Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysis Console for Intrusion Databases Roy. Description ACID.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Analysis Console for Intrusion Databases Roy. Description ACID."— Presentation transcript:

1 Analysis Console for Intrusion Databases Roy

2 Description ACID

3 Objective n Setup ACID, MySQL, Snort n Super alert Analyzer n Performance Benchmarking of ACID

4 About ACID Query-builder and search interface Packet viewer (decoder) Alert management Chart and statistics generation Centralize control

5 System overview n ACID+Snort+MySQL ACID

6 Distributed IDS centralize control ACIDDB

7 Prerequisites n A database -Package: MySQL Version: 3.23.x+Version: 3.23.x+ Homepage: http://www.mysql.com/Homepage: http://www.mysql.com/http://www.mysql.com/ n A mechanism -Package: Snort Version: 1.7+Version: 1.7+ Homepage: http://www.snort.org/Homepage: http://www.snort.org/http://www.snort.org/ -Package: PHP Version: 4.0.4+Version: 4.0.4+ Homepage: http://www.php.net/Homepage: http://www.php.net/http://www.php.net/ n A web server -Package: Apache Server -Version: 1.3.*+ -Homepage: http://www.apache.org/ http://www.apache.org/ n PHP access database API -Package: ADODB Homepage: http://php.weblogs.com/adodb/Homepage: http://php.weblogs.com/adodb/http://php.weblogs.com/adodb/ -Package: PHPlot Homepage: http://www.phplot.comHomepage: http://www.phplot.comhttp://www.phplot.com -Package: JPGraph Homepage: http://www.aditus.nu/jpgraph/Homepage: http://www.aditus.nu/jpgraph/http://www.aditus.nu/jpgraph/ -Package: GD Homepage: http://www.boutell.com/gd/Homepage: http://www.boutell.com/gd/http://www.boutell.com/gd/

8 Install ACID and snort n Download ACID -http://www.andrew.cmu.edu/user/rdanyliw/ snort/snortacid.html n Decompress acid-0.9.6b23.tar.gz n Move ACID to your web directory

9 Setting up the database in MySQL n Create database n Create user and assign privilege n Create snort tables

10 Modify ACID config files n Edit acid_conf.php

11 Connect to sensor manager n Open http://192.168.1.101/acid/acid_conf.php

12 Setup snort output module n Edit /etc/snort/snort.conf

13 Test environment 三暝三日 …

14 Enjoy the results n Open http://192.168.1.101/acid/

15 More analysis n 5 most frequent alerts (alert listing) n 15 most frequent alerts (unique source) n Time profile of alerts n Last 24 hours n Last 72 hours

16 Performance Benchmarking of ACID (Page loading time) n Host: Intel Mobile 800Mhz, 256 MB RAM n OS: Linux 2.2.16-22 n Apache: 1.3.19 n PHP: 4.0.5 n MySQL: 3.23.32 n PostgreSQL:7.1.2 n DB schema: v102 n ACID: 0.9.6b10 - 0.9.6b13

17 I. Unique Alert Listing (acid_stat_alerts.php)

18 II. ACID Main page (acid_main.php)

19 Summary

20 Reference n Performance Benchmarking of ACID -http://www.andrew.cmu.edu/user/rdanyliw/ snort/perf/acid_perf.html n NIST Intrusion Detection System

21 Appendix A n Passive Ethernet Tap Traffic in Traffic out IDS http://www.snort.org/docs/tap/

Download ppt "Analysis Console for Intrusion Databases Roy. Description ACID."

Similar presentations

WordPress from Start to Finish Day 1: Installing and Using WordPress Looking at the WordPress database.

WordPress from Start to Finish Day 1: Installing and Using WordPress Looking at the WordPress database.
1 Network Intrusion Detection System & Its Analyzer: Snort & ACID 60-564: Security and Privacy on the Internet Instructor: Dr. A. K. Aggarwal Presented.

1 Network Intrusion Detection System & Its Analyzer: Snort & ACID : Security and Privacy on the Internet Instructor: Dr. A. K. Aggarwal Presented.
Snort & ACID Low cost, highly configurable IDS by Patrick Southcott

Snort & ACID Low cost, highly configurable IDS by Patrick Southcott
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.

Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.
Installation of SNORT, APACHE, PHP, MYSQL and SnortReport.

Installation of SNORT, APACHE, PHP, MYSQL and SnortReport.
Intrusion Detection System using Snort & SAM 60-564: Security and Privacy on the Internet Instructor: Dr. A. K. Aggarwal Presented By: S. Rahaman & A.

Intrusion Detection System using Snort & SAM : Security and Privacy on the Internet Instructor: Dr. A. K. Aggarwal Presented By: S. Rahaman & A.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.

Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.
Metadata Server system software laboratory. Overview metadata service in Grid environment Grid environment Metadata server User query data search information.

Metadata Server system software laboratory. Overview metadata service in Grid environment Grid environment Metadata server User query data search information.
A complete web app using flex. You can use the flex builder to generate the php (server side) code for a flex-php application. As before, Php connects.

A complete web app using flex. You can use the flex builder to generate the php (server side) code for a flex-php application. As before, Php connects.
Information Networking Security and Assurance Lab National Chung Cheng University Analysis Console for Intrusion Databases.

Information Networking Security and Assurance Lab National Chung Cheng University Analysis Console for Intrusion Databases.
PHP Scripting Language. Introduction “PHP” is an acronym for “PHP: Hypertext Preprocessor.” It is an interpreted, server-side scripting language. Originally.

PHP Scripting Language. Introduction “PHP” is an acronym for “PHP: Hypertext Preprocessor.” It is an interpreted, server-side scripting language. Originally.
Bonrix SMPP Gateway 1.0.1. Index Introduction Architecture diagram Set up diagram System & Software Requirements Installation Deployment Operations HTTP.

Bonrix SMPP Gateway Index Introduction Architecture diagram Set up diagram System & Software Requirements Installation Deployment Operations HTTP.
GreenSQL Yuli Stremovsky /MSN/Gtalk:

GreenSQL Yuli Stremovsky /MSN/Gtalk:
INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
SYST 28043 Web Technologies SYST 28043 Web Technologies Installing a Web Server (XAMPP)

SYST Web Technologies SYST Web Technologies Installing a Web Server (XAMPP)
CS 4720 Anatomy of a Web Application CS 4720 – Web & Mobile Systems.

CS 4720 Anatomy of a Web Application CS 4720 – Web & Mobile Systems.

Similar presentations

Ads by Google