1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Intrusion Detection Systems and Practices
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
STATE OF THE PRACTICE OF INTRUSION DETECTION TECHNOLOGIES Presented by Hap Huynh Based on content by SEI.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
seminar on Intrusion detection system
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Security Guidelines and Management
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
Intrusion Detection Adam Ashenfelter Nicholas J. Tyrrell.
IIT Indore © Neminah Hubballi
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Computer Forensics in Practice Armed Forces of the Slovak Republic mjr. Ing. Albert VAJÁNYI 1Lt. Ing. Boris ZEMEK (c) May 2005.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Operating system Security By Murtaza K. Madraswala.
Intrusion Control. CSCE Farkas2 Readings Lecture Notes Pfleeger: Chapter 7.5.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
Intrusion Detection Presentation : 3 OF n by Manish Mehta 02/21/03.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
7.5 Intrusion Detection Systems Network Security / G.Steffen1.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.
Cryptography and Network Security Sixth Edition by William Stallings.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Intrusion Detection System
CS526: Information Security Chris Clifton November 25, 2003 Intrusion Detection.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
A Comparison Between Signature Based and Anomaly Based Intrusion Detection Systems By: Brandon Lokesak For: COSC 356 Date: 12/4/2008.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –
Jason Ewing. What is an Intrusion Why Detecting Signs of Intrusion is Important? Types of Intrusion Detection Systems (IDS) Approaches for Detection Anomaly.
Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management.
Some Great Open Source Intrusion Detection Systems (IDSs)
Lesson 8 Intrusion Detection Systems
SIEM Rotem Mesika System security engineering
IDS Intrusion Detection Systems
IDS/IPS Intrusion Detection System/ Intrusion Prevention System.
NETWORKS Fall 2010.
Intrusion Control.
Security Methods and Practice CET4884
Intrusion Detection Systems
Operating system Security
Intrusion Detection & Prevention
Intrusion Detection Systems (IDS)
Intrusion Detection Systems
Intrusion Detection system
Presentation transcript:

1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

2 IDS vs. Surveillance Camera Constant vigilance Stealth Design Infrastructure support Adversary belief

3 Basic concepts Monitor Report Respond

4 The Seven Fundamentals 1.What are the methods used 2.How are IDS organized 3.What is an intrusion 4.How do we trace and how do they hide 5.How do we correlate information 6.How can we trap intruders 7.Incident response

5 What are the methods used by IDS? Audit trail processing –Use log file from various processes –Proper collection and consolidations of logs On-the-fly processing –Mostly network based –Looks at raw traffic –Tries to find known “signatures”

6 What are the methods used by IDS? (cont.) Profiles of normal behavior –Estimation of initial behavior –Fine-tuning –Using out-of-band information Signatures of abnormal behavior –Known attacks –Suspicious patterns Parameter pattern matching or anomaly discovery

7 How are IDS organized Architecture CIDF

8 How are IDS organized (cont.) Sensor System Management (custom, SYSlog, SNMP, …etc.) Processing (Analysis) Knowledge Bases Audits and Archives Alarms (Static and Dynamic) User interface (GUI, tail –f, …etc.)

9 What is an Intrusion Intrusion vs. attack “Sequence of actions that maybe interleaved with other unrelated actions”

10 How do we trace and how do they hide In-band techniques –May use cryptography, weaving approaches, compromised systems,..etc Out-of-band techniques –Public access areas: Cyber cafes, telephony techniques,..etc.

11 How do we correlate information Single sessions and multiple session correlation Real time vs. After the fact correlation In-band vs. all-band information

12 How can we trap intruders Real systems Trap systems IDS diverting

13 Incident response Ignore the problem, and hope it goes away Panic Consider the real factors: –Does the incident involve critical assets –Has it occurred before –It is still going on –Has damage occurred –What policies and procedures have been violated –Are traps available for use

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.