Presentation by : Samad Najjar Enhancing the performance of intrusion detection system using pre-process mechanisms Supervisor: Dr. L. Mohammad Khanli.

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
IDPS (Intrusion Detection & Prevention System )
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
Anomaly Based Intrusion Detection System
IDS/IPS Definition and Classification
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Modified Data Structure of Aho-Corasick Project ECE-526 Spring 2006 Benfano Soewito, Ed Flanigan and John Pangrazio Southern Illinois University Carbondale.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Deterministic Memory- Efficient String Matching Algorithms for Intrusion Detection Nathan Tuck, Timothy Sherwood, Brad Calder, George Varghese Department.
1 On Constructing Efficient Shared Decision Trees for Multiple Packet Filters Author: Bo Zhang T. S. Eugene Ng Publisher: IEEE INFOCOM 2010 Presenter:
Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
ECE 526 – Network Processing Systems Design Network Security: string matching algorithm Chapter 17: George Varghese.
1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:
A High Throughput String Matching Architecture for Intrusion Detection and Prevention Lin Tan U of Illinois, Urbana Champaign Tim Sherwood UC, Santa Barbara.
Modified Data Structure of Aho-Corasick Project ECE-526 Spring 2006 Benfano Soewito, Ed Flanigan and John Pangrazio Southern Illinois University Carbondale.
Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.
Gnort: High Performance Intrusion Detection Using Graphics Processors Giorgos Vasiliadis, Spiros Antonatos, Michalis Polychronakis, Evangelos Markatos,
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Distributed Network Intrusion Detection An Immunological Approach Steven Hofmeyr Stephanie Forrest Patrik D’haeseleer Dept. of Computer Science University.
Workpackage 3 New security algorithm design ICS-FORTH Heraklion, 3 rd June 2009.
Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.
ICS-FORTH WISDOM Workpackage 3: New security algorithm design FORTH-ICS The next six months Cork, 29 January 2007.
Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.
Workpackage 3 New security algorithm design ICS-FORTH Paris, 30 th June 2008.
Presented by Group 2: Presented by Group 2: Shan Gao ( ) Shan Gao ( ) Dayang Yu ( ) Dayang Yu ( ) Jiayu Zhou ( ) Jiayu Zhou.
CSE7701: Research Seminar on Networking
Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.
IIT Indore © Neminah Hubballi
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.
Timothy Whelan Supervisor: Mr Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University Hardware based packet filtering.
FPGA Based String Matching for Network Processing Applications Janardhan Singaraju, John A. Chandy Presented by: Justin Riseborough Albert Tirtariyadi.
Adaptive Data Visualization Packet Information Collection and Transformation for Network Intrusion Detection and Prevention Richard A. Aló,
Implementation of Machine Learning and Chaos Combination for Improving Attack Detection Accuracy on Intrusion Detection System (IDS) Bisyron Wahyudi Kalamullah.
Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
MASCOTS 2003 An Active Traffic Splitter Architecture for Intrusion Detection Ioannis Charitakis Institute of Computer Science Foundation of Research And.
Para-Snort : A Multi-thread Snort on Multi-Core IA Platform Tsinghua University PDCS 2009 November 3, 2009 Xinming Chen, Yiyao Wu, Lianghong Xu, Yibo Xue.
7.5 Intrusion Detection Systems Network Security / G.Steffen1.
StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher:
1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,
Intrusion Detection Cyber Security Spring Reading material Chapter 25 from Computer Security, Matt Bishop Snort –
Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.
Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007.
Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection Sailesh Kumar Sarang Dharmapurikar Fang Yu Patrick Crowley Jonathan.
TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK Phase-I Review Supervised By, Presented By, MRS. SHARMILA,M.E., M.ARULMOZHI, AP/CSE.
Memory-Efficient Regular Expression Search Using State Merging Author: Michela Becchi, Srihari Cadambi Publisher: INFOCOM th IEEE International.
Author : Randy Smith & Cristian Estan & Somesh Jha Publisher : IEEE Symposium on Security & privacy,2008 Presenter : Wen-Tse Liang Date : 2010/10/27.
Intrusion Detection System
Security System for KOREN/APII-Testbed
Hardened IDS using IXP Didier Contis, Dr. Wenke Lee, Dr. David Schimmel Chris Clark, Jun Li, Chengai Lu, Weidong Shi, Ashley Thomas, Yi Zhang  Current.
TFA: A Tunable Finite Automaton for Regular Expression Matching Author: Yang Xu, Junchen Jiang, Rihua Wei, Yang Song and H. Jonathan Chao Publisher: ACM/IEEE.
A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:
Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010.
Design Lines for a Long Term Competitive IDS Erwan Lemonnier KTH-IT / Defcom.
1 Traffic Engineering By Kavitha Ganapa. 2 Introduction Traffic engineering is concerned with the issue of performance evaluation and optimization of.
Introduction to Intrusion Detection Systems. All incoming packets are filtered for specific characteristics or content Databases have thousands of patterns.
Gnort: High Performance Network Intrusion Detection Using Graphics Processors Date:101/2/15 Publisher:ICS Author:Giorgos Vasiliadis, Spiros Antonatos,
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
Deep Packet Inspection as a Service Author : Anat Bremler-Barr, Yotam Harchol, David Hay and Yaron Koral Conference: ACM 10th International Conference.
Author Name Security and Networks Research Group Department of Computer Science Rhodes University SNRG SLIDE TEMPLATE.
Snort – IDS / IPS.
Principles of Computer Security
James Logan CS526 Dr. Chow April 29, 2009
Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.
Using decision trees to improve signature-based intrusion detection
High-Performance Pattern Matching for Intrusion Detection
Presentation transcript:

