A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Shane Singh | COMPSCI 726.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
Firewall Query Engine and Firewall Comparison Engine Mohamed Gouda Alex X. Liu Computer Science Department The University of Texas at Austin.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
H Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
Network security policy: best practices
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
EXPLOITING SECURITY VULNERABILITIES IN A SMART GRID HOME AREA NETWORK USING HARDWARE SIMULATION Tyler Flack, Samujjwal Bhandari, and Susan Urban TEXAS.
Survey – IDS Testing Marmagna Desai [ 592 Presentation]
“Behind the Scenes” of the Enterprise Development Reference Architecture (EDRA) Jonathan Wanagel Microsoft patterns & practices
Penetration Testing Security Analysis and Advanced Tools: Snort.
Cloud Models – Iaas, Paas, SaaS, Chapter- 7 Introduction of cloud computing.
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
Event Stream Processing for Intrusion Detection in ZigBee Home Area Networks Sandra Pogarcic, Samujjwal Bhandari, Kedar Hippalgaonkar, and Susan Urban.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
The Most Analytical and Comprehensive Defense Network in a Box.
What is FORENSICS? Why do we need Network Forensics?
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Chapter 5: Implementing Intrusion Prevention
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Information Security What is Information Security?
7.5 Intrusion Detection Systems Network Security / G.Steffen1.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.
1 Flexible, High-Speed Intrusion Detection Using Bro Vern Paxson Computational Research Division Lawrence Berkeley National Laboratory and ICSI Center.
WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory
Role Of Network IDS in Network Perimeter Defense.
 Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion.
Enterprise Security Management Franklin Tinsley COSC 481.
Some Great Open Source Intrusion Detection Systems (IDSs)
Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.
Software Defined Networking BY RAVI NAMBOORI. Overview  Origins of SDN.  What is SDN ?  Original Definition of SDN.  What = Why We need SDN ?  Conclusion.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
SIEM Rotem Mesika System security engineering
Timeline – Standards & Requirements
CIM Modeling for E&U - (Short Version)
Timeline - ATIS Involvement
An assessment framework for Intrusion Prevention System (IPS)
Securing the Network Perimeter with ISA 2004
Detection and Analysis of Threats to the Energy Sector (DATES)
Firewalls.
Timeline - ATIS Involvement
Wireless OSS Documentation Improvements Roadmap
Security in Networking
NETWORK SECURITY LAB Lab 9. IDS and IPS.
Wireless OSS Documentation Improvements Roadmap
Intrusion Detection & Prevention
ISO/IEC 27001:2005 A brief introduction Kaushik Majumder
IS4680 Security Auditing for Compliance
Intrusion detection systems?
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
Securing Home IoT Environments with Attribute-Based Access Control
How to Detect Attacks and Supervise Rail Systems?
PLANNING A SECURE BASELINE INSTALLATION
OpenSec:Policy-Based Security Using Software-Defined Networking
Improving Data Security & Protection Using Data Provenance Figure 1
Presentation transcript:

A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Shane Singh | COMPSCI 726

Introduction Looking to expand the ability of current basic Intrusion Detection Systems (IDS) to be able to process real-time complex attack intelligence into their current operation.

Intrusion Detection System (IDS) “Device or software application that monitors network or system traffic for malicious activities or policy violations”

The Identified Issue Current IDS’ are unable to integrate external information into their processing Current approach is to convert to rule language “…it severely limits the attainable benefits…” Ensuring that by using real-time intelligence the IDS can handle realistic workloads

The Proposed Solution Development of an Input Framework with integration to a current open-source IDS. Using federated sources to provide valid, consistent attack intelligence Real-world scenario deployment and monitoring to test suitability

The Intelligence State “Externally provided context that, when correlated with traffic on the wire, can significantly increase the systems detection capabilities.”

Framework Design

Implementation and Integration Using the open-source Bro IDS Bro fits well with capabilities of Input Framework Bro turns streams of packets into “policy neutral” network events

Framework with Bro

Using Federated Blacklists The authors use the SES feed from REN-ISAC and the JC3 feed from DOE. Confidence in accuracy and quality of intelligence important Choice of private sources over public sources Integration with Input Framework

Real World Testing Tested on a trace of traffic from UC Berkeley network Utilised psuedo-realtime mode running on trace file Analysed performance on: Realistic Workloads Sustainable Load Latency Created Benchmark Reader

Summary Input Framework created and deployed on existing open- source IDS - Bro Adding another state to IDS – intelligence Real-world testing to determine suitability in network

Criticisms Firewall Impact Testing overall detection effectiveness Choice of IDS – Bro Access to blacklists used Network traffic tested quite limited

Firewall Impact The authors make no reference to how a firewall will impact traffic monitoring in their tests Testing was only done on trace from one particular network Firewalls affect the type of traffic allowed/disallowed

Overall effectiveness In the paper, there isn’t a comparison done between a network using Real-Time Intelligence with an IDS and one without any intelligence

Using Bro The choice of Bro isn’t very clearly explained No comparison between other IDS’s and to why/why not Bro was selected

Access to Federated Blacklists SES feed updated once per day JC3 feed downloaded manually from a secure server when updates released Difficult to access Vetting period not accounted for with “real-time”

Limitations of tested traffic

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.