SlideShare a Scribd company logo

Network Intrusion Detection and Countermeasure Selection

Download as PPTX, PDF
P
Pramod M Mithyantha

Intrusion Detection in Virtual Networks.

Engineering
1 of 22
Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems Under The Guidance of: SWATHI S WALI Assistant Professor Dept. of ISE, NIT & MS Presented By: PRAMOD M 8th Sem B.E Dept. of ISE, NIT & MS
Overview  Abstract  Introduction to NICE  NICE models  NICE system design  NICE attack analyzer  Counter measures  Conclusion  References
Abstract  In Cloud System attackers can explore vulnerabilities of a cloud system and compromise virtual machines.  To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multi- phase distributed vulnerability detection and countermeasure selection mechanism called NICE.  NICE is built on attack graph based analytical models and reconfigurable virtual network-based countermeasures.
Introduction User can use the cloud system resources to have his own virtual machine to run the desired application.  Attackers can exploit vulnerabilities in clouds and utilize cloud system resources to deploy attacks.  Cloud users can install vulnerable software on their VMs, which essentially contributes to loopholes in
Introduction(continued…) The challenge is to establish an effective attack detection and response system for accurately identifying attacks and minimizing the impact of security breach to cloud users.  For better attack detection, NICE incorporates attack graph analytical procedures into the intrusion detection processes.
Introduction(continued…)  NICE includes two main phases (1)Deploy network intrusion detection agent (NICE-A) on each cloud server to capture and analyze cloud traffic. NICE-A periodically scans the virtual system vulnerabilities within a cloud server to establish Scenario Attack Graph (SAGs), and then based on the severity of identified vulnerability towards the collaborative attack goals, NICE will decide whether or not to put a VM in network inspection state.
Introduction(continued…)  (2) Once a VM enters inspection state, Deep Packet Inspection(DPI) is applied, or virtual network reconfigurations can be deployed to the inspecting VM to make the potential attack behaviors prominent.
Nice Models  Nice Model is to describe how to utilize attack graphs to model security threats and vulnerabilities in a virtual networked system. (1)Threat Model  The attacker’s primary goal is to exploit vulnerable VMs and compromise them as zombies.
Nice Models(continued…) Protection model focuses on virtual- network based attack detection and reconfiguration solutions.
Nice Models(continued…) (2)Attack Graph Model  An attack graph is a modeling tool to illustrate all possible multi-stage, multi- host attack paths that are crucial to understand threats and then to decide appropriate countermeasures.  In an attack graph, each node represents either precondition or consequence of an exploit.
Nice Models(continued…)  Attack graph is helpful in identifying potential threats, possible attacks and known vulnerabilities in a cloud system. Attack graph provides whole picture of current security situation of the system where we can predict the possible threats and attacks by correlating detected events or activities.
Nice Models(continued…) (3) VM Protection Model The VM protection model of NICE consists of a VM profiler, a security indexer and a state monitor. Security index is specified by the number of vulnerabilities present and their impact scores.
Nice System Design
Nice System Design  NICE- A is a software agent running in each cloud server connected to the control center. NICE- A is a network intrusion detection engine. Intrusion detection alerts are sent to control center when suspicious traffic is detected.
After receiving an alert, attack analyzer decides what countermeasure strategies to take, and then initiates it through the network controller. The network controller is responsible for deploying attack counter measures based on decisions made by the attack analyzer.  VM profiles are maintained in a database and contain comprehensive information about vulnerabilities and alert.
Every detected vulnerability is added to its corresponding VM entry in the database. Alert involving theVM will be recorded in the VM profile database.
Attack Analyzer
 After receiving an alert from NICE-A, alert analyzer matches the alert in the ACG. If the alert already exists in the graph and it is a known attack, the attack analyzer performs countermeasure selection procedure. If the alert is new, attack analyzer will perform alert correlation and analysis. If the alert is a new vulnerability and is not present in the NICE attack graph, the attack analyzer adds it to attack graph and then reconstructs it.
Counter Measures By changing the MAC address of the virtual machine, one can prevent the vulnerabilities on the virtual machine. Creating filtering rules, will also help in preventing the attacks on the virtual machines. By changing the IP address.
Conclusion NICE is used to identify attacks in the cloud virtual networking environment. NICE utilizes the attack graph model to conduct attack detection and prediction. NICE shows that the proposed solution can significantly reduce the risk of the cloud system.
REFERENCES [1] Coud Sercurity Alliance, “Top threats to cloud computing v1.0,” https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf , March 2010. [2] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Kon- winski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A view of cloud computing,” ACM Commun., vol. 53, no. 4, pp. 50–58, Apr. 2010. [3] B. Joshi, A. Vijayan, and B. Joshi, “Securing cloud computing environment against DDoS attacks,” IEEE Int’l Conf. Computer Communication and Informatics (ICCCI ’12), Jan. 2012. [4] H. Takabi, J. B. Joshi, and G. Ahn, “Security and privacy chal- lenges in cloud computing environments,” IEEE Security & Pri- vacy, vol. 8, no. 6, pp. 24–31, Dec. 2010. [5] “Open vSwitch project,” http://openvswitch.org, May 2012. [6] Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, and J. Barker, “Detecting spam zombies by monitoring outgoing mes- sages,” IEEE Trans. Dependable and Secure Computing, vol. 9, no. 2, pp. 198–210, Apr. 2012.
Network Intrusion Detection and Countermeasure Selection

