Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Shane Singh | COMPSCI 726.

Published byDinah Fisher Modified over 9 years ago

Similar presentations

Presentation on theme: "A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Shane Singh | COMPSCI 726."— Presentation transcript:

1 A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Shane Singh | COMPSCI 726

2 Introduction Looking to expand the ability of current basic Intrusion Detection Systems (IDS) to be able to process real-time complex attack intelligence into their current operation.

3 Intrusion Detection System (IDS) “Device or software application that monitors network or system traffic for malicious activities or policy violations”

4 The Identified Issue Current IDS’ are unable to integrate external information into their processing Current approach is to convert to rule language “…it severely limits the attainable benefits…” Ensuring that by using real-time intelligence the IDS can handle realistic workloads

5 The Proposed Solution Development of an Input Framework with integration to a current open-source IDS. Using federated sources to provide valid, consistent attack intelligence Real-world scenario deployment and monitoring to test suitability

6 The Intelligence State “Externally provided context that, when correlated with traffic on the wire, can significantly increase the systems detection capabilities.”

7 Framework Design

8 Implementation and Integration Using the open-source Bro IDS Bro fits well with capabilities of Input Framework Bro turns streams of packets into “policy neutral” network events

9 Framework with Bro

10 Using Federated Blacklists The authors use the SES feed from REN-ISAC and the JC3 feed from DOE. Confidence in accuracy and quality of intelligence important Choice of private sources over public sources Integration with Input Framework

11 Real World Testing Tested on a trace of traffic from UC Berkeley network Utilised psuedo-realtime mode running on trace file Analysed performance on: Realistic Workloads Sustainable Load Latency Created Benchmark Reader

12 Summary Input Framework created and deployed on existing open- source IDS - Bro Adding another state to IDS – intelligence Real-world testing to determine suitability in network

13 Criticisms Firewall Impact Testing overall detection effectiveness Choice of IDS – Bro Access to blacklists used Network traffic tested quite limited

14 Firewall Impact The authors make no reference to how a firewall will impact traffic monitoring in their tests Testing was only done on trace from one particular network Firewalls affect the type of traffic allowed/disallowed

15 Overall effectiveness In the paper, there isn’t a comparison done between a network using Real-Time Intelligence with an IDS and one without any intelligence

16 Using Bro The choice of Bro isn’t very clearly explained No comparison between other IDS’s and to why/why not Bro was selected

17 Access to Federated Blacklists SES feed updated once per day JC3 feed downloaded manually from a secure server when updates released Difficult to access Vetting period not accounted for with “real-time”

18 Limitations of tested traffic

19 Questions?

Download ppt "A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Shane Singh | COMPSCI 726."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
Firewall Query Engine and Firewall Comparison Engine Mohamed Gouda Alex X. Liu Computer Science Department The University of Texas at Austin.

Firewall Query Engine and Firewall Comparison Engine Mohamed Gouda Alex X. Liu Computer Science Department The University of Texas at Austin.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
H28.1 6-Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.

H Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.

Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Department Of Computer Engineering

Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]
Network security policy: best practices

Network security policy: best practices
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
EXPLOITING SECURITY VULNERABILITIES IN A SMART GRID HOME AREA NETWORK USING HARDWARE SIMULATION Tyler Flack, Samujjwal Bhandari, and Susan Urban TEXAS.

EXPLOITING SECURITY VULNERABILITIES IN A SMART GRID HOME AREA NETWORK USING HARDWARE SIMULATION Tyler Flack, Samujjwal Bhandari, and Susan Urban TEXAS.
Survey – IDS Testing Marmagna Desai [ 592 Presentation]

Survey – IDS Testing Marmagna Desai [ 592 Presentation]
“Behind the Scenes” of the Enterprise Development Reference Architecture (EDRA) Jonathan Wanagel Microsoft patterns & practices

“Behind the Scenes” of the Enterprise Development Reference Architecture (EDRA) Jonathan Wanagel Microsoft patterns & practices
Penetration Testing Security Analysis and Advanced Tools: Snort.

Penetration Testing Security Analysis and Advanced Tools: Snort.

Similar presentations

Ads by Google