Evaluating a Real-time Anomaly-based IDS

Slides:



Advertisements
Similar presentations
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Advertisements

The Most Analytical and Comprehensive Defense Network in a Box.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)
CS490D: Introduction to Data Mining Prof. Chris Clifton April 14, 2004 Fraud and Misuse Detection.
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY Presented by:Manoj Kumar Gantayat CS: Technical Seminar Presentation by MANOJ KUMAR GANTAYAT.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.
Intrusion Detection Adam Ashenfelter Nicholas J. Tyrrell.
IIT Indore © Neminah Hubballi
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.
23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
Name:Neha Madgaonkar Roll no:  What are intruders?  Types  Behavior  Techniques.
Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj
Intrusion Detection (ID) Intrusion detection is the ART of detecting inappropriate, incorrect, or anomalous activity There are two methods of doing ID.
Intrusion Detection Presentation : 3 OF n by Manish Mehta 02/21/03.
Unix Security.  Security architecture  File system and user accounts  Integrity management  Auditing and intrusion detection.
7.5 Intrusion Detection Systems Network Security / G.Steffen1.
Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.
1 Figure 10-4: Intrusion Detection Systems (IDSs) HOST IDSs  Protocol Stack Monitor (like NIDS) Collects the same type of information as a NIDS Collects.
Intrusion Detection State of the Art/Practice Anita Jones University of Virginia.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Cryptography and Network Security Sixth Edition by William Stallings.
Artificial Intelligence Center,
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Module 10: Implementing Administrative Templates and Audit Policy.
Intrusion Detection System
CS526: Information Security Chris Clifton November 25, 2003 Intrusion Detection.
A Blackboard-Based Learning Intrusion Detection System: A New Approach
Dr. Bruce Gabrielson Keynote.  Five years since the release of the first Insider Threat State of the Art Report ◦ In reality, it’s been almost 7 years.
Contextual Security Intelligence Suite™ Preventing Data Breaches without Constraining Business.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
By: Surapheal Belay ITEC 6322 / Spring ABSTRACT NIST , guide to intrusion detection and prevention systems (IDPS), discusses four types of.
Some Great Open Source Intrusion Detection Systems (IDSs)
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Application Intrusion Detection
Chapter 19: Network Management
IDS/IPS Intrusion Detection System/ Intrusion Prevention System.
Ch.22 INTRUSION DETECTION
MadeCR: Correlation-based Malware Detection for Cognitive Radio
(A CORPORATE NETWORK APPROACH)
NETWORKS Fall 2010.
Intrusion Control.
Intrusion Detection Systems
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Introduction to Networking
CompTIA Security+ Study Guide (SY0-501)
Intrusion Detection Systems (IDS)
ISMS Information Security Management System
Intrusion Prevention Systems
Intrusion Detection Systems
Intrusion Detection with Neural Networks my awesome graphic ↑
Security.
Intrusion Detection system
Intrusion Detection.
Operating System Concepts
SECURITY AS NON-FUNCTIONAL REQUIREMENT IN SOFTWARE ENGINEERING
Intrusion Detection Systems
Presentation transcript:

Evaluating a Real-time Anomaly-based IDS A.B. Ruighaver P.G. Thorne K. Tan Computer Forensic and System Security Group University of Melbourne, Australia

Anomaly-based Intrusion Detection To detect the unauthorized use, misuse or abuse of a computer system. Not attack based (use a misuse IDS) Can detect masqueraders Finger prints user behavior Other intrusions ? Subjective (what is an intrusion ?) Anomaly only indicates possible intrusion

A Real-time Anomaly-based IDS Neural network based Uses simple feed forward networks Does not predict next action in sequence, but whether current action is “normal behavior” Needs to be able to forget old behavior Uses standard system logs No need to permanently run auditing software Consumes minimal system resources Portability

Behavioral profiles Separate networks for each behavioral characteristic Commands Activity Time CPU usage Login Host Correlation network to build user profile

Evaluation Finger Print uniqueness Intrusive behavior only briefly tested, seems to work well not sure whether we can identify an attacker Intrusive behavior external attacks (easy) insider threat (more difficult) Initial test data Student machine for one semester Host identification not reliable and removed

Preliminary Evaluation results Some clear intrusions Some clear non-intrusions Most anomalies can not be classified A few accounts generate most anomalies Known incidents have been detected Command-time anomalies prevalent Many repeated anomalies Command is not a good indicator

Lessons Need good data set Need more behavior No artificial data set, need varied behavior Need audit data to explain behavior May need to filter out repeated intrusions Need more behavior Tailor system to generate complex behavior Prevent detection of non-intrusive anomalies Need to have better response capabilities

Conclusions Finger print based on individual behavior Indicates any change in individual behavior To identify intrusions need group behavior Need to create more behavior in system Anomaly-based IDS is not only a tool for detection but also a tool for prevention -> use it as a behavioral monitor

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.