Recommended

Android application structure
Android application structureAndroid application structure
Android application structureAlexey Ustenko
 
What is Serverless Computing?
What is Serverless Computing?What is Serverless Computing?
What is Serverless Computing?AIMDek Technologies
 
Additional Relational Algebra Operations
Additional Relational Algebra OperationsAdditional Relational Algebra Operations
Additional Relational Algebra OperationsA. S. M. Shafi
 
Android Overview
Android OverviewAndroid Overview
Android OverviewRaju Kadam
 
Cloud computing using Eucalyptus
Cloud computing using EucalyptusCloud computing using Eucalyptus
Cloud computing using EucalyptusAbhishek Dey
 
Notification android
Notification androidNotification android
Notification androidksheerod shri toshniwal
 
What Is Serverless Computing
What Is Serverless ComputingWhat Is Serverless Computing
What Is Serverless ComputingCapital Numbers
 
Cloud service management
Cloud service managementCloud service management
Cloud service managementgaurav jain
 

Recommended

Android application structure
Android application structureAndroid application structure
Android application structureAlexey Ustenko
 
What is Serverless Computing?
What is Serverless Computing?What is Serverless Computing?
What is Serverless Computing?AIMDek Technologies
 
Additional Relational Algebra Operations
Additional Relational Algebra OperationsAdditional Relational Algebra Operations
Additional Relational Algebra OperationsA. S. M. Shafi
 
Android Overview
Android OverviewAndroid Overview
Android OverviewRaju Kadam
 
Cloud computing using Eucalyptus
Cloud computing using EucalyptusCloud computing using Eucalyptus
Cloud computing using EucalyptusAbhishek Dey
 
Notification android
Notification androidNotification android
Notification androidksheerod shri toshniwal
 
What Is Serverless Computing
What Is Serverless ComputingWhat Is Serverless Computing
What Is Serverless ComputingCapital Numbers
 
Cloud service management
Cloud service managementCloud service management
Cloud service managementgaurav jain
 
Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)Ravindra Dastikop
 
Cloud Infrastructure Mechanisms
Cloud Infrastructure MechanismsCloud Infrastructure Mechanisms
Cloud Infrastructure MechanismsMohammed Sajjad Ali
 
Cloud computing in iot seminar report
Cloud computing in iot seminar reportCloud computing in iot seminar report
Cloud computing in iot seminar reportSKS
 
Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)Abhishek Choksi
 
android layouts
android layoutsandroid layouts
android layoutsDeepa Rani
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud ComputingAnimesh Chaturvedi
 
Spam identification fake profile
Spam identification fake profileSpam identification fake profile
Spam identification fake profileKamoru Abiodun Balogun(Bsc,MIT,CCNA,OCA,PhD inview UPM)
 
