Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation by : Samad Najjar Enhancing the performance of intrusion detection system using pre-process mechanisms Supervisor: Dr. L. Mohammad Khanli.

Published byJunior Jeremy Farmer Modified over 8 years ago

Similar presentations

Presentation on theme: "Presentation by : Samad Najjar Enhancing the performance of intrusion detection system using pre-process mechanisms Supervisor: Dr. L. Mohammad Khanli."— Presentation transcript:

1 Presentation by : Samad Najjar Enhancing the performance of intrusion detection system using pre-process mechanisms Supervisor: Dr. L. Mohammad Khanli

2 OutLine Introduction Problem in NIDS Background & Related Work Proposed method expected conclusion 2

3 Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 3 Three basic security concerns : Confidentiality Integrity Availability Intrusion detection is the detection of actions that attempt to compromise the integrity, confidentiality, or availability of a resource.

4 Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 4

5 Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 5 Packet Capture Engine Alarm Engine Detection Engine NIDS High-volume traffic Drop a large number of incoming packets To mitigate this problem Efficient algorithm for pattern matching Load balancing, splitting, or processing of traffic (i.e. distributed/parallel execution based approach) Hardware based approach such as using graphics processing units or field-programmable gate array (FPGA) devices

6 Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 6 A fast string searching algorithm (1977) compares the target string with the input content beginning with the rightmost character of the string and uses two heuristics to reduce the number of searches in the matching process. Boyer and Moore algorithm Practical fast searching in strings (1980) Improved the Boyer–Moore algorithm by using only the bad-character heuristic with the purpose of achieving a more efficient implementation Horspool algorithm Efficient string matching: an aid to bibliographic search (1975) preprocesses the patterns to construct a deterministic finite automaton (DFA) aiming to search for all strings at the same time. Aho–Corasick algorithm Agrep— A fast approximate pattern-matching tool (1992) created the UNIX tool agrep Wu–Manber Algorithm Fast Pattern Matching Approach for Intrusion Detection Systems (2014) Aho–Corasick algorithm + Wu–Manber Algorithm M. Manjunath Hua et al. (2009), Bremler-Barr et al. (2010), Ďurian et al. (2010), Vespa et al. (2011), Choi et al. (2011), Kim et al. (2011), Cantone et al. (2012)andPao and Wang (2012). ETC. Algorithm for pattern matching:

7 Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 7 Load balancing, splitting, or processing of traffic: Packet Pre-filtering for Network Intrusion Detection (2006) combining the header matching with a small prefix match Sourdis et al. Network Intrusion Detection System Based on SOA (NIDS-SOA): Enhancing Interoperability Between IDS (2013) Loiola Costa et al. D-SCIDS: Distributed soft computing intrusion detection system (2005) Ajith Abraham et al. EFM: Enhancing the Performance of Signature-based Network Intrusion Detection Systems Using Enhanced Filter Mechanism (2014) Weizhi Meng et al. Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection (2013) Yuxin Meng et al. Auld et al. (2007), Faezipour and Nourani (2009), Wang (2009), Alagu Priya and Lim (2010), Song and Turner (2011), Lim et al. (2012)and Neji and Bouhoula (2012). ETC.

8 Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 8 A novel hybrid intrusion detection method integrating anomaly detection with misuse detection (2014).

9 Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 9 Data mining for intrusion detection Clustering - Partition-based clustering - Fuzzy C-means - K-means Classification - Uses a training Data set - Bayesian - Naïve Bayesian - Decision tree classification

10 Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 10 High level pre-process mechanisms system

11 Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 11 The architecture and deployment Blacklist packet filter

12 Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 12 Monitor engine in pervious work: monitoring the NIDS calculating the confidences of IP addresses Periodically updates the blacklist Weighted ratio-based blacklist generation Represents the total number of good packets The weight value Represents the total number of bad packets

13 Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion The results of average CPU load(ACL) for each day in pervious work 13 when using Snort with the packet filter when using Snort without the packet filter

14 Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 14 Blacklist-based packet filter is effective to reduce the burden of a signature-based NIDS without lowering network security. The packet filter shows an acceptable false positive rate and false negative rate Reduce the time consumption of signature matching

15 Question 15 Thanks for your attention

Download ppt "Presentation by : Samad Najjar Enhancing the performance of intrusion detection system using pre-process mechanisms Supervisor: Dr. L. Mohammad Khanli."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
IDPS (Intrusion Detection & Prevention System )

IDPS (Intrusion Detection & Prevention System )
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
Anomaly Based Intrusion Detection System

Anomaly Based Intrusion Detection System
IDS/IPS Definition and Classification

IDS/IPS Definition and Classification
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Modified Data Structure of Aho-Corasick Project ECE-526 Spring 2006 Benfano Soewito, Ed Flanigan and John Pangrazio Southern Illinois University Carbondale.

Modified Data Structure of Aho-Corasick Project ECE-526 Spring 2006 Benfano Soewito, Ed Flanigan and John Pangrazio Southern Illinois University Carbondale.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Deterministic Memory- Efficient String Matching Algorithms for Intrusion Detection Nathan Tuck, Timothy Sherwood, Brad Calder, George Varghese Department.

Deterministic Memory- Efficient String Matching Algorithms for Intrusion Detection Nathan Tuck, Timothy Sherwood, Brad Calder, George Varghese Department.
1 On Constructing Efficient Shared Decision Trees for Multiple Packet Filters Author: Bo Zhang T. S. Eugene Ng Publisher: IEEE INFOCOM 2010 Presenter:

1 On Constructing Efficient Shared Decision Trees for Multiple Packet Filters Author: Bo Zhang T. S. Eugene Ng Publisher: IEEE INFOCOM 2010 Presenter:
Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
ECE 526 – Network Processing Systems Design Network Security: string matching algorithm Chapter 17: George Varghese.

ECE 526 – Network Processing Systems Design Network Security: string matching algorithm Chapter 17: George Varghese.
1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:

1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:
A High Throughput String Matching Architecture for Intrusion Detection and Prevention Lin Tan U of Illinois, Urbana Champaign Tim Sherwood UC, Santa Barbara.

A High Throughput String Matching Architecture for Intrusion Detection and Prevention Lin Tan U of Illinois, Urbana Champaign Tim Sherwood UC, Santa Barbara.
Modified Data Structure of Aho-Corasick Project ECE-526 Spring 2006 Benfano Soewito, Ed Flanigan and John Pangrazio Southern Illinois University Carbondale.

Modified Data Structure of Aho-Corasick Project ECE-526 Spring 2006 Benfano Soewito, Ed Flanigan and John Pangrazio Southern Illinois University Carbondale.
Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.

Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.
Gnort: High Performance Intrusion Detection Using Graphics Processors Giorgos Vasiliadis, Spiros Antonatos, Michalis Polychronakis, Evangelos Markatos,

Gnort: High Performance Intrusion Detection Using Graphics Processors Giorgos Vasiliadis, Spiros Antonatos, Michalis Polychronakis, Evangelos Markatos,
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Similar presentations

Ads by Google