary features for MCL from sending SMS



to large size of videos. It supports to content generation, content fragmentation, content buffering, content retrieving, content integrating, content diagnosing, content modification, content visualization, content refinement, and ultimately to dissemination of results.

1.1. Mobile supported content server (MSCS)

Figure 1: Mobile supported content server for synchronization communication

MSCS consists of four layers, which are base layer, coordination layer, modification layer and visualization Layer. All of the layers collectively support to asynchronous and synchronous collaboration, support for multimodal, provision of archive updating, middleware support, virtual support, application sharing facility, provision of facility to join in middle of the session, recording the activities of participants, opportunities for interactive and shard white board, connectivity management support, support for session management, facility to head of organization to check the activities of participants, notification of participant's availability, giving the rights to participants to contact and invite other participants anytime. Architecture provides bindings to all theories of mobile learning explained in [11]. It also synthesizes real environment for several successful ongoing projects to cover all features for mobile learning. The base layer plays central importance in MSCS that creates contents for users. The users interact with MSCS inside or outside the organization for obtaining the learning and other information. The MSCS facilitates for all the quarries and information of governmental and non-governmental organization but particularly educational institutions. The most important feature of MSCS is replacement of class room study. If users do not want to attend the class then they are registered with MSCS. It automatically provides the access to listen and watch the on-line lecture and other information anywhere. This is contributed as promising feature of MSCS to attract the students and several organizations. The users are also provided the facility of Really syndicate syndrome (RSS) fed to store the information for collaboration. The



feature of RSS fed provides opportunities to apply knowledge what they gain in classroom. The number of students enjoys and feels comfortable working as collaborative group by using RSS fed. The building the knowledge-based approach to transfer the teacher-focused learning to student-focused learning and task-assigned learning to understandable-based learning must have central position [12] [13] & [14]. The objectives of MSCS have been achieved with support o enterprise data warehouse (EDW). The EDW provides access of data from multiple sources that gives accurate, consistent, detailed, integrated, secure and timely [15] & [16]. Users inside and outside of the organization are able to assess their requirements, fulfill research activities, set the priorities and feel impact of change. EDW provides the heterogamous environment to make analytical and decision support requirements of organization. The architecture of MSCS is innovative idea that attracts various users to seek again an admission that will be cause of increasing the literacy ratio and motivating the various organizations to deploy it for collaborative and meeting other organizational targets. The MSCS also comprises of content server engine (CSE) that is very efficient to handle requests coming from the users. It searches either the requested information into the EDW or gives the access to users to listen and watch lectures or other live activities. CSE identifies the mobile users on basis of mobile information device profile (MIDF), status of previous network condition and requested URL. Another promising feature of MSCS is satisfying the authorization and authentication process in order to provide the access to legitimate users only. This job is done with help of CSE to verify the status of the users. If illegitimate user sends request for getting the contents for collaborative learning that request is declined. CSE is implemented on Internet information server (Web server) that also provides access to those users who will use health applications, bioinformatics, educational, defense, security, business and banking related applications. MSCS deals with three types of services normal, low priority and high priority. If request is about normal service that is handled with file system manager. It supports to text, graphs and small size of videos. Requests about large size of videos are dealt with database manager that is considered as low priority services provider. High priority covers all type of data services including text, graph, images and voice. This task is performed with integration of cache server, which set its own Hyper text transfer protocol (HTTP) connection. The cache server gets the request from mobile and delivers the learning materials immediately. In case requested material is not cached on cache server that is obtained from EDW. The beauty of cache server is to have direct access to EDW. This process provides the faster delivery of learning material. With introduction of cache server, time is saved of backups and log monitoring because substantial time is spent on these activities every day. MSCS incorporates Akamai's free flow that works as server to provide fault-tolerant delivery service to users in efficient and fastest way. Optimized algorithm of free flow identifies network condition and maps request of each end user to obtain the contents from EDW and deliver quicker. Free flow maintains three types of service-denying failures including machine failures, data center outages and network Outages [20]. It is more effective for several forms of collaborative learning including Blog, beaming and sharing information, web forum and wiki. The multiple use of repository in MSCS captures and preserves communication process. It serves as tangible indicators for improving the quality of mobile learning [9]. MSCS has several benefits but it has major threats of restoring the privacy of data. Mobile nodes are dependent on DHCP sever for getting IP address but intervention of rogue DHCP server creates problems for privacy of users.