Open source operating systems
Open source operating systemsOpen source operating systems
Open source operating systemsTushar B Kute
 
Introduction to Aneka, Aneka Model is explained
Introduction to Aneka, Aneka Model is explainedIntroduction to Aneka, Aneka Model is explained
Introduction to Aneka, Aneka Model is explainedDr Neelesh Jain
 
Hybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationHybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationSai P Mishra
 
Federated Cloud Computing - The OpenNebula Experience v1.0s
Federated Cloud Computing - The OpenNebula Experience v1.0sFederated Cloud Computing - The OpenNebula Experience v1.0s
Federated Cloud Computing - The OpenNebula Experience v1.0sIgnacio M. Llorente
 
Android activity
Android activityAndroid activity
Android activityKrazy Koder
 
Internet Security
Internet SecurityInternet Security
Internet SecurityMitesh Gupta
 
Virtualization in cloud computing
Virtualization in cloud computingVirtualization in cloud computing
Virtualization in cloud computingMohammad Ilyas Malik
 
Web application architecture
Web application architectureWeb application architecture
Web application architectureTejaswini Deshpande
 
A History of Linux
A History of LinuxA History of Linux
A History of LinuxDamian T. Gordon
 
IaaS, SaaS, PasS : Cloud Computing
IaaS, SaaS, PasS : Cloud ComputingIaaS, SaaS, PasS : Cloud Computing
IaaS, SaaS, PasS : Cloud ComputingSoftware Park Thailand
 
Cluster computing
Cluster computingCluster computing
Cluster computingVenkat Sai Sharath Mudhigonda
 
Google Cloud Platform
Google Cloud Platform Google Cloud Platform
Google Cloud Platform Francesco Marchitelli
 
Cloud Reference Model
Cloud Reference ModelCloud Reference Model
Cloud Reference ModelDr. Ramkumar Lakshminarayanan
 
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...Migrant Systems
 
Nice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureNice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureIEEEFINALYEARPROJECTS
 

More Related Content

What's hot

Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)Ravindra Dastikop
 
Cloud computing in iot seminar report
Cloud computing in iot seminar reportCloud computing in iot seminar report
Cloud computing in iot seminar reportSKS
 
Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)Abhishek Choksi
 
android layouts
android layoutsandroid layouts
android layoutsDeepa Rani
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud ComputingAnimesh Chaturvedi
 
Open source operating systems
Open source operating systemsOpen source operating systems
Open source operating systemsTushar B Kute
 
Introduction to Aneka, Aneka Model is explained
Introduction to Aneka, Aneka Model is explainedIntroduction to Aneka, Aneka Model is explained
Introduction to Aneka, Aneka Model is explainedDr Neelesh Jain
 
Hybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationHybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationSai P Mishra
 
Federated Cloud Computing - The OpenNebula Experience v1.0s
Federated Cloud Computing - The OpenNebula Experience v1.0sFederated Cloud Computing - The OpenNebula Experience v1.0s
Federated Cloud Computing - The OpenNebula Experience v1.0sIgnacio M. Llorente
 
Android activity
Android activityAndroid activity
Android activityKrazy Koder
 

What's hot (20)

Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)
 
Cloud Infrastructure Mechanisms
Cloud Infrastructure MechanismsCloud Infrastructure Mechanisms
Cloud Infrastructure Mechanisms
 
Cloud computing in iot seminar report
Cloud computing in iot seminar reportCloud computing in iot seminar report
Cloud computing in iot seminar report
 
Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)
 
android layouts
android layoutsandroid layouts
android layouts
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
 
Spam identification fake profile
Spam identification fake profileSpam identification fake profile
Spam identification fake profile
 
Open source operating systems
Open source operating systemsOpen source operating systems
Open source operating systems
 
Introduction to Aneka, Aneka Model is explained
Introduction to Aneka, Aneka Model is explainedIntroduction to Aneka, Aneka Model is explained
Introduction to Aneka, Aneka Model is explained
 
Hybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationHybrid Cloud and Its Implementation
Hybrid Cloud and Its Implementation
 
