Presentation is loading. Please wait.

Presentation is loading. Please wait.

Basics of Intrusion Detection

Published byKerry Small Modified over 6 years ago

Similar presentations

Presentation on theme: "Basics of Intrusion Detection"— Presentation transcript:

1 Basics of Intrusion Detection
Watch what’s going on in the system Try to detect behavior that characterizes intruders While avoiding improper detection of legitimate access At a reasonable cost

2 Intrusion Detection and Logging
A natural match The intrusion detection system examines the log Which is being kept, anyway Secondary benefits of using the intrusion detection system to reduce the log

3 On-Line Vs. Off-Line Intrusion Detection
Intrusion detection mechanisms can be complicated and heavy-weight Perhaps better to run them off-line E.g., at nighttime Disadvantage is that you don’t catch intrusions as they happen

4 Failures In Intrusion Detection
False positives Legitimate activity identified as an intrusion False negatives An intrusion not noticed Subversion errors Attacks on the intrusion detection system

5 Desired Characteristics in Intrusion Detection
Continuously running Fault tolerant Subversion resistant Minimal overhead Must observe deviations Easily tailorable Evolving Difficult to fool

6 Host Intrusion Detection
Run the intrusion detection system on a single computer Look for problems only on that computer Often by examining the logs of the computer

7 Advantages of the Host Approach
Lots of information to work with Only need to deal with problems on one machine Can get information in readily understandable form

8 Network Intrusion Detection
Do the same for a local (or wide) area network Either by using distributed systems techniques Or (more commonly) by sniffing network traffic

9 Advantages of Network Approach
Need not use up any resources on users’ machines Easier to properly configure for large installations Can observe things affecting multiple machines

10 Network Intrusion Detection and Data Volume
Lots of information passes on the network If you grab it all, you will produce vast amounts of data Which will require vast amounts of time to process

11 Network Intrusion Detection and Sensors
Use programs called sensors to grab only relevant data Sensors quickly examine network traffic Record the relevant stuff Discard the rest If you design sensors right, greatly reduces the problem of data volume

12 Wireless IDS Observe behavior of wireless network Generally 802.11
Look for problems specific to that environment E.g., attempts to crack WEP keys Usually doesn’t understand higher network protocol layers And attacks on them

13 Application-Specific IDS
An IDS system tuned to one application or protocol E.g., SQL Can be either host or network Typically used for machines with specialized functions Web servers, database servers, etc. Possibly much lower overheads than general IDS systems

Download ppt "Basics of Intrusion Detection"

Similar presentations

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
seminar on Intrusion detection system

seminar on Intrusion detection system
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
IIT Indore © Neminah Hubballi

IIT Indore © Neminah Hubballi
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Denial-of-Service Attacks Justin Steele Definition “A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate.

Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
Lecture 11 Page 1 CS 236 Online Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible –Good.

Lecture 11 Page 1 CS 236 Online Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible –Good.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.

SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS-2010 13 Sept 2004.

Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.

Similar presentations

Ads by Google