1 / 1

:: Problem :: Why do we need IDS evaluation? No network is 100% secure

:: Problem :: Why do we need IDS evaluation? No network is 100% secure Intrusions from inside and outside Quality of Service Rule of “Five 9’s” Detection of Intrusions is Paramount Loss of revenue and assets Focus on Denial of Service ( DoS ). :: Background ::

hamish
Download Presentation

:: Problem :: Why do we need IDS evaluation? No network is 100% secure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. :: Problem:: • Why do we need IDS evaluation? • No network is 100% secure • Intrusions from inside and outside • Quality of Service • Rule of “Five 9’s” • Detection of Intrusions is Paramount • Loss of revenue and assets • Focus on Denial of Service (DoS) :: Background :: -DARPA released the 1998, 1999, and 2000 “Standard Evaluation Corpora for Intrusion Detection Systems” -Not complete, lack new/sophisticated attacks -IDS/IPS; first line of defense against network attacks. -Cyber Sec industry needs a standard way to evaluate real world attack scenarios -Standard collection of attacks would be a start. Senior Project – Computer Science – 2014Intrusion Detection Systems: Investigation of Evaluation Corpora Jeramey NormandAdvisor – Prof. Valerie Barr and Prof James Hedrick Example of A Ping of DeathDoS :: Design and Methods :: Test Bed and Experiments Test Bed • Snort IDS-for traffic inspection • Backtrack Linux and Scapy.py for packet crafting on attack machine • Experiments • Using the DARPA data sets as a check list of attacks. Writing DoS attacks in Python using Scapy • Using Snort IDS to detect attacks from DARPA data sets • Then creating signatures for DoS attacks not contained in data sets :: Conclusions :: • DARPA data sets not tailored to an out of the box IDS evaluation approach. • Serves as a better initial check list of DoS attacks to evaluate. • Majority of time spent learning how to craft packets that simulate real attacks. • Clear that DARPA data set is missing newer attacks, and will take future work to make more complete

More Related