Federated Cloud Computing - The OpenNebula Experience v1.0s
Federated Cloud Computing - The OpenNebula Experience v1.0sFederated Cloud Computing - The OpenNebula Experience v1.0s
Federated Cloud Computing - The OpenNebula Experience v1.0s
 
Android activity
Android activityAndroid activity
Android activity
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Virtualization in cloud computing
Virtualization in cloud computingVirtualization in cloud computing
Virtualization in cloud computing
 
Web application architecture
Web application architectureWeb application architecture
Web application architecture
 
A History of Linux
A History of LinuxA History of Linux
A History of Linux
 
IaaS, SaaS, PasS : Cloud Computing
IaaS, SaaS, PasS : Cloud ComputingIaaS, SaaS, PasS : Cloud Computing
IaaS, SaaS, PasS : Cloud Computing
 
Cluster computing
Cluster computingCluster computing
Cluster computing
 
Google Cloud Platform
Google Cloud Platform Google Cloud Platform
Google Cloud Platform
 
Cloud Reference Model
Cloud Reference ModelCloud Reference Model
Cloud Reference Model
 

Viewers also liked

NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...Migrant Systems
 
Nice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureNice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureIEEEFINALYEARPROJECTS
 
Instruction-level countermeasure against buffer overflow attacks
Instruction-level countermeasure against buffer overflow attacksInstruction-level countermeasure against buffer overflow attacks
Instruction-level countermeasure against buffer overflow attacksFrancesco Gadaleta
 
Routage dans les réseaux de capteurs segonde partie
Routage dans les réseaux de capteurs segonde partie Routage dans les réseaux de capteurs segonde partie
Routage dans les réseaux de capteurs segonde partie Tuenkam Steve
 
IGARSS_Presentation_Rodrigo_Jose_Pisani.ppt
IGARSS_Presentation_Rodrigo_Jose_Pisani.pptIGARSS_Presentation_Rodrigo_Jose_Pisani.ppt
IGARSS_Presentation_Rodrigo_Jose_Pisani.pptgrssieee
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
airforce catching slide
airforce catching slideairforce catching slide
airforce catching slideguestd08ead
 
Insansız hava araçları
Insansız hava araçlarıInsansız hava araçları
Insansız hava araçlarıMete Cantekin
 
Scalable threat modelling with risk patterns
Scalable threat modelling with risk patternsScalable threat modelling with risk patterns
Scalable threat modelling with risk patternsStephen de Vries
 
Threat modeling with architectural risk patterns
Threat modeling with architectural risk patternsThreat modeling with architectural risk patterns
Threat modeling with architectural risk patternsStephen de Vries
 
David Hanson Resume 2016
David Hanson Resume 2016 David Hanson Resume 2016
David Hanson Resume 2016 David Hanson
 
Triumvirate Environmental OIL SPCC Planning
Triumvirate Environmental OIL SPCC PlanningTriumvirate Environmental OIL SPCC Planning
Triumvirate Environmental OIL SPCC PlanningMark Campanale
 
An adaptative framework for tracking Web–based Learning Environments
An adaptative framework for tracking Web–based Learning EnvironmentsAn adaptative framework for tracking Web–based Learning Environments
An adaptative framework for tracking Web–based Learning EnvironmentsJulien Broisin
 
Tp immunité adaptative suite
Tp immunité adaptative suiteTp immunité adaptative suite
Tp immunité adaptative suiteiedwige
 
Le « RUN » (ou la Tierce Maintenance Applicative)
Le « RUN » (ou la Tierce Maintenance Applicative)Le « RUN » (ou la Tierce Maintenance Applicative)
Le « RUN » (ou la Tierce Maintenance Applicative)ekino
 

Viewers also liked (20)

NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
 
Nice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureNice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasure
 
Instruction-level countermeasure against buffer overflow attacks
Instruction-level countermeasure against buffer overflow attacksInstruction-level countermeasure against buffer overflow attacks
Instruction-level countermeasure against buffer overflow attacks
 
Routage dans les réseaux de capteurs segonde partie
Routage dans les réseaux de capteurs segonde partie Routage dans les réseaux de capteurs segonde partie
Routage dans les réseaux de capteurs segonde partie
 