POSSIBLE ATTACKS OF ROGUE DHCP SERVER AT MSCS The first sign of problem associated with rogue DHCP server is discontinuation of network service. The static and portable devices start experiencing due to network issues. The issues are started by assigning the wrong IP address to legitimate users to initiate the session. The intruders take advantages of rogue DHCP server and sniff the traffic. Rogue DHCP server spreads wrong network parameters that create the bridge for attackers to expose the confidentiality and privacy. Trojans like DNS-changing installs the rogue DHCP server and pollutes the network. It provides the chance to attackers to use the compromised resources on the network. Rogue DHCP server creates several problems to expose the privacy of legitimate users. The most three important attacks are created: Network disrupting attack, Denial of service attack (DOS) and masquerading attack. The figure 2 shows how the attacks are generated by rogue DHCP server.



Figure 2: Behavior of DHCP Rogue during the attack

PROPOSED MULTI-FRAME SIGNATURE-CUM-ANONALY BASED INTRUSION DETECTION SYSTEM (MSAIDS) Networks are being converged rapidly and thousands of heterogeneous devices are connected. The devices integrated in large networks, communicate through several types of protocols and technologies. This large scale heterogeneous environment invites intruders to expose the security of users. Many signature-based IDS are available to detect the attacks but some of new attacks cannot be identified and controlled. Anomaly-based IDS is another option but it can only detect new patterns of attack. The multi-frame signature-cum anomaly-based intrusion detection system (MSAIDS) supported with algorithms is proposed to resolve the issue of DHCP rogue. The proposed framework consists of detecting server (DS) that controls IDS and its related three units: (i) DHCP verifier unit (ii) signature database and (iii) anomaly database. The capturing process of DS consists of three cycles. In the first capturing cycle, DS starts detection process on the base of algorithm 1. This algorithm supports three units of DS. Detection process starts from DHCP verifier, if any malicious activity is detected that stops the process otherwise other units starts capturing process until they continue search process whether malicious activity is detected or not. DHCP verifier determines fake process of issuance of IP address of rogue DHCP server on base of stored frame for DHCP server (FD). Signature of each legitimate DHCP server (D) is stored with FD in DHCP verifier. If D € FD then DHCP verifier does not produce any alarm if it does not match then it produces beep sound. So, verification process of DHCP server is completed. In second cycle, signature database layer activates capturing process. Frame of known signatures (FS) is stored in signature based intrusion detection system. Here, FS ⊆ SIDS that means all of FS must be stored in SIDS. Number & Types of attacks denotes with I. Therefore I must be I ⊆ FS. The signature matching process of ‘I’ starts until all



of the FS is checked. If known attack matches, SIDS gives alarm of attack. In third cycle, anomaly database layer starts process for detecting unknown malicious activity. Frames of anomalies (FA) are stored in anomalies based IDS (AIDS). Hence, FA ⊆ AIDS. All attacks (I) are matched until I must be ≤ FA in database. If ‘I’ match to any stored anomalies that AIDS creates alarm of attack. Therefore, process of three cycles finishes; if we get the message I ∉ FS & I ∉ FA. It means there is malicious activity and communication is highly secured. This whole process increases the confidence level of users during synchronous and asynchronous communication, using MSCS.

Figure 3: Multi-frame signature-cum-anomaly based IDS

Algorithm 1: Verify DHCP server and detecting the attack 1. Input: MF =(FD, FS,FA & I) 2. Output : For every strategy I € FA, I € FS, D € FD) 3. D = Each valid DHCP Server 4. IP= Internet protocol address 5. N= Number of mobile devices 6. FD= Frame DHCP server 7. If D € FD 8. IP→ N 9. endif 10. SIDS= Number of available signatures in signature based Intrusion detection system 11. FS= Frame of signatures 12. FS SIDS 13. I= Number & Types of attacks 14. For ( I=S; I ≤ FS; I++) 15. If I FS 16. SIDS attack alert 17. endif 18. endfor 19. AIDS= Number of signatures available in Anomaly based Intrusion detection system 20. FA= Frame of AIDS 21. FA AIDS 22. For ( I =A; I ≤ FA ; I ++)



23. 24. 25. 26. 27. 28. 29.

