Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.

Published byAdele Richardson Modified over 9 years ago

Similar presentations

Presentation on theme: "INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION."— Presentation transcript:

1 INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION

2 Anomaly Detection Misuse Detection A presentation over term paper on intrusion detection by anuja jain (MS in computer science) monica achury (MS in computer science)

3 Definition INTRUSION - The potential possibility of a deliberate unauthorized attempt to: Access information Manipulate information Render a system unreliable or unusable INTRUSION DETECTION - The process of identifying and responding to intrusion activities

4 Types of Intrusion There are six types of Intrusions Attempted break-ins Masquerade attacks Penetration of the security control system Leakage Denial of service Malicious use

5 Anomaly Detection  Static  Dynamic Misuse Detection Ex:- NIDES, MIDAS, STAT Intrusion Detection Techniques

6 Statistical approaches  Tripwire, Self/Non-self Dynamic /Predictive pattern generation  NIDES, Pattern Matching (UNM) Anomaly Detection Systems

7 Anomaly Detection activity measures probable intrusion Relatively high false positive rate - anomalies can just be new normal activities.

8 Misuse Detection Systems Expert Systems Keystroke Monitoring Model Based Intrusion Detection

9 Misuse Detection Intrusion Patterns activities pattern matching intrusion Can’t detect new attacks Example: if (src_ip == dst_ip) then “land attack”

10 IDS Design

11 Components of IDS Audit Data Preprocessor Audit Records Activity Data Detection Models Detection Engine Alarms Decision Table Decision Engine Action/Report system activities are observable normal and intrusive activities have distinct evidence activities have distinct evidence

12 Important Features Fault tolerant. Minimum human supervision. Resist subversion. Minimal Overhead. Platform Independent Continued…

13 Adaptable. Easy to Deploy. Detect different types of attacks.  Anomaly detection schemes  Misuse detection schemes  Combination of both Hardware / Software must be synchronized. Good data mining techniques

14 Data Mining Definition: The semi-automatic discovery of patterns, associations, changes, anomalies, rules, and statically significant structures and events in data. Data such as, Failed connection attempts Connection delays Source/Destination data packets

15 Data Mining Algorithms Extract knowledge in the form of models from data. Classification Regression Clustering Association rule abduction Sequence Analysis Others

16 Data Mining Techniques It allows the system to collect useful knowledge that describes a user’s or program’s behavior from large audit data sets. Examples: Statistics Artificial Neural Network Rule Learning Neuro-Fuzzy

17 IDS Evaluation Rate of false positives Attack detection rate Maintenance cost Total cost

18 IDS for Mobile Wireless Systems

19 Designing for Wireless Networks Problems with Wireless Networks Open Medium Dynamic changing network topology Lack of decentralized monitoring Less known security measures Data is harder to collect

20 One proposed IDS design by Georgia Institute of Technology Individual IDS agents are placed on each an every node.  Monitors local activities  User, system and communication activities Nodes cooperate with each other.  Investigate together at a broader range A secure communication channel among the IDS Agent.

21 references Chebrolu, S., Abraham, A., Thomas, J.P.: Feature Detection and Ensemble Design of Intrusion Detection Systems. Computers and security, http://dx.doi.org/10.1016/j.cose.2004.09.008http://dx.doi.org/10.1016/j.cose.2004.09.008 Zhang, Y., Lee, W., and Huang, Y. 2003. Intrusion detection techniques for mobile wireless networks. Wirel. Netw. 9, 5 (Sep. 2003), 545-556. DOI= http://dx.doi.org/10.1023/A:1024600519144 J.P Anderson. Computer Security Threat Monitoring and Surveillance. Technical report, James P Anderson Co., Fort Washington, Pennsylvania, April 1980 Eugene H Spafford. Security Seminar, Department of Computer Sciences, Purdue University, Jan 1996. Biswanath Mukherjee, L Todd Heberlein and Karl N Levitt. Network Intrusion Detection, IEEE Network, May/June 1994, pages 26-41.

22 Questions???

Download ppt "INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
Data Mining and Intrusion Detection

Data Mining and Intrusion Detection
IDS/IPS Definition and Classification

IDS/IPS Definition and Classification
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Intrusion Detection Techniques for Mobile Wireless Networks Authors: Yongguang Zhang, HRL Laboratories LLC, Malibu, California. Wenke Lee, College of Computing,

Intrusion Detection Techniques for Mobile Wireless Networks Authors: Yongguang Zhang, HRL Laboratories LLC, Malibu, California. Wenke Lee, College of Computing,
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Mobile Agents for Intrusion Detection Jaromy Ward.

Mobile Agents for Intrusion Detection Jaromy Ward.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.

1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
Introduction to Intrusion Detection Systems Presented by Parwez.

Introduction to Intrusion Detection Systems Presented by Parwez.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Building Knowledge-Driven DSS and Mining Data

Building Knowledge-Driven DSS and Mining Data
Intrusion Detection Systems By Ali Hushyar. What is an intrusion? Intrusion: “any action or set of actions that attempt to compromise the integrity, confidentiality.

Intrusion Detection Systems By Ali Hushyar. What is an intrusion? Intrusion: “any action or set of actions that attempt to compromise the integrity, confidentiality.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)

Similar presentations

Ads by Google