1.0 CHAPTER 1: INTRODUCTION1.1 BACKGROUNDCHAPTER 11.0 INTRODUCTIONWe are living in an era where information technology is paramount. Since we have found the power of technology and embraced it as a helping tool, we are trying to make it even more useful. Technology is dynamic; it is changing and improving almost every day. After the trend of desktop PCs and laptops, there was a newfound interest in mobile devices and tablets. Incorporating cyber security protections into software applications during development is a complex issue. In the ever-expanding digital age, virtually every aspect of human endeavor relies on secure transactions and operations. However, consideration of cyber security issues is often inadequate, leading to problems such as financial losses, data losses, and privacy breaches. From a systems and networking view, enormous efforts have been made to develop tools to combat specific types of cyber-attacks as they appear. However, hackers tend to think differently than developers of applications and are constantly and proactively developing increasingly notorious and creative attack strategies. Such attacks in planting malicious pieces of code that corrupt the application, steal sensitive customer information, or introduce malware such as viruses, worms and spyware, phishing, extortion schemes, and spam, can be exploit vulnerabilities introduced at any step of the development process. Software applications that are vulnerable to cyber-attacks can drive potential customers and users of the application away. To gain user trust in purposeful applications, it is important to carry out application development while carefully addressing security issues at each step. Software developers tend to focus on functional requirements, with little emphasis on non-functional requirements, such as security. In this paper we provide a survey of literature that is relevant to secure software development practices. Several security issues, concerns, challenges, and solutions at different phases of the software development life cycle as described in the literature on cyber security are also presented. However, the scope of this paper is limited to Analysis, Design, Implementation, and testing phases of the Software Development Life Cycle (SDLC). With technology advancement and mass digitalization of user personal data, establishing user trust has become an important factor in the use of software systems. Most software systems are potentially vulnerable to attacks even if there is strict adherence to leading edge principles of encryption and decryption. Security of software systems is classified into three categories: Confidentiality, Integrity and Availability. These categories are also collectively known as the CIA triad. Confidentiality is defined as “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…” Integrity is defined as “Guarding against improper information modification or destruction, and includes ensuring information non-reputation and authenticity…” Availability is defined as “Ensuring timely and reliable access to and use of information…” Security is often intertwined with trust. In the context of software systems, trust refers to the level of confidence or reliability that a person places in a software system, including the expectations that they have for the software fulfilling its purpose. Trust also refers to a relationship that a person forms with software applications that are online or over a network. Trust relationship is betrayed if the user’s expectations from these applications are not met. This raises questions concerning the kinds of expectations that users have with the applications and the factors that diminish trust. One factor arises from any negative risks that are associated with the usage of an application. There are traditional ways of assessing risk in cyber security. Again, insiders within an organization are also known to sometimes support and execute malicious attacks for which outsiders have minimal knowledge. As described by Colwill, Examples of autonomous systems include floor cleaning robots, agent software, military and private drones, surgery-performing robots and self-driving cars. Autonomous systems are managed and supervised independently by a single administrator, entity, or organization. Each autonomous system has a unique identifying label that can be used during data packet transfer between two systems. CHAPTER 22.0 METHODOLOGYThis research aims to study network security issues through survey method. In my term paper I will use a Survey that was conducted at Pune IT companies, it is intended to study challenges to intrusion detection for computer network security. Survey is conducted by questionnaire method. This research investigates applicability of data mining techniques for intrusion detection. To investigate this, experiment method is used. Various experiments are performed using machine learning software to know efficient methods for intrusion detection. Computer network security is the necessity of all IT companies with growing network. For network security one of the most critical factors is detection of intrusion attack on computer security. Intrusion detection is becoming a challenging task due to increased connectivity of computer system and services. In this context “What are challenges to intrusion detection for computer network security?” is the question to be tackled. Researcher seeks to study network security issues, specifically need of intrusion detection systems and challenges to intrusion detection system to ensure computer network security in IT industrial units of Pune region. This study is further intended to investigate how data mining techniques can serve for strengthening security. There is need to study how data mining can provide a mechanism to detect intrusion. What data mining techniques are useful to handle challenges of intrusion detection? For this various experiments using data mining methods are required to execute. These experiments are aiming to find out methods to resolve network security issue effectively. Aim of this study is to provide a framework which is capable to give solution for challenges to intrusion detection. This research intends to get answers for the following research questions. 1. What are the challenges to current intrusion detection systems? 2. What are the effective data mining techniques for intrusion detection? 3. Why computer network security is essential? 4. How to distinguish whether incoming network traffic is normal or intrusion. 5. How intrusion detection plays important role in computer network security? 2.0.1 Rational of the study IT industrial units need to manage security of computer network. Network security is an important factor of IT industrial units. Computer and computer network security becomes integral parts of all IT industries because of increased requirement of network and processing speed. As the network dramatically extended, security is considered as a major issue in computer networks. Internet attacks are increasing, and there have been various attack methods, consequently. The rapid development of Pune IT industries and growing network facilities makes computer security a critical issue. Because IT industrial units keep important and classified information on their computers, there is a great need to protect that information from those who would exploit it. One way to identify attack is by using IDS, which are designed to locate and alert systems administrators about the presence of malicious traffic. This study suggests how computer network security management can get benefit of data mining techniques for intrusion based security attack detection. The outcome of this study will also add to the body of knowledge on computer network security management. The output of this study may also be used as a complementary approach to signature based intrusion detection methods. 