If I FA AIDS raises alert If ( I ≠ FS & I ± FA) No alert ( No attack) endif endif endfor

SIMULATION SETUP We have implemented our approach using the network simulator ns2.34 RC3 on Redhat-9 Unix operating system. We have created network environment by deploying NAM simulator. The scenario gives impression of realistic environment because attacker uses attacking data packets to capture the information of legitimate user. Total simulation time is 35 minutes. Attacks are generated using random function to be applied in [21]. We also make categories of attacks: U2R, RL2, DOS attacks and probe attacks. These attacks are identified on basis of some specific rules. The simulation provides quite interesting results because frequently generated attacks are of different numbers. The maximum number of attacks pertains to DOS category. If attack is not generated then it is considered as normal traffic. The frequency of single and group characters is displayed when packets reach at the attacker machine. It is observed on the basis of output that different types of detected attacks are generated due to rogue DHCP server. The DOS attacks are detected when packet does not reach at destination and received no acknowledgment. The sign of probe attack is addition of new data in existing amount of data bytes. U2R is the sign of maximum connection duration. R2L attacks are little bit complex to detect. We apply method that comprises of service requested and duration of connection for network and attempts failed login for host. After simulation, the output is generated in tr file and NAM in figure 4 shows behavior of whole simulation. It shows that proposed approach does not restrict the generating ratio of packets. From other side, the proposed approaches provides highest capturing ratio. The result of attacks is analyzed and sorted against each category of attacks given in table 1. Table 1: Showing types of attacks Parameters

(MSAIDS)

Total number of packet to be received

236719

Total number of packet to be analyzed

236456

Total number of attack to be generated

87005

DOS attacks

33214

U2R attacks

12454

R2L attacks

33123

Probe attacks

6214

Total number of signature based attack to be generated

42003

Total number of anomaly based attack to be generated

42002

Total number of anomaly based attacks to be captured

45001

Signature based attacks to be captured

42001

Figure 4. Showing NAM of attacker and MSAIDS approach

ANALYSIS OF RESULT AND DISCUSSION Due to anomalies, confidentiality of MSCS is exploited and privacy of the user is exposed. The proposed method also captures the real worm attacks and all other looming attacks. MSAIDS captures known attacks frequently. The figure 5 shows capturing capability of known attacks.



10000

20000

30000

NUMBER OF KNOWN ATTACKS

40000

50000

50000 40000 30000 20000 10000

G enerate d know n attacks

C a p tu re d a n o m a lie s a tta c k s

C aptured K now n attacks

0

0

0

5

10

15

20

25

35

30

0

5

10

T IM E IN M IN U T E S

15

20

25

30

35

T IM E IN M IN U TE S

Figure 5. Generated Known attacks and captured known attacks

Figure 6. Generated anomalies attacks and captured anomalies attacks

The major advantage of MSAIDS approach is also to detect all types of anomalies and unknown threats efficiently. The systems are mostly infected due to new sort of malwares because they consume the processing resources of system. If resources of system are utilized by unnecessary programs then communication is highly affected. In consequence, collaboration process is disrupted. MSAIDS also detects the activity for any specific session. It creates specific alarm for each type of anomalies. The beauty of this approach is high capturing capability of anomalies shown in figure 6. Furthermore, implemented algorithms and addition of some new rules in ordinary IDS improves the performance and restore the privacy of users. The implementation of MSAIDS is supported with sound architectural design that is robust and persistent when attack is detected. Statistical data shows 99.996% overall efficiency of MSAIDS shown in figure 7. The efficiency of MSAIDS is calculated with following formula: Here, overall efficiency = Ea; Total generated signature based attacks = TSA; Total anomaly based attacks =TAS; Missed signature based attacks = MSA; Missed anomaly based attacks = MAA & total generated attacks = TGA. Thus, Ea = (TSA + TAA) – MSA + MAA) * 100 / TGA.

