SlideShare a Scribd company logo

Intrusion detection system

Download as PPTX, PDF
Aparna Bhadran
Aparna Bhadran

Its about intrusion detection system(IDS),types of IDS,different types of intrusion detection system.

Engineering
1 of 26
INTRUSION DETECTION SYSTEM
INTRUDERS • Many computer security incidents are caused -by insiders • Who could not be blocked by firewalls. • So as a next level of defense – we are using Intrusion detection system.
INTRUSION DETECTION SYSTEM • intrusion detection system (IDS) is a device • typically another separate computer, that monitors – activity to identify malicious or suspicious events. • An IDS is a sensor
FUNCTIONS • Monitoring users and system activity • auditing system configuration for vulnerabilities and misconfigurations • assessing the integrity of critical system and data files • recognizing known attack patterns in system activity
• identifying abnormal activity through statistical analysis • correcting system configuration errors
TYPES • Signature-based intrusion detection systems: – perform pattern-matching and – report situations that match a pattern corresponding to a known attack type. • Heuristic intrusion detection systems( anomaly based) build a – detection looks for behavior that is out of the ordinary.
• Intrusion detection devices can be – network based or – host based. • network-based IDS is a – stand-alone device attached to the network to monitor traffic throughout that network • host-based IDS runs on a single workstation or client or host, to protect that one host.
Signature-Based Intrusion Detection • The problem with signature-based detection is the signatures themselves. • An attacker will try to modify a basic attack in such a way that it will not match the known signature of that attack. • signature-based IDSs cannot detect a new attack for which a signature is not yet installed in the database
Heuristic Intrusion Detection • heuristic intrusion detection looks for behavior that is out of the ordinary. • Inference engine perform continuous analysis of the system • Raising an alert when systems dirtiness increase the threshold. • Inference engine works in 2 ways – State based intrusion detection system. – Model based intrusion detection system.
State based intrusion detection system: • see the system going through changes of overall state or configuration. • They try to detect when the system moves to unsafe state Model based intrusion detection system: • Map current activity into model of unacceptable activity • Raise an alarm when activity resembles the model.
Misuse intrusion detection: • intrusion detection can work from a model of known bad activity. • All heuristic intrusion detection activity is classified in one of three categories: – good/benign, – suspicious, – unknown. • Over time, specific kinds of actions can move from one of these categories to another,
Stealth Mode • An IDS is a network device . • Any network device is potentially vulnerable to network attacks. • To counter those problems,: • most IDSs run in stealth mode. • an IDS has two network interfaces: – one for the network being monitored – to generate alerts
• The IDS uses the monitored interface as input only – it never sends packets out through that interface. • If the IDS needs to generate an alert, – it uses only the alarm interface on a completely separate control network
Goals for Intrusion Detection Systems • an IDS should be – fast, – simple, – accurate, – while at the same time being complete. – It should detect all attacks with little performance penalty
• An IDS could use some—or all—of the following design approaches: – filter on packet headers – filter on packet content – maintain connection state – use complex, multipacket signatures – use minimal number of signatures with maximum effect – filter in real time, online – hide its presence – use optimal sliding time window size to match signatures
Responding to Alarms • Whatever the type, an intrusion detection system raises an alarm when it finds a match. • The alarm can range from something modest, such as writing a note in an audit log, to something significant, such as paging the system security administrator.
• responses fall into three major categories: – monitor – protect – call a human • Monitoring is appropriate for an attack of initial impact. • Perhaps the real goal is to watch the intruder, • to see : – what resources are being accessed or – what attempted attacks are tried. – This approach should be invisible to the attacker.
• Protecting can mean – increasing access controls and – even making a resource unavailable • In contrast to monitoring, protecting may be very visible to the attacker. • calling a human allows individual discrimination. • The IDS can take an initial defensive action immediately while also generating an alert to a human.
False Results • Intrusion detection systems are not perfect. – and mistakes are their biggest problem. • 2 main false result: – false positive-by raising an alarm for something that is not really an attack – false negative- not raising an alarm for a real attack. • Too many false positives means the administrator will be less confident of the IDS's warnings. • But false negatives mean that real attacks are passing the IDS without action.
IDS Strengths and Limitations • Strength: • IDSs detect an ever-growing number of serious problems. – And as we learn more about problems, we can add their signatures to the IDS model. – Thus, over time, IDSs continue to improve. • becoming cheaper • easier to administer.
• Limitation: • avoiding an IDS is a first priority for successful attackers. • An IDS that is not well defended is useless. • Similar IDS have identical vulnerabilities so – there selection criteria will miss similar attack. • IDS is sensitive – Which is difficult to measure and adjust. • An IDS does not run itself. • General: • IDS ARE EXCELLENT ADDITION TO NETWORK SECURITY
SNORT • It is a light weight open source network – intrusion prevention – Network intrusion detection system(NIDS) • based on signature detection. • It has real time alarming capacity.
• When an attack has occurred the alert tells us: – Date and time the attack occurred. – Source and destination IP address with port number. – Type of attack – Priority
LOCATION: • The snort have to be installed in those part of the network that have to be protected. • The snort can be distributed to different parts of network infrastructure and can send alarm to one central console. • Snort network interface card(NIC) captures all network traffic that goes by its NIC.
TOOLS: • Snort Alert Monitor: – Java based console. – Will give a quick look at the Snort alert – Can be configured to send e-mail when Snort alerts to an attempted exploit on your network. • Snortalog: – It is a Perl based Snort log analyser. – Allows to develop plaint text on HTML summery reports and graph representation of top attack that has been detected by Snort Sensor
• SnortFW: – It analyses incoming Snort alerts and updates iptables firewall to block the attacker. • IDSCenter: – It is an all-in-one centralized graphical utility for managing • Snort • Alerts • Rules • Configuration files • Distributing updates • Generate reports • Email • Auditable/visual alarm notification.