IGARSS_Presentation_Rodrigo_Jose_Pisani.ppt
IGARSS_Presentation_Rodrigo_Jose_Pisani.pptIGARSS_Presentation_Rodrigo_Jose_Pisani.ppt
IGARSS_Presentation_Rodrigo_Jose_Pisani.ppt
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Toll like receptor (TLR)
Toll like receptor (TLR)Toll like receptor (TLR)
Toll like receptor (TLR)
 
airforce catching slide
airforce catching slideairforce catching slide
airforce catching slide
 
Insansız hava araçları
Insansız hava araçlarıInsansız hava araçları
Insansız hava araçları
 
Scalable threat modelling with risk patterns
Scalable threat modelling with risk patternsScalable threat modelling with risk patterns
Scalable threat modelling with risk patterns
 
Threat modeling with architectural risk patterns
Threat modeling with architectural risk patternsThreat modeling with architectural risk patterns
Threat modeling with architectural risk patterns
 
Sukhoi su 35
Sukhoi su 35Sukhoi su 35
Sukhoi su 35
 
Copyright
CopyrightCopyright
Copyright
 
Adaptative value of marginal populations ad apta project_2014
Adaptative value of marginal populations ad apta project_2014Adaptative value of marginal populations ad apta project_2014
Adaptative value of marginal populations ad apta project_2014
 
David Hanson Resume 2016
David Hanson Resume 2016 David Hanson Resume 2016
David Hanson Resume 2016
 
Triumvirate Environmental OIL SPCC Planning
Triumvirate Environmental OIL SPCC PlanningTriumvirate Environmental OIL SPCC Planning
Triumvirate Environmental OIL SPCC Planning
 
An adaptative framework for tracking Web–based Learning Environments
An adaptative framework for tracking Web–based Learning EnvironmentsAn adaptative framework for tracking Web–based Learning Environments
An adaptative framework for tracking Web–based Learning Environments
 
Tp immunité adaptative suite
Tp immunité adaptative suiteTp immunité adaptative suite
Tp immunité adaptative suite
 
Le « RUN » (ou la Tierce Maintenance Applicative)
Le « RUN » (ou la Tierce Maintenance Applicative)Le « RUN » (ou la Tierce Maintenance Applicative)
Le « RUN » (ou la Tierce Maintenance Applicative)
 
Reversal analogies
Reversal analogiesReversal analogies
Reversal analogies
 

Similar to Network Intrusion Detection and Countermeasure Selection

Secure intrusion detection and attack measure selection
Secure intrusion detection and attack measure selectionSecure intrusion detection and attack measure selection
Secure intrusion detection and attack measure selectionUvaraj Shan
 
Secure intrusion detection and attack measure selection in virtual network sy...
Secure intrusion detection and attack measure selection in virtual network sy...Secure intrusion detection and attack measure selection in virtual network sy...
Secure intrusion detection and attack measure selection in virtual network sy...Uvaraj Shan
 
Nice network intrusion detection and countermeasure selection in virtual netw...
Nice network intrusion detection and countermeasure selection in virtual netw...Nice network intrusion detection and countermeasure selection in virtual netw...
Nice network intrusion detection and countermeasure selection in virtual netw...JPINFOTECH JAYAPRAKASH
 
JAVA 2013 IEEE NETWORKSECURITY PROJECT NICE: Network Intrusion Detection and ...
JAVA 2013 IEEE NETWORKSECURITY PROJECT NICE: Network Intrusion Detection and ...JAVA 2013 IEEE NETWORKSECURITY PROJECT NICE: Network Intrusion Detection and ...
JAVA 2013 IEEE NETWORKSECURITY PROJECT NICE: Network Intrusion Detection and ...IEEEGLOBALSOFTTECHNOLOGIES
 
Network Intrusion detection and Countermeasure sElection(NICE
Network Intrusion detection and Countermeasure sElection(NICENetwork Intrusion detection and Countermeasure sElection(NICE
Network Intrusion detection and Countermeasure sElection(NICEPranya Prabhakar
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meetingfcleary
 