M S A ID S

PROBE DOS

20

30

40

U 2R R 2L

10

20

40

60

80

TYPES OF DIFFERENT GENERATED ATTACKS

50

100

One of the interesting factors of this research is to capture of different types of Dos attack and Probe attack. These types of attacks are hard to detect and capture. Behavior of various types of attacks is shown in figure 8

OVERALL EFFICIENCY OF MSAIDS 100%

NUMBER OF ANOMALIES ATTACKS

G e n e ra te d a n o m a lie s a tta c k s

0

0 0

5

10

15

20

25

30

35

0

5

10

15

20

25

30



Figure7. Overall efficiency of MSAIDS


Figure 8. Behavior of different types of attacks


35

CONCLUSION In this paper, multi-frame signature-cum anomaly-based intrusion detection systems (MSAIDS) is presented. MSAIDS controls malicious activities of DHCP rogue server to restore the privacy of users for MCL. The paper discusses MSCS and highlights all the malicious threats to be generated by DHCP rogue. The intruders use DHCP server to sniff traffic and finally deteriorate confidential information. The mechanism of current IDS does not have enough capability to control the all malicious threats. Furthermore, DHCP rogue is visibly very simple but crashes network as well as the privacy of users and even creates nastier attacks like Sniffing network traffic, masquerading attack, shutting down the systems and DOS. The first is detailed explanation of mobile supported content server and possible attacks on system generated by DHCP rogue. To resolve this issue, second propose the technique that is based on novel algorithm that supports to capture both types of known and anomalies based attacks. To validate proposal, technique is simulated using ns2. On basis of simulation, we obtain very interesting data, which show that MSAIDS improves the capturing performance and controls attacks during MCL over heterogeneous network. Finally, we analyze performance of MSAIDS and plot the data in graphical form to show strngth of approach. Furthermore the broader impact of this research is to substantiate the communication and also boost the confidential level of the users.

REFERENCES [1] AdityaVidyarthi and A. S. Saxena, "Conceiving a intrusion detection system in the network by mobile agents” ,International Journal of Computer Science and Communication Vol. 2, No. 2, July-December 2011, pp. 497-499 [2] MueenUddin, Kamran Khowaja, Azizah Abdul Rehman, "Dynamic Multi-Layer Signature Based Intrusion Detection System Using Mobile Agents", International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010. [3] S. Janakiraman, V. Vasudevan, "ACO based Distributed Intrusion Detection System", International Journal of Digital Content Technology and its Applications Volume 3, Number 1, March 2009. [4] D. Boughaci, H. Drias, A. Dendib, Y. Bouznit, and B. Benhauou, “Distributed intrusion detection framework based on autonomous and mobile agents”, Proceedings of the International Conference on Dependability of Computer Systems, pp. 248-255, May, 2006. [5] MikroTik, "DHCP Client and Server", document revision 2.7, V2.9, 2005. [6] Dayong Ye, QuanBai, and Minjie Zhang, “P2P Distributed Intrusion Detections by using Mobile Agents”, Seventh IEEE/ACIS International Conference on Computer and Information Science, IEEE Computer Society, pp. 259-265, IEEE, 2008. [7] Microsoft Windows DHCP Team Blog,"Rogue DHCP Server"from website: detectionhttp://blogs.technet.com /03/rogue-dhcp-server-detection.aspx. [8] Overview of DHCP Snooping, “Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX", 2010. [9] kerstin, "How to handle multiple repositories in Eclipse",metafora-project:: A platform for learning to learn together, Apr 8, 2011. [10] DalilaBoughau, HabibaDrias, Ahmed Bendib, YoucefBouznit and BelaidBenhamou, “A Distributed Intrusion Detection Framework based on Autonomous and Mobile Agents”, Proceedings of the International Conference on Dependability of Computer Systems (DEPCOS RELCOMEX’06), IEEE Computer Society, IEEE 2006. of mobile [11] Nilgun Ozdamar keskin, David Metcalf," The current perspectives, theories and practices learning",TOJET: The Turkish Online Journal of Educational Technology – April 2011, volume 10 Issue 2. [12] Hyo-Jeong So, Esther Tan, & Jennifer Tay, " Fostering Collaborative Knowledge Building Culture: Initial Experiences in the Context of Mobile Learning", 2011. [13] So, H., Seah, L. H., & Toh-Heng, H. L. (2010). Designing collaborative knowledge building environments accessible to all learners: Impacts and design challenges. Computers & Education, 54(2), 479-490. [14] Oshima, J., Oshima, R., Murayama, I., Inagaki, S., Takenaka, M., Yamamoto, T., Yamaguchi, E., et al. (2006). Knowledge-building activity structures in Japanese elementary science pedagogy. International Journal of Computer-Supported Collaborative Learning, 1(2), 229- 246. [15] A. Mehta, C. Gupta and U. Dayal. BI Batch Manager: A System forManaging Batch Workloads on Enterprise Data Warehouses. In EDBT (To appear), 2008. [16] Abhay Mehta, Chetan Gupta, Song Wang, Umeshwar Dayal ,"AutomatedWorkload Management for



