Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion.

Published bySarah Newton Modified over 8 years ago

Similar presentations

Presentation on theme: "Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion."— Presentation transcript:

1 Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion Detection 11

2 Intrusion Detection An intrusion detection system (IDS) can analyze traffic patterns and react to anomalous patterns. However, often there is nothing apparently wrong but the volume of requests. Note that an IDS is inherently reactive; the attack has already begun when the IDS acts. Coming up: Intrusion Detection Errors 22

3 Intrusion Detection Errors There are two types of errors when considering any intrusion detection system. False negatives: a genuine attack is not detected. False positives: harmless behavior is misclassified as an attack. Which do think is a bigger problem? An intrusion detection system is: accurate: if it detects all genuine attacks; precise: if it never reports legitimate behavior as an attack. It is easy to make an IDS that is either accurate or precise! Why? It’s hard to do both simultaneously. Coming up: Intrusion Detection Errors 33

4 Intrusion Detection Errors An undetected attack might lead to severe problems. But frequent false alarms can lead to the system being disabled or ignored. A perfect IDS would be both accurate and precise. Statistically, attacks are fairly rare events. Most intrusion detection systems suffer from the base-rate fallacy. Coming up: Base-Rate Fallacy 44

5 Base-Rate Fallacy Suppose that only 1% of traffic are actually attacks and the detection accuracy of your IDS is 90%. What does that mean? the IDS classifies an attack as an attack with probability 90% the IDS classifies a valid connection as attack with probability 10% What is the probability that a connection flagged as an attack is not really an attack, i.e., a false positive? There is approximately 92% chance that a raised alarm is false. Coming up: Lessons 55

6 Lessons False negatives and false positives are both bad for an IDS. An IDS must be very accurate or suffer from the base rate fallacy. An IDS with too many errors becomes useless. End of presentation 66

Download ppt "Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.
Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection ------------------------------------------------ Aaron Beach Spring 2004.

Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection Aaron Beach Spring 2004.
The Research Consumer Evaluates Measurement Reliability and Validity

The Research Consumer Evaluates Measurement Reliability and Validity
Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.

Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.
Public Key Encryption Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Public.

Public Key Encryption Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Public.
Detecting DDoS Attacks on ISP Networks Ashwin Bharambe Carnegie Mellon University Joint work with: Aditya Akella, Mike Reiter and Srinivasan Seshan.

Detecting DDoS Attacks on ISP Networks Ashwin Bharambe Carnegie Mellon University Joint work with: Aditya Akella, Mike Reiter and Srinivasan Seshan.
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
Sampling and Probability Chapter 5. Samples and Their Populations >Decision making The risks and rewards of sampling.

Sampling and Probability Chapter 5. Samples and Their Populations >Decision making The risks and rewards of sampling.
Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.

Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.
CS 351/ IT 351 Modeling and Simulation Technologies Errors In Models Dr. Jim Holten.

CS 351/ IT 351 Modeling and Simulation Technologies Errors In Models Dr. Jim Holten.
Anomaly Detection Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Section 2.2 ~ Dealing With Errors

Section 2.2 ~ Dealing With Errors
A Top Ten List of Measurement-related Erros Alan D. Mead Illinois Institute of Technology.

A Top Ten List of Measurement-related Erros Alan D. Mead Illinois Institute of Technology.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.

1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Accuracy of Prediction How accurate are predictions based on a correlation?

Accuracy of Prediction How accurate are predictions based on a correlation?

Similar presentations

Ads by Google