Recommended

Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Roshan Ranabhat
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Akhil Kumar
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
AAKASH S
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Umesh Dhital
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 

Recommended

Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Roshan Ranabhat
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Akhil Kumar
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
AAKASH S
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Umesh Dhital
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Sweta Sharma
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Mohit Belwal
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
Avinash Kumar
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Jowin John Chemban
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
LearningwithRayYT
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Ids(final)
Ids(final)Ids(final)
Ids(final)
Not yet working. I am still studying
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
Vishwanath Badiger
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
Omar Shaya
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
shraddha_b
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
Mustafash79
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Push N Pull
Push N PullPush N Pull
Push N Pull
Christine Tay
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)
david rom
 

More Related Content

What's hot

Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Sweta Sharma
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
Omar Shaya
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 

What's hot (20)

Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Ids(final)
Ids(final)Ids(final)
Ids(final)
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 

Viewers also liked

Improving intrusion detection system by honeypot
Improving intrusion detection system by honeypotImproving intrusion detection system by honeypot
Improving intrusion detection system by honeypot
mmubashirkhan
 

Viewers also liked (20)

Push N Pull
Push N PullPush N Pull
Push N Pull
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)
 
Push & Pull
Push & PullPush & Pull
Push & Pull
 
Snort ppt
Snort pptSnort ppt
Snort ppt
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
Improving intrusion detection system by honeypot
Improving intrusion detection system by honeypotImproving intrusion detection system by honeypot
Improving intrusion detection system by honeypot
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
 
Snort
SnortSnort
Snort
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 
Industrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortIndustrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using Snort
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Key management
Key managementKey management
Key management
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
 
Hcl
HclHcl
Hcl
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection Solution
 
Wireshark
WiresharkWireshark
Wireshark
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
 

Similar to Intrusion detection system

FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
thilakrajc
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
useonlyfortech140
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
SriK49
 
Intrusion detection and prevention
Intrusion detection and preventionIntrusion detection and prevention
Intrusion detection and prevention
Nicholas Davis
 

Similar to Intrusion detection system (20)

IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
 
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptx
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
 
012
012012
012
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
IDS VS IPS.pptx
IDS VS IPS.pptxIDS VS IPS.pptx
IDS VS IPS.pptx
 
INTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEM
 
Ids vs ips
Ids vs ipsIds vs ips
Ids vs ips
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
 
Intrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemIntrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention system
 
ids.ppt
ids.pptids.ppt
ids.ppt
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptx
 
Presentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptxPresentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptx
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
ids.ppt
ids.pptids.ppt
ids.ppt
 
Intrusion detection and prevention
Intrusion detection and preventionIntrusion detection and prevention
Intrusion detection and prevention
 

Recently uploaded

1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
AldoGarca30
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
mphochane1998
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
MayuraD1
 

Recently uploaded (20)

A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
 
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
Wadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptxWadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptx
 

