12/6/2010CS 591 - Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.

Slides:



Advertisements
Similar presentations
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
Advertisements

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
seminar on Intrusion detection system
Lecture 11 Intrusion Detection (cont)
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Botnets An Introduction Into the World of Botnets Tyler Hudak
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Monday, June 27, 2011Copyright© 2011 Dragnet Dragnet ® Cloud Service Introduction Matthew McLeod, Managing Director
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
APT29 HAMMERTOSS Jayakrishnan M.
GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.
PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 5: Implementing Intrusion Prevention
A System for Denial-of- Service Attack Detection Based on Multivariate Correlation Analysis.
Bandwidth Distributed Denial of Service: Attacks and Defenses.
PROFILING HACKERS' SKILL LEVEL BY STATISTICALLY CORRELATING THE RELATIONSHIP BETWEEN TCP CONNECTIONS AND SNORT ALERTS Khiem Lam.
1 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Cognitive Security: Security Analytics and Autonomics for Virtualized Networks Lalita Jagadeesan.
Network security Product Group 2 McAfee Network Security Platform.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.
BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Minimizing the Impact of Denial of Service Attacks on a Virtualized Cloud Adel Abusitta, PhD Student (First year) Supervisors: Pr. Martine Bellaiche and.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
Network Anomaly Detection Using Autonomous System Flow Aggregates Thienne Johnson 1,2 and Loukas Lazos 1 1 Department of Electrical and Computer Engineering.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management.
Some Great Open Source Intrusion Detection Systems (IDSs)
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain
IDS Intrusion Detection Systems
IDS/IPS Intrusion Detection System/ Intrusion Prevention System.
Advanced Troubleshooting with Cisco Prime NAM-3: Use Case
Real-time protection for web sites and web apps against ATTACKS
Security Methods and Practice CET4884
Very Fast containment of Scanning Worms
ADVANCED PERSISTENT THREATS (APTs) - Simulation
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Home Internet Vulnerabilities
Networking for Home and Small Businesses – Chapter 8
Data Mining & Machine Learning Lab
Security Delivery Platform for the Micro-segmented Data Center
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Autonomous Network Alerting Systems and Programmable Networks
Introduction to Internet Worm
Presentation transcript:

12/6/2010CS Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs

12/6/2010 CS Andrew Bates - UCCS 2 Introduction What is the Advanced Persistent Threat Pattern Based Intrusion Detection Proposal Conclusion

12/6/2010 CS Andrew Bates - UCCS 3 What is APT Combination of many existing known threats not just “Phishing” or “Spear Phishing”  Social Engineering  Zero Day Exploits  Botnets What’s different? Persistent!  Exploits custom built for a given attack  Threat or attack can span many months  Very carefully crafted  Low Volume

12/6/2010 CS Andrew Bates - UCCS 4 APT and Intrusion Detection Systems IDS very good at alerting known exploits and vulnerabilities IDS also good at identifying Denial of Service (DoS) and Distributed DoS (DDoS) attacks APT can be low volume and may not actually exploit any known vulnerability  Targeted that coerces victim to download and run some software

12/6/2010 CS Andrew Bates - UCCS 5 Pattern Based Intrusion Detection Always one step behind  Must know of a vulnerability in order to build pattern Can have very high false positive rate in large organizations Must know what “normal” behavior is Very high maintenance

12/6/2010 CS Andrew Bates - UCCS 6 Pattern Based Intrusion Detection On small networks can have hundreds of alerts in short period of time If the relationship between number of hosts and number of alerts/false positives is linear:

12/6/2010 CS Andrew Bates - UCCS 7 Proposal Push IDS as close to the host as possible Use learning algorithms to determine normal activity Trigger on anomalous activity Score sessions based on triggers and then perform more strenuous tests  Pattern matching, traffic analysis, etc.

12/6/2010 CS Andrew Bates - UCCS 8 Proposal Leverage VM technology to place inline IDS/IPS with host system Funnel data to central collection/correlation infrastructure Alert on anomalous activity based on learned “normal” behaviour

12/6/2010 CS Andrew Bates - UCCS 9 Conclusion APT is just like any other threat, but may be lower volume and more targeted Pattern based IDS not well suited for APT detection in an Enterprise Push IDS towards the host, perhaps even on the physical hardware “Learn” normal behavior and trigger further tests when abnormal behavior occurs

12/6/2010 CS Andrew Bates - UCCS 10 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.