It is related to alerts which ids gives like false posi

1. Presented By: Guided By:
Aakash Khandelwal Prof Bansode.N.S
Dilip Jangam
Sachin Rupnawar
Sinhagad Institute Of Technology 3/8/2013 1

2.  Introduction
 Need of IDS
 Types of IDS
 Literature Survey
 Proposed System
 Framework
 Applications
 Advantages & Limitations
 Conclusion
 References
Sinhagad Institute Of Technology 3/8/2013 2

3.  Intruder
 Intrusion Detection System(IDS)[5]
 IDS Alerts[1]
 False alarm[1]
 Rule Classes[1]
Sinhagad Institute Of Technology 3/8/2013 3

4.  Denial of service[1]
 Threat to Confidentiality[1]
 Modification of contents[1]
 Masquerade[1]
 IDS and Firewalls
Sinhagad Institute Of Technology 3/8/2013 4

5.  Host Based IDS[1][3]
 Network Based IDS[1][6]
Sinhagad Institute Of Technology 3/8/2013 5

6.  Genetic Algorithms[2]
 NeuralNetwork[1]
 Data Mining Approaches[1]
 Drawbacks Of Existing System[1]
Sinhagad Institute Of Technology 3/8/2013 6

7.  Detection of ‘False Intrusion Alerts’ 3 Stages
-Alert preprocessing phase
-Model constructing Phase
-Rule Defining Phase
 Removal of resource usage problem
Sinhagad Institute Of Technology 3/8/2013 7

8. Fig 1:Decision Support System Architecture[1]
Sinhagad Institute Of Technology 3/8/2013 8

9. Fig 2:Decision Support System in Experiment[1]
Sinhagad Institute Of Technology 3/8/2013 9

10.  Defence
 Banking
 Database
 Antivirus
Sinhagad Institute Of Technology 3/8/2013 10

11.  Detect attack that cannot be seen by NIDS
 Can operate in an environment in which network
traffic is encrypted
 Removes Resource Usage Problem
Sinhagad Institute Of Technology 3/8/2013 11

12.  Since at least the information sources reside on the host
targeted by attacks, the IDS may be attacked and
disabled as port of the attack
 Since they use the computing resources of the hosts they
are monitoring, therefore inflicting a performance cost
on the monitored systems
Sinhagad Institute Of Technology 3/8/2013 12

13.  The alert classication model is useful for experts to
discover suspicious or intrusion patterns quickly and
precisely, and lightens the load of on-line alert
analysis for experts.
Sinhagad Institute Of Technology 3/8/2013 13

14. [1] Yan Zhang; Shuguang Huang; Yongyi Wang; , "IDS Alert Classification Model
Construction Using Decision Support Techniques," Computer Science and
Electronics Engineering (ICCSEE), 2012 International Conference on , vol.1, no.,
pp.301-305, 23-25 March 2012
[2] Owais, S.; Snasel, V.; Kromer, P.; Abraham, A.; , "Survey: Using Genetic Algorithm
Approach in Intrusion Detection Systems Techniques," Computer Information
Systems and Industrial Management Applications, 2008. CISIM '08. 7th , vol., no.,
pp.300-307, 26-28 June 2008
[3] Lin Ying; Zhang Yan; Ou Yang-jia; , "The Design and Implementation of Host-
Based Intrusion Detection System," Intelligent Information Technology and Security
Informatics (IITSI), 2010 Third International Symposium on , vol., no., pp.595-598,
2-4 April 2010
[4] William Stallings, “Cryptography and Network Security”, Principles and Practices,
Third
Edition.
[5] D. E. Denning, "An intrusion-detection model". IEEE Transactions on Software
Engineering, Vol. SE-13(No. 2):222-232, Feb. 1987.
[6] Stephen Northcutt, Judy Novak, “Network Intrusion Detection”, Third Edition,
Pearson
Education 2003.
Sinhagad Institute Of Technology 3/8/2013 14

15. Thank You!!!!!
Sinhagad Institute Of Technology 3/8/2013 15