Intrusion Detection and Information Fusion/Decision Making By Ganesh Godavari.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
The Most Analytical and Comprehensive Defense Network in a Box.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
School of Computer Science and Information Systems
Report on statistical Intrusion Detection systems By Ganesh Godavari.
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Host Intrusion Prevention Systems & Beyond
Using Argus Audit Trails to Enhance IDS Analysis Jed Haile Nitro Data Systems
Intrusion Detection System Marmagna Desai [ 520 Presentation]
INTRUSION DETECTION SYSTEM
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
1 Network Statistic and Monitoring System Wayne State University Division of Computing and Information Technology Information Technology.
IIT Indore © Neminah Hubballi
HyperSpector: Virtual Distributed Monitoring Environments for Secure Intrusion Detection Kenichi Kourai Shigeru Chiba Tokyo Institute of Technology.
Intrusion Detection: Snort. Basics: History Snort was developed in 1998 by Martin Roesch. It was intended to be an open-source technology, and remains.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
The Most Analytical and Comprehensive Defense Network in a Box.
What is FORENSICS? Why do we need Network Forensics?
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.
SNORT Feed the Pig Vicki Insixiengmay Jon Krieger.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
High-speed IDS The search for the Holy Grail….. Agenda The Problem Types of IDS’ The Problem Drawbacks Testing Assumptions Conclusions.
Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
Network Security: Lab#5 Port Scanners and Intrusion Detection System
1 Figure 10-4: Intrusion Detection Systems (IDSs) HOST IDSs  Protocol Stack Monitor (like NIDS) Collects the same type of information as a NIDS Collects.
Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Network Security Major Problems Network Security Major Problems Why Firewall? Why Firewall? Problems with Firewalls Problems with Firewalls What is.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System.
Role Of Network IDS in Network Perimeter Defense.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
Erik Jonsson School of Engineering and Computer Science The University of Texas at Dallas Cyber Security Research on Engineering Solutions Dr. Bhavani.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
A Comparison Between Signature Based and Anomaly Based Intrusion Detection Systems By: Brandon Lokesak For: COSC 356 Date: 12/4/2008.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
Jason Ewing. What is an Intrusion Why Detecting Signs of Intrusion is Important? Types of Intrusion Detection Systems (IDS) Approaches for Detection Anomaly.
By: Surapheal Belay ITEC 6322 / Spring ABSTRACT NIST , guide to intrusion detection and prevention systems (IDPS), discusses four types of.
Some Great Open Source Intrusion Detection Systems (IDSs)
SIEM Rotem Mesika System security engineering
IDS Intrusion Detection Systems
Evaluating a Real-time Anomaly-based IDS
Java Embedded Network Intrusion Security
Backtracking Intrusions
NETWORK SECURITY LAB Lab 9. IDS and IPS.
6. Operating Systems Finger printing & Scanning
Intrusion Prevention Systems
INTRUSION DETECTION SYSTEMS
Intrusion Detection system
Intrusion Detection Systems
Presentation transcript:

Intrusion Detection and Information Fusion/Decision Making By Ganesh Godavari

Outline of Talk Need for Intrusion Detection and Information Fusion Intrusion Detection Message Exchange Format (IDMEF) Plan of action Conclusion

Intrusion Detection Intrusion detection –process of discovering, analyzing, and reporting unauthorized or damaging network or computer activities –Goal is to discover violations of confidentiality, integrity, and availability of information and resources

Problems with Intrusion Detection Network traffic and computer activity falls in one of three categories: –Normal –Abnormal but not malicious –Malicious Properly classifying these events are the single most difficult problem

Problems contd.. IDSes generally provide –a constant feed of new alerts –which are written into a log file How can one minimize the number of alerts? Does Alert Aggregation and correlation solve the problem?

Problem in alert correlation Alerts are correlated based on certain keywords Is tomato a fruit? Or vegetable? You want to get general information associated with an IPaddress, Port no’s Solutions? –Can anyone suggest any? –Is this problem unique ? –No web search engines often encounter these problems –How about applying the Latent Semantic Indexing *? –Worked for search engines like google can work for information retrieval of Intrusion Detection alerts too!!.

IDMEF Format

Distributed IDs

Event Monitoring Enabling Responses to Anomalous Live Disturbances (EMERALD) EMERALD HIDS provides –distributed scalable tool suite for tracking malicious activity through and across large networks –Requires Sun Microsystems Sparc platform running one of: SunOS 5.6 (Solaris 2.6) with service patch or newer Solaris 7 with service patch or newer Solaris 8 with service patch or newer

TripWire Need to get the complete version inorder to perform tests using tripwire Currently being negotiated between tripwire and dr chow

Some of the important fields IDS important fields –src/dest ipaddress or username –src/dest portnumber –Ip packet type –Detect time of the attack –Packet content on the attack packet or malicious activity report incase of HIDS –Any other packet information required?

conclusion Can perform packet capture normal and attack traffic on both NIDS and HIDS For HIDS if I get license for tripwire or have a Solaris box using emerald would be helpful for capturing data Shall provide the packet dumps and ASCII packet dumps.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.