Presentation is loading. Please wait.

Presentation is loading. Please wait.

seminar on Intrusion detection system

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "seminar on Intrusion detection system"— Presentation transcript:

1 seminar on Intrusion detection system
By Suchismita Kar Regd No CS A

2 Topics to be covered… Overview of IDS Process model Architecture
Information sources Analysis techniques Strengths Limitations Conclusion Reference

3 Overview of Intrusion Detection Systems:
what are intrusions ? What is intrusion detection ? Functions of IDS Monitoring and analysis of user and system activity. Auditing of system configurations . Assessing the integrity of critical system and data files. Recognition of activity patterns reflecting known attacks Statistical analysis for abnormal activity patterns

4 Process model for Intrusion Detection:
Information sources: network ,host ,application Analysis: misuse detection , anomaly detection Response: active measures involving some automated intervention on the part of the system, and passive measures involving reporting IDS findings to humans, who are then expected to take action based on those reports.

5 IDS Architecture Audit Collection/Storage Unit Processing Unit
Alarm/Response Unit

6 Information sources Network based IDSs:
Consist of a set of single-purpose sensors . These units monitor network traffic, performing local analysis of that traffic and reporting attacks to a central management console. Host based IDSs: Operate on information collected from within an Individual computer system. Operating system audit trails, and system logs Application based IDSs: Special subset of host-based IDSs . The most common information sources used by these IDSs are the application’s transaction log files.

7 IDS Analysis Techniques
Misuse detection Anomaly detection Specification based detection

8 Misuse detection Misuse detectors analyze system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack.

9 Advantages Misuse detectors are very effective at detecting attacks without generating an overwhelming number of false alarms. Misuse detectors can quickly and reliably diagnose the use of a specific attack tool or technique. This can help security managers prioritize corrective measures. Misuse detectors can allow system managers, regardless of their level of security expertise, to track security problems on their systems, initiating incident handling procedures.

10 Disadvantages Misuse detectors can only detect those attacks they know about –therefore they must be constantly updated with signatures of new attacks. Many misuse detectors are designed to use tightly defined signatures that prevent them from detecting variants of common attacks. State-based misuse detectors can overcome this limitation, but are not commonly used in commercial IDSs.

11 Anomaly detection Anomaly detectors identify abnormal unusual behavior (anomalies) on a host or network.

12 Advantages IDSs based on anomaly detection detect unusual behavior and thus have the ability to detect symptoms of attacks without specific knowledge of details. Anomaly detectors can produce information that can in turn be used to define signatures for misuse detectors

13 Disadvantages Anomaly detection approaches usually produce a large number of false alarms due to the unpredictable behaviors of users and networks. Anomaly detection approaches often require extensive “training sets” of system event records in order to characterize normal behavior patterns.

14 Specification based detection
They distinguished between normal and intrusive behaviour by monitoring the traces of system calls of the target processes. A specification that models the desired behaviour of a process tells the IDS whether the actual observed trace is part of an attack or not.

15 Advantages More or less the same as for misuse detection. However these systems manage to detect some types/classes of novel attacks. Additionally, they are more resistant against subtle changes in attacks.

16 Disadvantages Usually for every program that is monitored, a specification has to be designed. Furthermore, the modelling process can be regarded as more difficult than the design of patterns for misuse detection systems. Additionally some classes of attacks are not detectable at all. Their systems managed the detection by inspecting log files.

17 Strengths of IDS Testing the security states of system configurations
Base lining the security state of a system, then tracking any changes to that Baseline Recognizing patterns of system events that correspond to known attacks Recognizing patterns of activity that statistically vary from normal activity Managing operating system audit and logging mechanisms and the data they generate. Alerting appropriate staff by appropriate means when attacks are detected. Measuring enforcement of security policies encoded in the analysis engine Providing default information security policies Allowing non-security experts to perform important security monitoring Functions. Monitoring and analysis of system events and user behaviors

18 Limitations Compensating for weak or missing security mechanisms in the protection Infrastructure. Such mechanisms include firewalls, identification and authentication, link encryption, access control mechanisms, and virus detection and eradication. Instantaneously detecting, reporting, and responding to an attack, when there is a heavy network or processing load. Detecting newly published attacks or variants of existing attacks. Effectively responding to attacks launched by sophisticated attackers Resisting attacks that are intended to defeat or circumvent them Compensating for problems with the fidelity of information sources Dealing effectively with switched networks.

19 Conclusion IDSs are here to stay, with billion dollar firms supporting the development of commercial security products and driving hundreds of millions in annual sales. However, they remain difficult to configure and operate and often can’t be effectively used by the very novice security personnel who need to benefit from them most.

20 References Yi Hu, Brajendra Panda: A data mining approach for database intrusion detection. Lee, V. C.S., Stankovic, J. A., Son, S. H. Intrusion Detection in Real-time Database Systems Via Time Signatures

21 Any queries ?????????

22 THANK U

Download ppt "seminar on Intrusion detection system"

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
FIRST LINE OF DEFENSE Intrusion Prevention System Stephen Gates – CISSP Hoàng Thế Long – 13320795 Nguyễn Thái Bình - 13320785.

FIRST LINE OF DEFENSE Intrusion Prevention System Stephen Gates – CISSP Hoàng Thế Long – Nguyễn Thái Bình
Security Technology: Intrusion Detection, Access Control and Other Security Tools Chapter 7.

Security Technology: Intrusion Detection, Access Control and Other Security Tools Chapter 7.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Intrusion Detection and Containment in Database Systems Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur.

Intrusion Detection and Containment in Database Systems Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
IDS/IPS Definition and Classification

IDS/IPS Definition and Classification
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
STATE OF THE PRACTICE OF INTRUSION DETECTION TECHNOLOGIES Presented by Hap Huynh Based on content by SEI.

STATE OF THE PRACTICE OF INTRUSION DETECTION TECHNOLOGIES Presented by Hap Huynh Based on content by SEI.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

Similar presentations

Ads by Google