2.1 Objective of study2.1.1 General objective The general objective of this study is constructing a data mining framework for intrusion detection system that will enhance the network security system. Specific objectives 1. To study and examine • Network security importance and issues in IT industrial units of Pune region. • Importance of intrusion detection system and challenges to current intrusion detection systems for network security management. 2. To analyze, computer network security components. Specifically intrusion attack and intrusion detection system. 3. To analyze, several steps involved in data mining process. 4. To analyze, the applicability of existing data mining techniques. 5. To propose data mining techniques through creation of data analysis framework. 2.2 Research methodologyThis research employs survey method to identify network security issues and experiment method for construction of framework. This research study is related to Network Security Management – A study with special reference to IT industrial units in Pune region. In this study primary and secondary data is collected to find out importance of network security and intrusion detection system. Primary data is collected through survey method whereas secondary data is collected through published and unpublished material. Research methodology used in this research explains process of obtaining sample and size of sample. Primary data This data is collected through survey method. This data is original in nature. This data is collected by distributing the questionnaire & getting filled by the concerned respondents, for this purpose, online questionnaire as well as manual method was used. Telephonic and/or personal interview conducted with the IT industry people of Pune region. CHAPTER 33.0 LITERATURE REVIEWIn this paper we disclosed or summarized various articles or journals regarding the cyber security and privacy protection of data or information. For the purpose of security we divided the references topic wise.3.1.1 AttackerAttacker means a person get control of other system or network and destroy. Examples like hacker, adversary in terms of computer security and algorithm. In literature different types of attacks reported as active and passive as well as insider and outsider attack. For the prevention of attack various methods or techniques developed by researcher. Shrivastava described about rushing attack and its prevention techniques for reducing harmful3.2.2 One time password For all online shopping or transaction one time password is important part for the security. Same thing for data protection or information protection we can use one time password system for account authentication or file opening. Every time of transaction a new password generation for the transaction by using genetic algorithm with elliptic curve cryptography. It is very important when we lost our old password we need not to worry. We can get new password every time which increase the security of our system or operation. P. Ahlawat described in his paper different techniques for secure our OTP from hackers. Also solve the synchronization issues when access OTP. In other literature regarding OTP like Y. Huang described new method for the OTP generation by changing calculation method. K. W. Hussein explained the OTP based on the unique factor and biometric in which novel authentication scheme used. The generated OTP has unique no and biometric authentication which increase the security of our data or operation. Some literature M.H. Khan explained OTP generation using SHA algorithm which help generate new OTP every time. B.K. Kushwaha gives new approach to OTP authentication which gives extra security to our OTP. In this paper studied graphical password and shoulder suffering problem also explained.CHAPTER 44.0 FINDINGS AND OBSERVATIONSNASCIO has long seen the natural linkage between homeland security and the state and local government chief information officers (CIOs), who oversee information and communications technologies that support key public services. Section 7(c) of Homeland Security Presidential Directive (HSPD)-7 declares that: “It is the policy of the United States to enhance the protection of our Nation’s critical infrastructure and key resources against terrorist acts that could…undermine State and local government capacities to maintain order and to deliver minimum essential public services.” Section 15 designates “emergency services”—most of which are delivered by state and local authorities—as being among the nation’s “critical infrastructure sectors.” These directives become all the more urgent when you consider that the nation’s information infrastructure is the only part of our national infrastructure that is under attack all the time. Thus, NASCIO’s Information Security Committee, which is led by Denise Moore, CIO of Kansas, recently concluded a survey of strategic cyber security issues that was intended to identify the condition of the states on cyber security and assess the nature of their relationship with U.S. Department of Homeland Security’s (DHS) cyber security programs and resources. The survey was conducted from August 16th to the 31st. The chief information officer (CIO) or chief information security officer (CISO)—or the equivalent state-government-wide information security officer-was invited to respond from each state and the District of Columbia. The survey garnered 27 responses from states representing 57% of the nation’s population. The survey was conducted in tandem with the Metropolitan Information Exchange (MIX), the national association of county and municipal CIOs. Both organizations will share the findings from their surveys under separate reports delivered to the U.S. House Committee on Homeland Security, which we hope they will use in guidance for DHS concerning state and local sector coordination. This report contains five high-level, or “strategic,” recommendations along with 18 lower-level, or more “tactical,” recommendations for action. Quantitative, question-by-question findings can be found in the attached appendix, titled “Detailed Results from NASCIO’s Strategic Cyber Security Survey.” RECOMMENDATIONS1. Cyber security education should cover the basics:o Use strong passwords.o Apply system updates in a timely and efficient manner.o Secure devices by enabling a firewall and deploy solutions to address viruses, malware and spyware.o Learn not to click on email links or attachments, unless the sender is known and trusted. Even then, phishing emails sometimes spoof the sender’s identity to trick the user into clicking a link or attachment.2. Leveraging trusted resources3. Building an economic framework- Simply purchasing every new tool or security product is not the answer. From the individual user to the small business to the large enterprise, it is important to make investment decisions for cyber security in a risk management construct that includes trying to secure the biggest bang for the buck.REFERENCES1. https://www.us-cert.gov/bsi/articles/best-practices/acquisition/supply-chain-risk-management%3A-incorporating-security-into-software-development2. https://www.poweradmin.com/blog/why-is-network-security-important/3. https://www.us-cert.gov/bsi/articles/best-practices/acquisition/supply-chain-risk-management%3A-incorporating-security-into-software-development4. https://www.us-cert.gov/bsi/articles/best-practices/requirements-engineering/security-requirements-engineering5.