Intrusion detection system

  • 2. INTRUDERS • Many computer security incidents are caused -by insiders • Who could not be blocked by firewalls. • So as a next level of defense – we are using Intrusion detection system.
  • 3. INTRUSION DETECTION SYSTEM • intrusion detection system (IDS) is a device • typically another separate computer, that monitors – activity to identify malicious or suspicious events. • An IDS is a sensor
  • 4. FUNCTIONS • Monitoring users and system activity • auditing system configuration for vulnerabilities and misconfigurations • assessing the integrity of critical system and data files • recognizing known attack patterns in system activity
  • 5. • identifying abnormal activity through statistical analysis • correcting system configuration errors
  • 6. TYPES • Signature-based intrusion detection systems: – perform pattern-matching and – report situations that match a pattern corresponding to a known attack type. • Heuristic intrusion detection systems( anomaly based) build a – detection looks for behavior that is out of the ordinary.
  • 7. • Intrusion detection devices can be – network based or – host based. • network-based IDS is a – stand-alone device attached to the network to monitor traffic throughout that network • host-based IDS runs on a single workstation or client or host, to protect that one host.
  • 8. Signature-Based Intrusion Detection • The problem with signature-based detection is the signatures themselves. • An attacker will try to modify a basic attack in such a way that it will not match the known signature of that attack. • signature-based IDSs cannot detect a new attack for which a signature is not yet installed in the database
  • 9. Heuristic Intrusion Detection • heuristic intrusion detection looks for behavior that is out of the ordinary. • Inference engine perform continuous analysis of the system • Raising an alert when systems dirtiness increase the threshold. • Inference engine works in 2 ways – State based intrusion detection system. – Model based intrusion detection system.
  • 10. State based intrusion detection system: • see the system going through changes of overall state or configuration. • They try to detect when the system moves to unsafe state Model based intrusion detection system: • Map current activity into model of unacceptable activity • Raise an alarm when activity resembles the model.
  • 11. Misuse intrusion detection: • intrusion detection can work from a model of known bad activity. • All heuristic intrusion detection activity is classified in one of three categories: – good/benign, – suspicious, – unknown. • Over time, specific kinds of actions can move from one of these categories to another,
  • 12. Stealth Mode • An IDS is a network device . • Any network device is potentially vulnerable to network attacks. • To counter those problems,: • most IDSs run in stealth mode. • an IDS has two network interfaces: – one for the network being monitored – to generate alerts
  • 13. • The IDS uses the monitored interface as input only – it never sends packets out through that interface. • If the IDS needs to generate an alert, – it uses only the alarm interface on a completely separate control network
  • 14. Goals for Intrusion Detection Systems • an IDS should be – fast, – simple, – accurate, – while at the same time being complete. – It should detect all attacks with little performance penalty
  • 15. • An IDS could use some—or all—of the following design approaches: – filter on packet headers – filter on packet content – maintain connection state – use complex, multipacket signatures – use minimal number of signatures with maximum effect – filter in real time, online – hide its presence – use optimal sliding time window size to match signatures
  • 16. Responding to Alarms • Whatever the type, an intrusion detection system raises an alarm when it finds a match. • The alarm can range from something modest, such as writing a note in an audit log, to something significant, such as paging the system security administrator.
  • 17. • responses fall into three major categories: – monitor – protect – call a human • Monitoring is appropriate for an attack of initial impact. • Perhaps the real goal is to watch the intruder, • to see : – what resources are being accessed or – what attempted attacks are tried. – This approach should be invisible to the attacker.
  • 18. • Protecting can mean – increasing access controls and – even making a resource unavailable • In contrast to monitoring, protecting may be very visible to the attacker. • calling a human allows individual discrimination. • The IDS can take an initial defensive action immediately while also generating an alert to a human.
  • 19. False Results • Intrusion detection systems are not perfect. – and mistakes are their biggest problem. • 2 main false result: – false positive-by raising an alarm for something that is not really an attack – false negative- not raising an alarm for a real attack. • Too many false positives means the administrator will be less confident of the IDS's warnings. • But false negatives mean that real attacks are passing the IDS without action.
  • 20. IDS Strengths and Limitations • Strength: • IDSs detect an ever-growing number of serious problems. – And as we learn more about problems, we can add their signatures to the IDS model. – Thus, over time, IDSs continue to improve. • becoming cheaper • easier to administer.
  • 21. • Limitation: • avoiding an IDS is a first priority for successful attackers. • An IDS that is not well defended is useless. • Similar IDS have identical vulnerabilities so – there selection criteria will miss similar attack. • IDS is sensitive – Which is difficult to measure and adjust. • An IDS does not run itself. • General: • IDS ARE EXCELLENT ADDITION TO NETWORK SECURITY
  • 22. SNORT • It is a light weight open source network – intrusion prevention – Network intrusion detection system(NIDS) • based on signature detection. • It has real time alarming capacity.
  • 23. • When an attack has occurred the alert tells us: – Date and time the attack occurred. – Source and destination IP address with port number. – Type of attack – Priority
  • 24. LOCATION: • The snort have to be installed in those part of the network that have to be protected. • The snort can be distributed to different parts of network infrastructure and can send alarm to one central console. • Snort network interface card(NIC) captures all network traffic that goes by its NIC.
  • 25. TOOLS: • Snort Alert Monitor: – Java based console. – Will give a quick look at the Snort alert – Can be configured to send e-mail when Snort alerts to an attempted exploit on your network. • Snortalog: – It is a Perl based Snort log analyser. – Allows to develop plaint text on HTML summery reports and graph representation of top attack that has been detected by Snort Sensor
  • 26. • SnortFW: – It analyses incoming Snort alerts and updates iptables firewall to block the attacker. • IDSCenter: – It is an all-in-one centralized graphical utility for managing • Snort • Alerts • Rules • Configuration files • Distributing updates • Generate reports • Email • Auditable/visual alarm notification.