Overview of intrusion detection system

1
Intrusion detection system
2
Overview of intrusion detection system

• What is intrusion?
• What is intrusion detection ?
• What is intrusion detection system
• Functions of IDS

3
Process models of intrusioin detection

1. Information sources
2. Analysis
3. Response

4
IDS Architecture

• Architecture collection/storage unit.
• Processing unit.
• Alarm/response units.

5
Information sources

• NIDS(network based IDs)
• HIDS(host based IDS)
• Application based IDS.

6
IDS Analysis/Techniques

• Misuse detection
• Anomaly detection
• Specification-based detection

7
Misuse detection

• Analyzes system activity
• Matches the patterns of activity of a system to
  that of an attack
• Advantages
• Disadvantages

8
Anomaly detection

• Identifies abnormal usual behavior.
• Matches the attack with normal pattern.
• Advantages
• Disadvantages

9
Specification based detection

• Combines anomaly misuse detection.
• Advantages.
• Disadvantages.

10
Tools for IDS
11
Deploying IDS

• Deployment of NIDS.
• Deployment of HIDS .

12
Deployment of NIDS

• Figure
• Location 1
• Location 2
• Location 3
• Location 4

13
Deployment of HIDS .
14
Strength of IDS

• Monitoring and analysis of system events and user
  behavior.
• Testing the security states of system
  configuration.
• Tracking any changes to the baseline of the
  security system.
• Recognizing patterns of the system events that
  corresponding to known attacks
• Recognizing patterns of normal activity.

15
Limitations

• Detecting newly published attacks
• Automatically investigating attacks without human
  interventions.
• Detecting attacks in heavily loaded networks.

16
Challenges with IDS

• Protecting IDS from attacks.
• Too many false alarms.
• Choosing grid IDS policy.

17
conclusion
18
Thank you