Intrusion Detection System

presented by, GURUMUNI M

1JV07CS013

1

AGENDAHistory.WHAT’S AN IDS?Security and RolesTypes of Violations.Types of DetectionTypes of IDS.IDS issues.Application.

History:1970s - Observation by administrators

When an account is usedWhen/how much a resource is used

Early 1980s – Usage modelsFirst proposed by Anderson (1980)Based on accounting logsLogin frequency, volume data processed, etc.Batch processing; not real time

What’s an IDS?Any set of actions that attempt to

compromise the confidentiality, integrity, or availability of a computer resource is called as ids.

Term is overloaded

Trying to detect a policy violation

4

COMPUTER SECURITY AND ROLES: Confidentiality: Transforming data such that

only authorized parties can decode it.Authentication: Proving or disproving

someone’s or something’s claimed identity.Integrity checking: Ensuring that data cannot

be modified without such modification . being detectable

Non – repudiation: Proving that a source of some data did in fact send data that he might later deny sending

5

TYPES OF VIOLATIONS:Attack

Attempts to exploit a vulnerabilityEx: denial of service, privilege escalation

IntrusionActs as another legitimate user

MisuseUser abuses privilegesOften called the “insider threat”

6

TYPES OF DETECTION:Misuse detection

Built with knowledge of “bad” behaviorsCollection of signaturesExamine event stream for signature match

Anomaly detectionBuilt with knowledge of “normal” behaviorsExamine event stream for deviations from

normal

7

SOME OF THE HACKING TOOLS:

8

Types of IDSPrimary Types:

Network IDS (NIDS)Host IDS (HIDS)

Hybrid Types:Per-Host Network IDS (PH-NIDS)Load Balanced Network IDS (LB-NIDS)Firewall IDS (FW-IDS)

9

NETWORK BASED (Advantages)Can get information quickly without any

reconfiguration of computers.

Does not affect network or data sources

Monitor and detects in real time networks attacks or misuses

Does not create system overhead

NETWORK BASED (Disavantages)Cannot scan protocols if the data is

encrypted

Hard to implement on fully switched networks

Has difficulties sustaining network with a very large bandwidth

Naïve Simulation Network

12

TestNetwork

AttackGenerator

Target Host

AttackStream NIDS

What’s HAPPENING?IN THE ABOVE FIG THERE ARE THREE

COMPUTERS1.TARGET HOST : IT IS ALSO A MAIN

COMPUTER AND CLIENT IS WORKING IN IT.

2.ATTACK GENERATOR : IT IS ALSO A CLIENT SIDE COMPUTER BUT IT IS USED BY ATTACKER.

3.NIDS : IT MEANS NAÏVE SYSTEM USING THIS SYSTEM THE HACKER TRIES TO HACK THE DATA PRESENT IN TARGET HOST.

13

IDS ISSUES: Lack of Physical Wires Bandwidth Issues Difficulty of Anomaly and Normality

Distinction Possibility of a Node Being Compromised

14

ONTOLOGY SERVERS

ONTOLOGY IS AN MEDICAL APPROACH WHICH IS IMPLEMENTED IN NETWORKS PLATFORM.

ONE OF THE APPROACH WHERE WE CAN PROVIDE

HIGH SECURITY IS BY USING ONTOLOGY SERVERS.

15

HOW IT WORKS?

WENEVER THE DATA IS PRESENT IN ONE OR TWO SERVERS,THE WORK BECOMES EASY FOR AN HACKER TO HACK THOSE DATA.

SO WAT ONTOLOGY SERVER DOES IS,IT SPLITS THE DATA PRESENT IN MAIN SERVER TO FOUR SUB SERVERS.

16

CONTD……SO WENEVER HACKER HACKS ANY SUBSERVER

HE WILL GET ONLY PARTIAL INFORMATION WHICH HE CANNOT ENCRYPT OR DECRYPT IT.

IF SUPPOSE CLIENT SENDS AN API TO SERVER TO SEND THE DATA WHICH IT SENT THEN THE MAIN SERVER WILL SEND THE API’S TO SUBSERVER GATHER THE INFORMATION AND SENDS IT BACK TO CLIENT.

17

ADVANTAGES:1.IT PROVIDES HIGH SECURITY.2.DATA LOSS IS LESS.

DIS ADVANTAGES:1.TIME TAKEN IS MORE AND COST IS HIGH.2.NEEDS MANY NUMBER OF SYSTEMS.

18

Conclusion:BY MAKING USE OF ABOVE APPROACH WE

CAN PROVIDE HIGH SECURITY TO ANY EXISTING SYSTEM.

WE CAN AVOID INTRUDERS INTRUDING THE DATA.

19

FUTURE ENHANCEMENT:There is a need for a COMPETENT analystNeed someone that can fine tune the IDS in

order to avoid false positive or false negativeMust subscribe to popular advisories and

security newsletters such as bugtraq, CERT, GIAC, SANS, and others

REFERENCES:[1] Lidong Z., Zygmunt J. H., “Securing ad hoc

networks”, IEEE Network, Vol. 13, No. 6, 1999, pp. 24-30.[2] Sundaram A., "An Introduction to Intrusion

Detection", http://www.acm.org/crossroads/xrds2-4/intrus.html[3] Arbaugh W., Shankar N., Wan Y.C.J., “Your

802.11 Wireless Network Has No Clothes”, University of Maryland, 30-Mar-2001. 

21

THANK YOU

22