IntrusionDetectionSystem

PresentationBy:D.Shiva,S.GaganKumar

Agenda :

What is intrusion detection?

Objectives of Intrusion Detection System

Types of intrusion detection systems

How it works?

Conclusion & future work

What is intrusion detection?

Detecting unwanted intrusions on a network or a device

Intrusion detection can be installed software or device that monitors on network traffic.

It is needed as burglar alarm system to commercial buildings.

Objectives of IDS

Identifying problems with security policies.

Documenting existing threats.

Preventing individuals from intruding

Types of Intrusion Detection Systems

Based on the scope of monitoring...

Network Based Intrusion Detection Systems

Host Based Intrusion Detection Systems

IntrusionDetection Systems

Host-Based Intrusion Detection System

Host-Based Intrusion Detection System

Its a software or device Installed on computer it detects and informs

Through Sensors ,It analyzes and stores system calls,application logs,executable files,file-system modifcations for evidence of intrusion.

Alerts if it encounters any intrusion.

Sensors :Collects the data from network packets,log files, system call traces.Forward the data to Analyzers.

Analyzer :Analyzes whether intrusion has occured or not.Output contains evidence supporting the intrusion report.

User interface :End user view, through this user can control and configure the system.

Host-Based Intrusion Detection System

AnalyzerSensor

User Interface

Database

Host-Based Intrusion Detection System

How HIDS works?

Two methods

Pattern Matching

Statistical anomalies

Patten matching

Detecting intrusion based on 'patterns'

Analogous to : Identifying the criminal by fingerprint process.

Process : Install software with various pre-defined patterns of attacks. IDS matches the intruder pattern with pre-defined pattens. If match found,IDS reports intrusion. Patterns in software must be kept up to date.

Drawback: It fails to to catch the new attack to which software has no defined pattern to match

This is how it works....

Intruder / Attacker

Pre-Defined patterns

Is Match found?

IntruderPattern

NotifyIntrusion Detected Grant Access

Yes No

Statistical Anomalies

Generating a signature of normal behaviour for each user with sequence of commands that they type in.

With signature of all the frequent command traces of a user types, we can compare future command traces.

IDS notifies immediately if anomalies actions detected. Sequence of commands that user frequently type in. Ex:open directory,text editor,check mail,compile a program,

Future work

Our future work would be on INTRUSION PREVENTION through following methods:

SMS configuration when log in

Setting Hardware address for remote login for better support to username and password scenario.

Analysis Using Snapshots.

Using image capturing techinique

Conclusion

Data is everything..! We must protect their data. IDS is to monitoring, detecting, and responding to security threats. IDS has gone through many iterations for efficient use to protect single byte of data not to get hacked.

References:

www.google.co.in/Intrusion_Detection_Sys

http://en.wikipedia.org/wiki/Intrusion_detection_system

http://www.spamlaws.com/how-intrusion-detection-works.html

http://en.wikipedia.org/wiki/Hostbased_intrusion_detection_system

http://www.intrusion-detection-system-group.co.uk/

Any Qu

eries???

Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18