Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

Slides:



Advertisements
Similar presentations
Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.
Advertisements

Validating the Evaluation of Adaptive Systems by User Profile Simulation Javier Bravo and Alvaro Ortigosa {javier.bravo, Universidad.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Cryptography and Network Security Chapter 20 Intruders
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Intrusion Detection Systems and Practices
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
seminar on Intrusion detection system
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.
WAC/ISSCI Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
IIT Indore © Neminah Hubballi
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Chapter 18 Intruders.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Signature Based and Anomaly Based Network Intrusion Detection
INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.
Grant Pannell. Intrusion Detection Systems  Attempt to detect unauthorized activity  CIA – Confidentiality, Integrity, Availability  Commonly network-based.
Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.
Operating system Security By Murtaza K. Madraswala.
An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.
Intrusion Control. CSCE Farkas2 Readings Lecture Notes Pfleeger: Chapter 7.5.
INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
Name:Neha Madgaonkar Roll no:  What are intruders?  Types  Behavior  Techniques.
Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.
Intrusion Detection State of the Art/Practice Anita Jones University of Virginia.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Cryptography and Network Security Sixth Edition by William Stallings.
Artificial Intelligence Center,
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Intrusion Detection System
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
Approaches to Intrusion Detection statistical anomaly detection – threshold – profile based rule-based detection – anomaly – penetration identification.
Lecture 13 Page 1 CS 236 Online Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
Some Great Open Source Intrusion Detection Systems (IDSs)
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Application Intrusion Detection
IDS/IPS Intrusion Detection System/ Intrusion Prevention System.
Intrusion Control.
Secure Software Confidentiality Integrity Data Security Authentication
Basics of Intrusion Detection
Outline Introduction Characteristics of intrusion detection systems
Operating system Security
Evaluating a Real-time Anomaly-based IDS
Intrusion Prevention Systems
Intrusion Detection Systems
Security.
Intrusion Detection system
Intrusion.
Operating System Concepts
Presentation transcript:

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00

Introduction Intrusion is when the user takes an action that the user was not legally allowed to take. Intrusion attempt (Anderson,1980) is defined to be potential possibility of an unauthorized attempt to - Access information - Manipulate information, or - Render a system unreliable or unusable.

Introduction (cont) Intruder detection involves determining that an intruder has tried to gain or has gained unauthorized access to the system. Most intrusion detection systems attempt to detect a presumed intrusion and alert a system administrator. System administrators take action to prevent intrusion. Audit record is a record of activities on a system that are logged to a file in sorted order.

From Lincoln Laboratory Massachusetts Institute of Technology

Intrusion Classification The COAST group at Purdue University defined an intruder as any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. There are two techniques of intrusion detection 1.Anomaly Detection – based on observations of deviations from normal system usage patterns. 2.Misuse Detection – attacks on weak point of a system.

Anomaly Detection Try to detect the complement of bad behavior. This system could verify a normal activity profile for a system and flag all states altering from the verified profile. Must be able to distinguish between anomalous and normal behavior.

Anomaly Detection A block diagram of a typical anomaly detection system

Misuse Detection Try to recognize known bad behavior. This system detects by using the form of pattern or a signature, so that variations of the same attack can be detected. Concerned with catching intruders who are attempt to break into a system by exploiting some known vulnerability.

Misuse Detection A block diagram of a typical misuse detection system

Intruder Classification Intruders are classified into two groups. 1.External intruders – who are unauthorized users of the systems they attacks. 2.Internal intruders – who have some authority - Masqueraders – external intruders who have succeeded in the gaining access to the system.(credit card defrauder) - Legitimates – intruders who have access to sensitive data, but misuse this access. - Clandestine – intruders who have the power to control the system and have power to turn off audit control for themselves.

Problem Description An Application Intrusion Detection System will be concerned with anomaly detection more than misuse detection. Since OS Intrusion Detection and Application Intrusion Detection have many relations on the same basic observation entity, there should be some correlation between events at the operating system and application levels. Is it possible to have these two systems cooperate in order to improve the effectiveness of Intrusion Detection System.

Research Objectives The goal of this research is to try to improve the effectiveness of Intruder Detection and to see the possibilities of how the OS Intrusion Detection System might cooperate with Application Intrusion Detection System to achieve this goal.

OS Intrusion Detection System Detects external intruders Organizes in such a way that the process the user that started the process or whoever the process was executed is associated with each event. Lower resolution Views the file as a container whose contents cannot be deciphered except for changes in size. Can only define a relation on a file as a whole, such as whether or not it was changed in the last period of time. The different between an OS and an Application

Application Intrusion Detection System Only detects internal intruders after they either penetrated the operating system to get access to the application,or they were given some legitimate access to the application. May not be set up to perform mapping between the event and the event causing entity. Higher resolution Can define a relation on the different records of fields of the file.

Similarities Attempts to detect intrusion by evaluating relations to differentiate between anomalous and normal behavior. The database file are the same size. Could build event records containing listings of all events and associated event causing entities of the application using whatever form of identification available. Structure.

Literature review The COAST laboratory at Purdue University characterized a good Intrusion Detection System as having the following qualities -Run continually -The system must be reliable enough to allow it to run in the background of the system being observed. -Fault tolerant -The system must survive a system crash and not have its knowledge-base rebuilt at start. -Resist subversion -The system can monitor itself to ensure that it has not been subverted

Literature Review (cont) -Minimal overhead -The system that slows a computer to a creep will not be used. -Observe deviations (from normal behavior.) -Easily tailored -Every system has a different usage pattern, and the defense mechanism should be easily adapt to the patterns. -Changing system behavior -The system profile will change over time, and the Intrusion Detection System must be able to adapt. -Difficult to fool

Literature Review (cont) The Information Systems Technology Group of MIT Lincoln Laboratory, under Defense Advanced Research Projects Agency (DARPA) Information Technology Office and Air Force Research Laboratory (AFRL/SNHS) sponsorship, has collected and evaluated computer network intrusion detection systems since

Benefits of this Research We will know the ability of application intrusion detection system cooperate with OS Intrusion Detection System and improve ability of Intrusion Detection Systems to defend against intruders.

Research Design Case study of Application Intrusion Detection System Study the differences and cooperation between the Application Intrusion Detection System and the OS Intrusion Detection System Research the possibility of the two systems working cooperatively.

Conclusion The Application Intrusion Detection System can be more effective in detecting intruders than the OS Intrusion Detection System because Application Intrusion Detection operates with a higher resolution. Since the Application Intrusion Detection System depends on OS Intrusion Detection System and only OS Intrusion Detection System can detect the external intruders, we need both an OS Intrusion Detection System and an Application Intrusion Detection System to cooperate for increased potential in detecting intruders.

Thank you.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.