Presentation is loading. Please wait.

Presentation is loading. Please wait.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

Published byGary Wilkins Modified over 9 years ago

Similar presentations

Presentation on theme: "1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application."— Presentation transcript:

1 1

2 AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

3 History: 1970s - Observation by administrators When an account is used When/how much a resource is used Early 1980s – Usage models First proposed by Anderson (1980) Based on accounting logs Login frequency, volume data processed, etc. Batch processing; not real time

4 What’s an IDS? Any set of actions that attempt to compromise the confidentiality, integrity, or availability of a computer resource is called as ids. Term is overloaded Trying to detect a policy violation 4

5 COMPUTER SECURITY AND ROLES: Confidentiality: Transforming data such that only authorized parties can decode it. Authentication: Proving or disproving someone’s or something’s claimed identity. Integrity checking: Ensuring that data cannot be modified without such modification. being detectable Non – repudiation: Proving that a source of some data did in fact send data that he might later deny sending 5

6 TYPES OF VIOLATIONS: Attack Attempts to exploit a vulnerability Ex: denial of service, privilege escalation Intrusion Acts as another legitimate user Misuse User abuses privileges Often called the “insider threat” 6

7 TYPES OF DETECTION: Misuse detection Built with knowledge of “bad” behaviors Collection of signatures Examine event stream for signature match Anomaly detection Built with knowledge of “normal” behaviors Examine event stream for deviations from normal 7

8 SOME OF THE HACKING TOOLS: 8

9 Types of IDS Primary Types: Network IDS (NIDS) Host IDS (HIDS) Hybrid Types: Per-Host Network IDS (PH-NIDS) Load Balanced Network IDS (LB-NIDS) Firewall IDS (FW-IDS) 9

10 NETWORK BASED (Advantages) Can get information quickly without any reconfiguration of computers. Does not affect network or data sources Monitor and detects in real time networks attacks or misuses Does not create system overhead

11 NETWORK BASED (Disavantages) Cannot scan protocols if the data is encrypted Hard to implement on fully switched networks Has difficulties sustaining network with a very large bandwidth

12 Naïve Simulation Network 12 Test Network Attack Generator Target Host Attack Stream NIDS

13 What’s HAPPENING ? IN THE ABOVE FIG THERE ARE THREE COMPUTERS 1.TARGET HOST : IT IS ALSO A MAIN COMPUTER AND CLIENT IS WORKING IN IT. 2.ATTACK GENERATOR : IT IS ALSO A CLIENT SIDE COMPUTER BUT IT IS USED BY ATTACKER. 3.NIDS : IT MEANS NAÏVE SYSTEM USING THIS SYSTEM THE HACKER TRIES TO HACK THE DATA PRESENT IN TARGET HOST. 13

14 IDS ISSUES: Lack of Physical Wires Bandwidth Issues Difficulty of Anomaly and Normality Distinction Possibility of a Node Being Compromised 14

15 ONTOLOGY SERVERS ONTOLOGY IS AN MEDICAL APPROACH WHICH IS IMPLEMENTED IN NETWORKS PLATFORM. ONE OF THE APPROACH WHERE WE CAN PROVIDE HIGH SECURITY IS BY USING ONTOLOGY SERVERS. 15

16 HOW IT WORKS? WENEVER THE DATA IS PRESENT IN ONE OR TWO SERVERS,THE WORK BECOMES EASY FOR AN HACKER TO HACK THOSE DATA. SO WAT ONTOLOGY SERVER DOES IS,IT SPLITS THE DATA PRESENT IN MAIN SERVER TO FOUR SUB SERVERS. 16

17 CONTD…… SO WENEVER HACKER HACKS ANY SUBSERVER HE WILL GET ONLY PARTIAL INFORMATION WHICH HE CANNOT ENCRYPT OR DECRYPT IT. IF SUPPOSE CLIENT SENDS AN API TO SERVER TO SEND THE DATA WHICH IT SENT THEN THE MAIN SERVER WILL SEND THE API’S TO SUBSERVER GATHER THE INFORMATION AND SENDS IT BACK TO CLIENT. 17

18 ADVANTAGES: 1. IT PROVIDES HIGH SECURITY. 2.DATA LOSS IS LESS. DIS ADVANTAGES: 1. TIME TAKEN IS MORE AND COST IS HIGH. 2.NEEDS MANY NUMBER OF SYSTEMS. 18

19 Conclusion: BY MAKING USE OF ABOVE APPROACH WE CAN PROVIDE HIGH SECURITY TO ANY EXISTING SYSTEM. WE CAN AVOID INTRUDERS INTRUDING THE DATA. 19

20 FUTURE ENHANCEMENT: There is a need for a COMPETENT analyst Need someone that can fine tune the IDS in order to avoid false positive or false negative Must subscribe to popular advisories and security newsletters such as bugtraq, CERT, GIAC, SANS, and others

21 REFERENCES: [1] Lidong Z., Zygmunt J. H., “Securing ad hoc networks”, IEEE Network, Vol. 13, No. 6, 1999, pp. 24-30. [2] Sundaram A., "An Introduction to Intrusion Detection", http://www.acm.org/crossroads/xrds2-4/intrus.html [3] Arbaugh W., Shankar N., Wan Y.C.J., “Your 802.11 Wireless Network Has No Clothes”, University of Maryland, 30-Mar-2001. 21

22 THANK YOU 22

Download ppt "1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson Lawrence Berkeley National Laboratory,Berkeley, CA A stand-alone system for detecting.

Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson Lawrence Berkeley National Laboratory,Berkeley, CA A stand-alone system for detecting.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.

Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]

Similar presentations

Ads by Google