Enterprise Data Warehouses"Bulletin of the IEEE Computer Society Technical Committee on Data Engineering, 2008. [17] SaidatAdebukolaOnashoga, Adebayo D. Akinde,, Adesina Simon Sodiya,”A Strategic Review of Existing Mobile Agent-Based Intrusion Detection Systems”, Issues in Informing Science and Information Technology Volume 6, 2009. [18] G. Helmer, J.S.K. Wong, V. Honavar, and L. Miller, “Automated discovery of concise predictive rules for intrusion detection,” Journal of Systems and Software, vol. 60, no. 3, 2002, pp. 165- 175. [19] Dewan Md. Farid, NouriaHarbi, Mohammad ZahidurRahman, “ Combining naïve bayes and decision tree for daptive intrusion detection” International Journal of Network Security & Its Applications (IJNSA), Volume 2, Number 2, April 2010, PP. 12-25. [20] Akamai"Fast Internet Content Delivery with FreeFlow",Akamai Technologies, 2000 [21] Sapna S. Kaushik, Dr. Prof.P.R.Deshmukh, “Detection of Attacks in an Intrusion Detection System”, International Journal of Computer science and information technologies (IJCSIT) ISSN: 0975-9646, Vol. 2 (3), 2011. [22] B. Abdullah*, Abd-alghafar, Gouda I. Salama, A. Abd-alhafez, “performance evaluation of a genetic algorithm based approach to network intrusion detection system”, 13th International Conference on Aerospace Scientific and aviation technology (ASAT- 13, May 26 – 28, 2009. [23] D. Moore, G. M. Voelker, and S. Savage. Inferring Internet denial-of-service activity. In Proc. USENIX Security Symposium, Washington D.C, Aug. 2001. [24] Anderson, J.P. (April, 1980). Computer Security Threat Monitoring and Surveillance. Technical Report,J.P. Anderson Company, Fort Washington, Pen

Mr. Abdul Razaque is PhD student of computer science and Engineering department in University of Bridgeport. His current research interests include the design and development of learning environment to support the learning about heterogamous domain, collaborative discovery learning, and the development of mobile applications and congestion mechanism of transmission of control protocol including various existing variants. He has published over 30 research contributions in refereed conferences, international journals and books. He has also presented his work more than 10 countries. He has been working as a program committee member in IEEE, IET, ICCAIE, ICOS, ISIEA and Mosharka International conference. Abdul Razaque served as Assistant Professor at federal Directorate of Education, Islamabad. He completed his Bachelor and Master degree in computer science from university of Sindh in 2002. He obtained another Master degree with specialization of multimedia and communication (MC) from Mohammed Ali Jinnah University, Pakistan in 2008. Dr. Khaled Elleithy is the Associate Dean for Graduate Studies in the School of Engineering at the University of Bridgeport. His research interests are in the areas of mobile wireless communications, network security and formal approaches for design and verification and Mobile collaborative learning. He has published more than one hundred twenty research papers in international journals and conferences in his areas of expertise. Dr. Elleithy is the co-chair of International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering (CISSE).CISSE is the first Engineering/Computing and Systems Research E-Conference in the world to be completely conducted online in real-time via the internet and was successfully running for four years. Dr. Elleithy is the editor or co-editor of 10 books published by Springer for advances on Innovations and Advanced Techniques in Systems, Computing Sciences and Software. Dr. Elleithy received the B.Sc. degree in computer science and automatic control from Alexandria University in 1983, the MS Degree in computer networks from the same university in 1986, and the MS and Ph.D. degrees in computer science from The Center for Advanced Computer Studies in the University of Louisiana at Lafayette in 1988 and 1990, respectively. He received the award of "Distinguished Professor of the Year", University of Bridgeport, during the academic year 2006-2007.

