Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shell Based Intrusion Detection System Amit Mathur Section 2.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Shell Based Intrusion Detection System Amit Mathur Section 2."— Presentation transcript:

1 Shell Based Intrusion Detection System Amit Mathur Amit@veritas.com Section 2

2 Types of IDSs Signiture Based –pre-defined list of attacks that are defended against Anomaly Based –determine whether the behavior of the system deviates from the norm

3 This approach Uses the UNIX shell for information gathering Is anomaly based

4 Mis-use case diagram

5 Architecture Idsh (the shell interface) IDS engine (the brains) Notifier (the alerting engine)

6 Architecture Diagram

7 Idsh A small shell-like utility with the minimal functionality required for IDS. Can easily be incorporated into existing shells.

8 IDS engine The brains Operates in 2 phases –the training (or learning) phase –The production phase

9 The training phase Responsible for cataloging normal behavior User must execute enough commands to get a good command distribution

10 Sample training phase distribution

11 The production phase Responsible for ensuring that the current behavior statistically mirrors trained bahavior

12 Sample production command distribution

13 Possible attack sequence

14 Tolerance

15 Sample Alert ANOMALY DETECTED - Fri Apr 2 12:23:48 PST 2004 User 500 (bob) Command dump: ls 2% => netstat <= 25% …

16 Attacks against the IDS Copy 1 program to another –Use of checksums Launch a non-ids-ized shell –Administrators job that regular users do not use other shells normally

17 Limitations Command Sequences not detected Tolerance Limit not adaptive Does not detect application level anomalies No support for GUI interfaces Training period risk Loss of connection to IDS server

18 References [1] Bishop, Matt Computer Security – Art and Science. © 2003 [2] Big Brother Network Monitor – http://bb4.com [3] Sindre, Guttorm, and Opdahl, Andreas. Templates for Misuse Case Description. Dept of Computer and Information Science, Norwegian Univ of Sciene and Technology.

Download ppt "Shell Based Intrusion Detection System Amit Mathur Section 2."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
Distributed Logging in Java with Constrained Resource Usage Sunil Brown Varghese, Daniel Andresen Dept. of Computing and Information Sciences Kansas State.

Distributed Logging in Java with Constrained Resource Usage Sunil Brown Varghese, Daniel Andresen Dept. of Computing and Information Sciences Kansas State.
Anomaly Detection Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science ©2002-2004 Matt Bishop.

Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science © Matt Bishop.
Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.

Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.
Service Discrimination and Audit File Reduction for Effective Intrusion Detection by Fernando Godínez (ITESM) In collaboration with Dieter Hutter (DFKI)

Service Discrimination and Audit File Reduction for Effective Intrusion Detection by Fernando Godínez (ITESM) In collaboration with Dieter Hutter (DFKI)
Information Security Policies and Standards

Information Security Policies and Standards
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.

1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
Why Wireless? The answer is simple: Reach users who are often on the move!

Why Wireless? The answer is simple: Reach users who are often on the move!
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
School of Computer Science and Information Systems

School of Computer Science and Information Systems
seminar on Intrusion detection system

seminar on Intrusion detection system
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Department Of Computer Engineering

Department Of Computer Engineering

Similar presentations

Ads by Google