14 intrusion detection

Download 14 Intrusion Detection

Post on 15-Nov-2015




0 download

Embed Size (px)


14 Intrusion Detection


  • IntrusionDetectionSystem


  • Agenda :

    What is intrusion detection?

    Objectives of Intrusion Detection System

    Types of intrusion detection systems

    How it works?

    Conclusion & future work

  • What is intrusion detection?

    Detecting unwanted intrusions on a network or a device

    Intrusion detection can be installed software or device that monitors on network traffic.

    It is needed as burglar alarm system to commercial buildings.

  • Objectives of IDS

    Identifying problems with security policies.

    Documenting existing threats.

    Preventing individuals from intruding

  • Types of Intrusion Detection Systems

    Based on the scope of monitoring...

    Network Based Intrusion Detection Systems

    Host Based Intrusion Detection Systems

    IntrusionDetection Systems

  • Host-Based Intrusion Detection System

  • Host-Based Intrusion Detection System

    Its a software or device Installed on computer it detects and informs

    Through Sensors ,It analyzes and stores system calls,application logs,executable files,file-system modifcations for evidence of intrusion.

    Alerts if it encounters any intrusion.

  • Sensors :Collects the data from network packets,log files, system call traces.Forward the data to Analyzers.

    Analyzer :Analyzes whether intrusion has occured or not.Output contains evidence supporting the intrusion report.

    User interface :End user view, through this user can control and configure the system.

    Host-Based Intrusion Detection System

  • AnalyzerSensor

    User Interface


    Host-Based Intrusion Detection System

  • How HIDS works?

    Two methods

    Pattern Matching

    Statistical anomalies

  • Patten matching

    Detecting intrusion based on 'patterns'

    Analogous to : Identifying the criminal by fingerprint process.

    Process : Install software with various pre-defined patterns of attacks. IDS matches the intruder pattern with pre-defined pattens. If match found,IDS reports intrusion. Patterns in software must be kept up to date.

    Drawback: It fails to to catch the new attack to which software has no defined pattern to match

  • This is how it works....

    Intruder / Attacker

    Pre-Defined patterns

    Is Match found?


    NotifyIntrusion Detected Grant Access

    Yes No

  • Statistical Anomalies

    Generating a signature of normal behaviour for each user with sequence of commands that they type in.

    With signature of all the frequent command traces of a user types, we can compare future command traces.

    IDS notifies immediately if anomalies actions detected. Sequence of commands that user frequently type in. Ex:open directory,text editor,check mail,compile a program,

  • Future work

    Our future work would be on INTRUSION PREVENTION through following methods:

    SMS configuration when log in

    Setting Hardware address for remote login for better support to username and password scenario.

    Analysis Using Snapshots.

    Using image capturing techinique

  • Conclusion

    Data is everything..! We must protect their data. IDS is to monitoring, detecting, and responding to security threats. IDS has gone through many iterations for efficient use to protect single byte of data not to get hacked.

  • References:






  • Any Qu


  • Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18


View more >