Introduction to Intrusion Detection System IDS - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Introduction to Intrusion Detection System IDS

Description:

... intrusion is somebody ('hacker' or 'cracker') attempting to break into or misuse ... HIDS can protect critical network devices storing sensitive and ... – PowerPoint PPT presentation

Number of Views:106
Avg rating:3.0/5.0
Slides: 13
Provided by: ydo
Category:

less

Transcript and Presenter's Notes

Title: Introduction to Intrusion Detection System IDS


1
Introduction to Intrusion Detection System (IDS)
  • Yuhong Dong
  • ydong_at_cse.fau.edu

2
Contents
  • Introduction
  • Intrusion Detection Categories
  • - Host-based IDS
  • - Network Based IDS
  • Intrusion Detection Technique
  • - Anomaly vs. Misuse Detection
  • - Others
  • Example of IDS

3
Introduction to IDS
  • What is intrusion?
  • An intrusion is somebody (hacker or
    cracker) attempting to break into or misuse
    your system. ( such as reading your email.)
  • What is Intrusion Detection System?
  • IDS is a system for detecting such intrusions.

4
IDS Categories HIDS vs. NIDS
  • Host-based IDS (HIDS)
  • HIDS can protect critical network devices storing
    sensitive and security information.
  • Intrusions are detected by analyzing operating
    system and application audit trails.
  • Network-based IDS (NIDS)
  • NIDS monitors activities within a network
    connections and sessions, and performs the
    analysis on the network traffic.

5
The properties of HIDS
  • Dont need to add additional hardware
  • Closely real time detection and response
  • Operating System-Dependent

6
The properies of NIDS
  • Less cost
  • Real time detection and response to attacks
  • Can detect unsuccessful attack attempts
  • Operating System-independent
  • It is very difficult that attackers displace
    their evidence

7
Intrusion Detection Techniques
  • Anomaly Intrusion Detection
  • Anomaly intrusion detection tries to determine
    whether deviation from the established normal
    usage patterns can be flagged as intrusions.
  • Misuse Intrusion Detection
  • Misuse intrusion detection uses patterns of
    known attacks or week spots of the system to
    match and identify attacks.

8
Anomaly Intrusion Detection
  • Advantage
  • The operator needs not to configure the system.
    It automatically learns the behavior of a large
    number of subjects.
  • It has the possibility of catching novel
    intrusions, as well as variations of known
    intrusions.
  • Disadvantage
  • It only flags unusual behavior, not necessarily
    bad behavior
  • The system can be trained by intruders to accept
    the intruders behavior, --very dangerously!
  • It is very hard to update and correcting the
    current behaviors.

9
Misuse Intrusion Detection
  • Advantage
  • - Good against known attacks
  • - False alarms can be kept low
  • - Normally less computationally
  • Disadvantage
  • - Very susceptible to novel or unusual attacks
  • - Writing the rules can be very tedious
  • - If the rules become known to an attacker,
    they can be avoided

10
Open Issue
  • System Effectiveness
  • -Detecting a wider range of attacks with fewer
    false positives.
  • Performance
  • -Keep up with the input-event stream
  • generated by high-speed networks.
  • (Gigabit Ethernet )
  • Network-Wide Analysis
  • Placing sensors at critical network locations
    let administrators detect attacks against the
    network as a whole.

11
Example of IDS
  • Snort 2.x
  • RealSecurity

12
Reference
  • Intrusion Detection A Brief History and
    Overview. Richard A. Kemmerer and Giovanni Vegan.
    Reliable Software Group, Computer Science
    Department, University of California Santa
    Barbara
  • Useful link
  • Snort 2.x
Write a Comment
User Comments (0)
About PowerShow.com