Intrusion detection system

Intrusion Detection System By : Gaurav Koriya

Content Introduction What is Intrusion What is IDS (i) Functions (ii)Principles (iii) Components (iv)Types 4. Conclusion

INTRODUCTION THREAT TO NETWORK SECURITY A significant security problem for networked system is, or at least unwanted, trespass by users or software. ,[object Object]

Software trespass can take form of a virus, worm or Trojan horse.,[object Object]

Types of Intruders In an early study of intrusion, Anderson identified three classes of intruders: ,[object Object]

Misfeasor: A legitimate user who accesses data, programs or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges.

Clandestine user: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit actions. ,[object Object]

Intrusion Detection System (IDS) Analysis Engine Response Module Knowledge Base Alert Database Event Provider Other machines

Intrusion Detection Systems (IDS) ,[object Object]

IDS is a system designed to test/analyze network system traffic/events against a given set of parameters and alert/capture data when these thresholds are met.

IDS uses collected information and predefined knowledge-based system to reason about the possibility of an intrusion.

IDS also provides services to cop with intrusion such as giving alarms, activating programs to try to deal with intrusion, etc.,[object Object]

An IDS does not usually take preventive measures when an attack is detected.

It is a reactive rather than a pro-active agent.

It plays a role of informant rather than a police officer.,[object Object]

The IDS must stay active and secure

The IDS must be able to recognize unusual activity

The IDS must operate without unduly affecting the system’s activity

The IDS must be configurable,[object Object]

Components of IDS Basically there are three components or modules in an Intrusion detection System:- ,[object Object]

Console: Responsible for analyzing packets captured by Sensor class.

It is the class responsible for displaying GUI and generating alerts.,[object Object]

A protocol based intrusion detection system (PIDS) consists of a system or agent that would typically sit at the front end of a server, monitoring and analyzing the communication protocol between a connected device (a user/PC or system) and the server. ,[object Object]

A host-based intrusion detection system (HIDS) consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC.,[object Object]

A reactive IDS will not only detect suspicious or malicious traffic and alert the administrator, but will take pre-defined proactive actions to respond to the threat. Typically this means blocking any further network traffic from the source IP address or user.,[object Object]

Statistical anomaly based IDS ,[object Object],[object Object]

Profile based anomaly detection. ,[object Object]

Profile-based anomaly detection focuses on characterizing the past behavior of individuals users or related groups of users and then detecting significant deviations,[object Object]

Intrusion Detection Architectures ,[object Object]

Intrusion detection system

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Intrusion detection system

Similar to Intrusion detection system (20)

More from gaurav koriya

More from gaurav koriya (8)

Recently uploaded

Recently uploaded (20)

Intrusion detection system