Presentation is loading. Please wait.

Presentation is loading. Please wait.

12/6/2010CS 591 - Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "12/6/2010CS 591 - Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs."— Presentation transcript:

1 12/6/2010CS 591 - Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs

2 12/6/2010 CS 591 - Andrew Bates - UCCS 2 Introduction What is the Advanced Persistent Threat Pattern Based Intrusion Detection Proposal Conclusion

3 12/6/2010 CS 591 - Andrew Bates - UCCS 3 What is APT Combination of many existing known threats not just “Phishing” or “Spear Phishing”  Social Engineering  Zero Day Exploits  Botnets What’s different? Persistent!  Exploits custom built for a given attack  Threat or attack can span many months  Very carefully crafted  Low Volume

4 12/6/2010 CS 591 - Andrew Bates - UCCS 4 APT and Intrusion Detection Systems IDS very good at alerting known exploits and vulnerabilities IDS also good at identifying Denial of Service (DoS) and Distributed DoS (DDoS) attacks APT can be low volume and may not actually exploit any known vulnerability  Targeted email that coerces victim to download and run some software

5 12/6/2010 CS 591 - Andrew Bates - UCCS 5 Pattern Based Intrusion Detection Always one step behind  Must know of a vulnerability in order to build pattern Can have very high false positive rate in large organizations Must know what “normal” behavior is Very high maintenance

6 12/6/2010 CS 591 - Andrew Bates - UCCS 6 Pattern Based Intrusion Detection On small networks can have hundreds of alerts in short period of time If the relationship between number of hosts and number of alerts/false positives is linear:

7 12/6/2010 CS 591 - Andrew Bates - UCCS 7 Proposal Push IDS as close to the host as possible Use learning algorithms to determine normal activity Trigger on anomalous activity Score sessions based on triggers and then perform more strenuous tests  Pattern matching, traffic analysis, etc.

8 12/6/2010 CS 591 - Andrew Bates - UCCS 8 Proposal Leverage VM technology to place inline IDS/IPS with host system Funnel data to central collection/correlation infrastructure Alert on anomalous activity based on learned “normal” behaviour

9 12/6/2010 CS 591 - Andrew Bates - UCCS 9 Conclusion APT is just like any other threat, but may be lower volume and more targeted Pattern based IDS not well suited for APT detection in an Enterprise Push IDS towards the host, perhaps even on the physical hardware “Learn” normal behavior and trigger further tests when abnormal behavior occurs

10 12/6/2010 CS 591 - Andrew Bates - UCCS 10 Questions?

Download ppt "12/6/2010CS 591 - Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.

Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
seminar on Intrusion detection system

seminar on Intrusion detection system
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Monday, June 27, 2011Copyright© 2011 Dragnet Dragnet ® Cloud Service Introduction Matthew McLeod, Managing Director

1 Monday, June 27, 2011Copyright© 2011 Dragnet Dragnet ® Cloud Service Introduction Matthew McLeod, Managing Director
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Brad Baker CS526 May 7 th, 2008 5/7/2008 1. 1. Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
APT29 HAMMERTOSS Jayakrishnan M.

APT29 HAMMERTOSS Jayakrishnan M.

Similar presentations

Ads by Google