Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj

Published byLaurel Bates Modified over 8 years ago

Similar presentations

Presentation on theme: "Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj"— Presentation transcript:

1 Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj engktc@au.ac.th

2 Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Monitioring the Network Activities Detect the sign of intrusion The earlier we detect, the faster we prevent, the more secure we have. Not 100% correct detection –high false alarm, less intrusion, annoying user –less false alarm, high instrusion

3 Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Characteristic of Intruders Masquerader (mostly outsider) –un-authorized user of the system Misfeasor (mostly insider) –authorized user access un-authroized resources –authorized user misuses priveleges Clandestine user –un-authorized user who gain the supervisory priveleges to alter the system (audit, access) IDS: Intrusion Detection Systems

4 Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Type of IDS Audit Records –log files investigation Statistical Anomaly Detection –Statistical based technique Rule-Based Intrusion Detection –Specify a sequence of action or event to indicate the intrusion IDS: Intrusion Detection Systems

5 Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Audit Records Fundamental Tool Investigate the ongoing activity Two basic strategy –Native audit records: standard log files or user accounting information on many OS. –Detection-specific audit records: special software to monitor specific activities. Examples of record information are Subject, Action, Object, Exception- Condition, Resource-Usage, Time-stamp IDS: Intrusion Detection Systems

6 Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Statistical Anomaly Detection Analysis statistical data Any un-usual changes, indicate the sign of instrusion Some metrics or statistical data –Counter (increment): login period, failure login –Guage: logical connection, user processes –Interval Timer: time between two related events –Resource Utilization: CPU times, network traffic IDS: Intrusion Detection Systems

7 Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Rule-Based Intrusion Detection Rule-based anomaly detection –similar to the statistical approach, but can be a complicated rules Rule-based penetration identification –use expert system to identify the intrusion –based on the known knowledge of attack –Require the update of knowledge IDS: Intrusion Detection Systems

8 Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Reference Books Cyrptography and Network Security by William Stallings (Prentice Hall: 2003)

Download ppt "Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj"

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 6 – Intrusion Detection.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 6 – Intrusion Detection.
Lecture 13 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 13 Intrusion Detection modified from slides of Lawrie Brown.
Kittiphan Techakittiroj (21/05/58 10:00 น. 21/05/58 10:00 น. 21/05/58 10:00 น.) Firewall Kittiphan Techakittiroj

Kittiphan Techakittiroj (21/05/58 10:00 น. 21/05/58 10:00 น. 21/05/58 10:00 น.) Firewall Kittiphan Techakittiroj
1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 Intruders.

1 Ola Flygt Växjö University, Sweden Intruders.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.

Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.
Chapter 3 Process Description and Control

Chapter 3 Process Description and Control
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Stephen S. Yau CSE 465-591, Fall 2006 1 Intrusion Detection.

Stephen S. Yau CSE , Fall Intrusion Detection.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Chapter 15 Computer Security Techniques Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.

Chapter 15 Computer Security Techniques Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
seminar on Intrusion detection system

seminar on Intrusion detection system
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Intrusion Detection. Intruders Classes (from [ANDE80]: Classes (from [ANDE80]: two most publicized threats to security are malware and intruders two most.

Intrusion Detection. Intruders Classes (from [ANDE80]: Classes (from [ANDE80]: two most publicized threats to security are malware and intruders two most.
Network security policy: best practices

Network security policy: best practices

Similar presentations

Ads by Google