Presentation is loading. Please wait.

Presentation is loading. Please wait.

Signature Based and Anomaly Based Network Intrusion Detection

Published byHerbert Carroll Modified over 8 years ago

Similar presentations

Presentation on theme: "Signature Based and Anomaly Based Network Intrusion Detection"— Presentation transcript:

1 Signature Based and Anomaly Based Network Intrusion Detection
By Stephen Loftus and Kent Ho CS 158B

2 Agenda Introduce Network Intrusion Detection (NID) Signature Anomaly
Compare and Contrast: Signature based vs. Anomaly based NID Example using Ethereal™

3 Intrusion Detection Systems
Intrusion detection begins where the firewall ends. Preventing unauthorized entry is best, but not always possible. It is important that the system is reliable and accurate and secure.

4 IDS (cont.) When designing a IDS, the mission is to protect the data’s
Confidentiality- read Integrity- read/write Availability- read/write/access Threats can come from both outside and inside the network.

5 Signature Signature based IDS are based on looking for “known patterns” of detrimental activity. Benefits: Low alarm rates: All it has to do is to look up the list of known signatures of attacks and if it finds a match report it. Signature based NID are very accurate. Speed: The systems are fast since they are only doing a comparison between what they are seeing and a predetermined rule.

6 Signature (cont.) Negatives:
If someone develops a new attack, there will be no protection. “only as strong as its rule set.” Attacks can be masked by splitting up the messages. Similar to Anti-Virus, after a new attack is recorded, the data files need to be updated before the network is secure. Example: Port Scan DOS Sniffing

7 Anomaly Anomaly based IDS are based on tracking unknown unique behavior pattern of detrimental activity Advantages: Helps to reduce the “limitations problem”. Conducts a thorough screening of what comes through.

8 Anomaly (cont.) Disadvantages:
False positives, catches too much because Behavior based NIDs monitor a system based on their behavior patterns. Painstaking slow to do an exhaustive monitoring, uses up a lot or resource After an anomaly has been detected, it may become a “signature”.

9 Anomaly vs. Signature Which is the best way to defend your network?
Both have advantages Signature can be used as a stand alone system Anomaly has a few weak points that prevent it from being a stand alone system. Signature is the better of the two for defending you network The best way is to use both!

10 Example Using Ethereal™ to detect a port scan
A port scan is when a person executes sequential port open requests trying to find an open port. Most of these come back with a “reset” Normal TCP/IP port request Port request on closed port

Download ppt "Signature Based and Anomaly Based Network Intrusion Detection"

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Anomaly Detection Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Anomaly Based Intrusion Detection System

Anomaly Based Intrusion Detection System
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
Report on statistical Intrusion Detection systems By Ganesh Godavari.

Report on statistical Intrusion Detection systems By Ganesh Godavari.
seminar on Intrusion detection system

seminar on Intrusion detection system
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Department Of Computer Engineering

Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

Similar presentations

Ads by Google