Presentation by : Samad Najjar Enhancing the performance of intrusion detection system using pre-process mechanisms Supervisor: Dr. L. Mohammad Khanli

OutLine Introduction Problem in NIDS Background & Related Work Proposed method expected conclusion 2

Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 3 Three basic security concerns : Confidentiality Integrity Availability Intrusion detection is the detection of actions that attempt to compromise the integrity, confidentiality, or availability of a resource.

Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 4

Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 5 Packet Capture Engine Alarm Engine Detection Engine NIDS High-volume traffic Drop a large number of incoming packets To mitigate this problem Efficient algorithm for pattern matching Load balancing, splitting, or processing of traffic (i.e. distributed/parallel execution based approach) Hardware based approach such as using graphics processing units or field-programmable gate array (FPGA) devices

Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 6 A fast string searching algorithm (1977) compares the target string with the input content beginning with the rightmost character of the string and uses two heuristics to reduce the number of searches in the matching process. Boyer and Moore algorithm Practical fast searching in strings (1980) Improved the Boyer–Moore algorithm by using only the bad-character heuristic with the purpose of achieving a more efficient implementation Horspool algorithm Efficient string matching: an aid to bibliographic search (1975) preprocesses the patterns to construct a deterministic finite automaton (DFA) aiming to search for all strings at the same time. Aho–Corasick algorithm Agrep— A fast approximate pattern-matching tool (1992) created the UNIX tool agrep Wu–Manber Algorithm Fast Pattern Matching Approach for Intrusion Detection Systems (2014) Aho–Corasick algorithm + Wu–Manber Algorithm M. Manjunath Hua et al. (2009), Bremler-Barr et al. (2010), Ďurian et al. (2010), Vespa et al. (2011), Choi et al. (2011), Kim et al. (2011), Cantone et al. (2012)andPao and Wang (2012). ETC. Algorithm for pattern matching:

Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 7 Load balancing, splitting, or processing of traffic: Packet Pre-filtering for Network Intrusion Detection (2006) combining the header matching with a small prefix match Sourdis et al. Network Intrusion Detection System Based on SOA (NIDS-SOA): Enhancing Interoperability Between IDS (2013) Loiola Costa et al. D-SCIDS: Distributed soft computing intrusion detection system (2005) Ajith Abraham et al. EFM: Enhancing the Performance of Signature-based Network Intrusion Detection Systems Using Enhanced Filter Mechanism (2014) Weizhi Meng et al. Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection (2013) Yuxin Meng et al. Auld et al. (2007), Faezipour and Nourani (2009), Wang (2009), Alagu Priya and Lim (2010), Song and Turner (2011), Lim et al. (2012)and Neji and Bouhoula (2012). ETC.

Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 8 A novel hybrid intrusion detection method integrating anomaly detection with misuse detection (2014).

Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 9 Data mining for intrusion detection Clustering - Partition-based clustering - Fuzzy C-means - K-means Classification - Uses a training Data set - Bayesian - Naïve Bayesian - Decision tree classification

Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 10 High level pre-process mechanisms system

Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 11 The architecture and deployment Blacklist packet filter

Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 12 Monitor engine in pervious work: monitoring the NIDS calculating the confidences of IP addresses Periodically updates the blacklist Weighted ratio-based blacklist generation Represents the total number of good packets The weight value Represents the total number of bad packets

Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion The results of average CPU load(ACL) for each day in pervious work 13 when using Snort with the packet filter when using Snort without the packet filter

Introduction Problems in NIDS Background & Related Work Proposed method expected conclusion 14 Blacklist-based packet filter is effective to reduce the burden of a signature-based NIDS without lowering network security. The packet filter shows an acceptable false positive rate and false negative rate Reduce the time consumption of signature matching

Question 15 Thanks for your attention

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.