14 Intrusion Detection
-
Upload
daniel-leonardo -
Category
Documents
-
view
218 -
download
0
description
Transcript of 14 Intrusion Detection
-
IntrusionDetectionSystem
PresentationBy:D.Shiva,S.GaganKumar
-
Agenda :
What is intrusion detection?
Objectives of Intrusion Detection System
Types of intrusion detection systems
How it works?
Conclusion & future work
-
What is intrusion detection?
Detecting unwanted intrusions on a network or a device
Intrusion detection can be installed software or device that monitors on network traffic.
It is needed as burglar alarm system to commercial buildings.
-
Objectives of IDS
Identifying problems with security policies.
Documenting existing threats.
Preventing individuals from intruding
-
Types of Intrusion Detection Systems
Based on the scope of monitoring...
Network Based Intrusion Detection Systems
Host Based Intrusion Detection Systems
IntrusionDetection Systems
-
Host-Based Intrusion Detection System
-
Host-Based Intrusion Detection System
Its a software or device Installed on computer it detects and informs
Through Sensors ,It analyzes and stores system calls,application logs,executable files,file-system modifcations for evidence of intrusion.
Alerts if it encounters any intrusion.
-
Sensors :Collects the data from network packets,log files, system call traces.Forward the data to Analyzers.
Analyzer :Analyzes whether intrusion has occured or not.Output contains evidence supporting the intrusion report.
User interface :End user view, through this user can control and configure the system.
Host-Based Intrusion Detection System
-
AnalyzerSensor
User Interface
Database
Host-Based Intrusion Detection System
-
How HIDS works?
Two methods
Pattern Matching
Statistical anomalies
-
Patten matching
Detecting intrusion based on 'patterns'
Analogous to : Identifying the criminal by fingerprint process.
Process : Install software with various pre-defined patterns of attacks. IDS matches the intruder pattern with pre-defined pattens. If match found,IDS reports intrusion. Patterns in software must be kept up to date.
Drawback: It fails to to catch the new attack to which software has no defined pattern to match
-
This is how it works....
Intruder / Attacker
Pre-Defined patterns
Is Match found?
IntruderPattern
NotifyIntrusion Detected Grant Access
Yes No
-
Statistical Anomalies
Generating a signature of normal behaviour for each user with sequence of commands that they type in.
With signature of all the frequent command traces of a user types, we can compare future command traces.
IDS notifies immediately if anomalies actions detected. Sequence of commands that user frequently type in. Ex:open directory,text editor,check mail,compile a program,
-
Future work
Our future work would be on INTRUSION PREVENTION through following methods:
SMS configuration when log in
Setting Hardware address for remote login for better support to username and password scenario.
Analysis Using Snapshots.
Using image capturing techinique
-
Conclusion
Data is everything..! We must protect their data. IDS is to monitoring, detecting, and responding to security threats. IDS has gone through many iterations for efficient use to protect single byte of data not to get hacked.
-
References:
www.google.co.in/Intrusion_Detection_Sys
http://en.wikipedia.org/wiki/Intrusion_detection_system
http://www.spamlaws.com/how-intrusion-detection-works.html
http://en.wikipedia.org/wiki/Hostbased_intrusion_detection_system
http://www.intrusion-detection-system-group.co.uk/
-
Any Qu
eries???
-
Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18