1 A Network Security Monitor Paper By: Heberlein et. al. Presentation By: Eric Hawkins.

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
DIYTP Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.
1 Intrusion Detection Systems An Overview CSCI Computer Security Fall 2002 Presented By Yasir Zahur.
Distributed Network Intrusion Detection An Immunological Approach Steven Hofmeyr Stephanie Forrest Patrik D’haeseleer Dept. of Computer Science University.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.
GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.
1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Signature Based and Anomaly Based Network Intrusion Detection
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
DoWitcher: Effective Worm Detection and Containment in the Internet Core S. Ranjan et. al in INFOCOM 2007 Presented by: Sailesh Kumar.
Operating system Security By Murtaza K. Madraswala.
NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.
Name:Neha Madgaonkar Roll no:  What are intruders?  Types  Behavior  Techniques.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Cryptography and Network Security Sixth Edition by William Stallings.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Intrusion Detection System
CS526: Information Security Chris Clifton November 25, 2003 Intrusion Detection.
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
A Blackboard-Based Learning Intrusion Detection System: A New Approach
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Some Great Open Source Intrusion Detection Systems (IDSs)
Prof. I. J. Chung Dept. of Computer & Information Science, Korea Univ. 컴퓨터와 인터넷 윤리 Professor I. J. Chung.
Ch.22 INTRUSION DETECTION
Working at a Small-to-Medium Business or ISP – Chapter 8
(A CORPORATE NETWORK APPROACH)
Access control techniques
Intrusion Control.
Intrusion Detection Systems An Overview
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Operating system Security
Principles of Computer Security
Evaluating a Real-time Anomaly-based IDS
Intrusion Detection Systems (IDS)
Firewalls Routers, Switches, Hubs VPNs
Intrusion Detection Systems
Intrusion Detection Systems
Presentation transcript:

1 A Network Security Monitor Paper By: Heberlein et. al. Presentation By: Eric Hawkins

2 Paper Background  Authors (Heberlein, Dias, Levitt, Mukherjee, Wood, and Wolber) all from CSC at UC Davis –One of the leading research institutions for security  Published in 1990  One of the seminal papers in intrusion detection / network security

3 The Problem  How to keep computer networks secure against network attacks and intrustions?  Computer systems and networks were designed around trusted users  Cannot simply close off the network – need interconnection with “outside world”  Encryption, private keys, etc. cannot protect against all threats –e.g. legitimate users misusing privileges

4 The Idea  A network security monitor that compares current network activity to historical behavior in order to detect usage anomalies –Capture network traffic –Analyze traffic based on historical activity patterns and/or pre-defined rules

5 Discussion of Attacks  Preparation Phase –More prepared attackers are more difficult to defend against  Attack Phase –Target offers service that Attacker exploits –Target seeks to use service offered by Attacker  Post-Attack Phase

6 Concept of the N.S.M.  4-D matrix, axes are: –Source –Destination –Service –Connection ID  Each cell in matrix represents a unique connection  Each cell contains: –Number of packets passed on the connection –Cumulative sum of the data carried by those packets

7 Concept of the N.S.M. (2)  The traffic matrix can be compared against particular patterns to match types of attacks –Patterns must be generated for such attacks –Use probability distributions to determine which measurements are likely to indicate attacks  Rules can also be employed to develop patterns –e.g. rule looking for a login connection that only exchanges a few packets and terminates –Difficult to apply hierarchically

8 N.S.M. Architecture  Packet catcher – captures all packets  Parser – extracts protocol info (addressing, service, etc.)  Matrix Generator – creates cells or increments counts in 4-D matrix constructed of linked-lists  Matrix Analyzer – examines matrix representing current traffic against “normal traffic” (masking) or by applying rules  Matrix Archiver – saves traffic matrix

9 Results  Identified problems which were actually just abuse of network privileges –Full backups using FTP –Programs continually executing finger  Thrown off when a network file server went down  Detected several consecutive failed log-ins

10 Difficulties  How do you train the monitor for a “normal” usage pattern? Who’s to say a security breach isn’t occurring while training?  Defining rules for non-trivial attacks will be difficult  Network traffic is not accessible when networks use non-broadcast media (think: switches vs. hubs)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.