220 likes | 334 Views
Intrusion Detection System presented by, GURUMUNI M 1JV07CS013. AGENDA. History. WHAT’S AN IDS? Security and Roles Types of Violations.
E N D
Intrusion Detection System presented by, GURUMUNI M 1JV07CS013
AGENDA • History. • WHAT’S AN IDS? • Security and Roles • Types of Violations. • Types of Detection • Types of IDS. • IDS issues. • Application.
History: • 1970s - Observation by administrators • When an account is used • When/how much a resource is used • Early 1980s – Usage models • First proposed by Anderson (1980) • Based on accounting logs • Login frequency, volume data processed, etc. • Batch processing; not real time
What’s an IDS? • Any set of actions that attempt to compromise the confidentiality, integrity, or availability of a computer resource is called as ids. • Term is overloaded • Trying to detect a policy violation
COMPUTER SECURITY AND ROLES: • Confidentiality: Transforming data such that only authorized parties can decode it. • Authentication: Proving or disproving someone’s or something’s claimed identity. • Integrity checking: Ensuring that data cannot be modified without such modification . being detectable • Non – repudiation: Proving that a source of some data did in fact send data that he might later deny sending
TYPES OF VIOLATIONS: • Attack • Attempts to exploit a vulnerability • Ex: denial of service, privilege escalation • Intrusion • Acts as another legitimate user • Misuse • User abuses privileges • Often called the “insider threat”
TYPES OF DETECTION: • Misuse detection • Built with knowledge of “bad” behaviors • Collection of signatures • Examine event stream for signature match • Anomaly detection • Built with knowledge of “normal” behaviors • Examine event stream for deviations from normal
Types of IDS • Primary Types: • Network IDS (NIDS) • Host IDS (HIDS) • Hybrid Types: • Per-Host Network IDS (PH-NIDS) • Load Balanced Network IDS (LB-NIDS) • Firewall IDS (FW-IDS)
NETWORK BASED (Advantages) • Can get information quickly without any reconfiguration of computers. • Does not affect network or data sources • Monitor and detects in real time networks attacks or misuses • Does not create system overhead
NETWORK BASED (Disavantages) • Cannot scan protocols if the data is encrypted • Hard to implement on fully switched networks • Has difficulties sustaining network with a very large bandwidth
Target Host Attack Generator NIDS Naïve Simulation Network Test Network Attack Stream
What’s HAPPENING? • IN THE ABOVE FIG THERE ARE THREE COMPUTERS • 1.TARGET HOST : IT IS ALSO A MAIN COMPUTER AND CLIENT IS WORKING IN IT. • 2.ATTACK GENERATOR : IT IS ALSO A CLIENT SIDE COMPUTER BUT IT IS USED BY ATTACKER. • 3.NIDS : IT MEANS NAÏVE SYSTEM USING THIS SYSTEM THE HACKER TRIES TO HACK THE DATA PRESENT IN TARGET HOST.
IDS ISSUES: • Lack of Physical Wires • Bandwidth Issues • Difficulty of Anomaly and Normality Distinction • Possibility of a Node Being Compromised
ONTOLOGY SERVERS ONTOLOGY IS AN MEDICAL APPROACH WHICH IS IMPLEMENTED IN NETWORKS PLATFORM. ONE OF THE APPROACH WHERE WE CAN PROVIDE HIGH SECURITY IS BY USING ONTOLOGY SERVERS.
HOW IT WORKS? • WENEVER THE DATA IS PRESENT IN ONE OR TWO SERVERS,THE WORK BECOMES EASY FOR AN HACKER TO HACK THOSE DATA. SO WAT ONTOLOGY SERVER DOES IS,IT SPLITS THE DATA PRESENT IN MAIN SERVER TO FOUR SUB SERVERS.
CONTD…… • SO WENEVER HACKER HACKS ANY SUBSERVER HE WILL GET ONLY PARTIAL INFORMATION WHICH HE CANNOT ENCRYPT OR DECRYPT IT. • IF SUPPOSE CLIENT SENDS AN API TO SERVER TO SEND THE DATA WHICH IT SENT THEN THE MAIN SERVER WILL SEND THE API’S TO SUBSERVER GATHER THE INFORMATION AND SENDS IT BACK TO CLIENT.
ADVANTAGES: 1.IT PROVIDES HIGH SECURITY. 2.DATA LOSS IS LESS. DIS ADVANTAGES: 1.TIME TAKEN IS MORE AND COST IS HIGH. 2.NEEDS MANY NUMBER OF SYSTEMS.
Conclusion: • BY MAKING USE OF ABOVE APPROACH WE CAN PROVIDE HIGH SECURITY TO ANY EXISTING SYSTEM. • WE CAN AVOID INTRUDERS INTRUDING THE DATA.
FUTURE ENHANCEMENT: • There is a need for a COMPETENT analyst • Need someone that can fine tune the IDS in order to avoid false positive or false negative • Must subscribe to popular advisories and security newsletters such as bugtraq, CERT, GIAC, SANS, and others
REFERENCES: • [1] Lidong Z., Zygmunt J. H., “Securing ad hoc networks”, IEEE Network, Vol. 13, No. 6, 1999, pp. 24-30. • [2] Sundaram A., "An Introduction to Intrusion Detection", http://www.acm.org/crossroads/xrds2-4/intrus.html • [3] Arbaugh W., Shankar N., Wan Y.C.J., “Your 802.11 Wireless Network Has No Clothes”, University of Maryland, 30-Mar-2001.