Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion.

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.
Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection Aaron Beach Spring 2004.
The Research Consumer Evaluates Measurement Reliability and Validity
Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.
Public Key Encryption Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Public.
Detecting DDoS Attacks on ISP Networks Ashwin Bharambe Carnegie Mellon University Joint work with: Aditya Akella, Mike Reiter and Srinivasan Seshan.
Application of Bayesian Network in Computer Networks Raza H. Abedi.
Sampling and Probability Chapter 5. Samples and Their Populations >Decision making The risks and rewards of sampling.
Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.
CS 351/ IT 351 Modeling and Simulation Technologies Errors In Models Dr. Jim Holten.
Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Section 2.2 ~ Dealing With Errors
A Top Ten List of Measurement-related Erros Alan D. Mead Illinois Institute of Technology.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Accuracy of Prediction How accurate are predictions based on a correlation?
12/6/2010CS Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
How Science Works Glossary AS Level. Accuracy An accurate measurement is one which is close to the true value.
1 The probability that a medical test will correctly detect the presence of a certain disease is 98%. The probability that this test will correctly detect.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Cryptography Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Cryptography 11.
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
9/3/2015 IENG 486 Statistical Quality & Process Control 1 IENG Lecture 11 Hypothesis Tests to Control Charts.
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
Intrusion Detection Adam Ashenfelter Nicholas J. Tyrrell.
IIT Indore © Neminah Hubballi
Signature Based and Anomaly Based Network Intrusion Detection
Access Control Policies Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up:
23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.
Dan Fleck CS 469: Security Engineering
Psy B07 Chapter 4Slide 1 SAMPLING DISTRIBUTIONS AND HYPOTHESIS TESTING.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Intrusion Detection (ID) Intrusion detection is the ART of detecting inappropriate, incorrect, or anomalous activity There are two methods of doing ID.
Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
Modes of Usage Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Modes of.
Intrusion Detection CSEM02 University of Sunderland Harry R. Erwin, PhD.
Mathematics topic handout: Conditional probability & Bayes Theorem Dr Andrew French. PAGE 1www.eclecticon.info Conditional Probability.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
Aspects of Security Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects.
Intrusion Detection State of the Art/Practice Anita Jones University of Virginia.
Chapter 21: More About Tests
Intrusion Detection & Snort Dan Fleck, PhD
Inference: Probabilities and Distributions Feb , 2012.
1 Figure 10-4: Intrusion Detection Systems (IDSs) Actions  Alarms  Interactive analysis Manual event inspection of raw log file Pattern retrieval 
Machine Learning Tutorial-2. Recall, Precision, F-measure, Accuracy Ch. 5.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Measuring September Accuracy and Precision Accuracy indicates how close a measurement is to the accepted value. For example, we'd expect a balance.
1 Performance Measures for Machine Learning. 2 Performance Measures Accuracy Weighted (Cost-Sensitive) Accuracy Lift Precision/Recall –F –Break Even Point.
CS526: Information Security Chris Clifton November 25, 2003 Intrusion Detection.
Lecture 13 Page 1 CS 236 Online Styles of Intrusion Detection Misuse intrusion detection –Try to detect things known to be bad Anomaly intrusion detection.
Policies & MetaPolicies Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: How.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
Approaches to Intrusion Detection statistical anomaly detection – threshold – profile based rule-based detection – anomaly – penetration identification.
JUDGMENTAL FORECASTING Biases, etc.. Judgmental Forecasting  The statistical forecasting methods presented in the text allow us to extrapolate established.
Section Testing a Proportion
Principles of Computer Security
More about Tests and Intervals
The False Positive Paradox
Executive Director and Endowed Chair
Engine Part ID Part 1.
Engine Part ID Part 2.
Engine Part ID Part 2.
Uncertainty in measurement
Presentation transcript:

Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion Detection 11

Intrusion Detection An intrusion detection system (IDS) can analyze traffic patterns and react to anomalous patterns. However, often there is nothing apparently wrong but the volume of requests. Note that an IDS is inherently reactive; the attack has already begun when the IDS acts. Coming up: Intrusion Detection Errors 22

Intrusion Detection Errors There are two types of errors when considering any intrusion detection system. False negatives: a genuine attack is not detected. False positives: harmless behavior is misclassified as an attack. Which do think is a bigger problem? An intrusion detection system is: accurate: if it detects all genuine attacks; precise: if it never reports legitimate behavior as an attack. It is easy to make an IDS that is either accurate or precise! Why? It’s hard to do both simultaneously. Coming up: Intrusion Detection Errors 33

Intrusion Detection Errors An undetected attack might lead to severe problems. But frequent false alarms can lead to the system being disabled or ignored. A perfect IDS would be both accurate and precise. Statistically, attacks are fairly rare events. Most intrusion detection systems suffer from the base-rate fallacy. Coming up: Base-Rate Fallacy 44

Base-Rate Fallacy Suppose that only 1% of traffic are actually attacks and the detection accuracy of your IDS is 90%. What does that mean? the IDS classifies an attack as an attack with probability 90% the IDS classifies a valid connection as attack with probability 10% What is the probability that a connection flagged as an attack is not really an attack, i.e., a false positive? There is approximately 92% chance that a raised alarm is false. Coming up: Lessons 55

Lessons False negatives and false positives are both bad for an IDS. An IDS must be very accurate or suffer from the base rate fallacy. An IDS with too many errors becomes useless. End of presentation 66

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.