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Editor IJCATR
 
A Review Of Network Security Metrics
A Review Of Network Security MetricsA Review Of Network Security Metrics
A Review Of Network Security MetricsLisa Riley
 
Classification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeClassification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeCSCJournals
 
Application of Attack Graphs in Intrusion Detection Systems: An Implementation
Application of Attack Graphs in Intrusion Detection Systems: An ImplementationApplication of Attack Graphs in Intrusion Detection Systems: An Implementation
Application of Attack Graphs in Intrusion Detection Systems: An ImplementationCSCJournals
 
An Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxAn Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxnettletondevon
 
An Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxAn Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxgalerussel59292
 
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Eswar Publications
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)theijes
 
Machine learning techniques applied to detect cyber attacks on web applications
Machine learning techniques applied to detect cyber attacks on web applicationsMachine learning techniques applied to detect cyber attacks on web applications
Machine learning techniques applied to detect cyber attacks on web applicationsVenkat Projects
 

Similar to Network Intrusion Detection and Countermeasure Selection (20)

M43057580
M43057580M43057580
M43057580
 
Secure intrusion detection and attack measure selection
Secure intrusion detection and attack measure selectionSecure intrusion detection and attack measure selection
Secure intrusion detection and attack measure selection
 
Secure intrusion detection and attack measure selection in virtual network sy...
Secure intrusion detection and attack measure selection in virtual network sy...Secure intrusion detection and attack measure selection in virtual network sy...
Secure intrusion detection and attack measure selection in virtual network sy...
 
Nice network intrusion detection and countermeasure selection in virtual netw...
Nice network intrusion detection and countermeasure selection in virtual netw...Nice network intrusion detection and countermeasure selection in virtual netw...
Nice network intrusion detection and countermeasure selection in virtual netw...
 
JAVA 2013 IEEE NETWORKSECURITY PROJECT NICE: Network Intrusion Detection and ...
JAVA 2013 IEEE NETWORKSECURITY PROJECT NICE: Network Intrusion Detection and ...JAVA 2013 IEEE NETWORKSECURITY PROJECT NICE: Network Intrusion Detection and ...
JAVA 2013 IEEE NETWORKSECURITY PROJECT NICE: Network Intrusion Detection and ...
 
Paper-1 PPT.pptx
Paper-1 PPT.pptxPaper-1 PPT.pptx
Paper-1 PPT.pptx
 
Network Intrusion detection and Countermeasure sElection(NICE
Network Intrusion detection and Countermeasure sElection(NICENetwork Intrusion detection and Countermeasure sElection(NICE
Network Intrusion detection and Countermeasure sElection(NICE
 
H1803025360
H1803025360H1803025360
H1803025360
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
 
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
 
A Review Of Network Security Metrics
A Review Of Network Security MetricsA Review Of Network Security Metrics
A Review Of Network Security Metrics
 
Classification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision TreeClassification of Malware Attacks Using Machine Learning In Decision Tree
Classification of Malware Attacks Using Machine Learning In Decision Tree
 
Vertualisation
VertualisationVertualisation
Vertualisation
 
Application of Attack Graphs in Intrusion Detection Systems: An Implementation
Application of Attack Graphs in Intrusion Detection Systems: An ImplementationApplication of Attack Graphs in Intrusion Detection Systems: An Implementation
Application of Attack Graphs in Intrusion Detection Systems: An Implementation
 
An Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxAn Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docx
 
An Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxAn Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docx
 
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
 
Machine learning techniques applied to detect cyber attacks on web applications
Machine learning techniques applied to detect cyber attacks on web applicationsMachine learning techniques applied to detect cyber attacks on web applications
Machine learning techniques applied to detect cyber attacks on web applications
 

Recently uploaded

main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction managementMariconPadriquez1
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxPurva Nikam
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 

Recently uploaded (20)

main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction management
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptx
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 

Network Intrusion Detection and Countermeasure Selection

  • 1. Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems Under The Guidance of: SWATHI S WALI Assistant Professor Dept. of ISE, NIT & MS Presented By: PRAMOD M 8th Sem B.E Dept. of ISE, NIT & MS
  • 2. Overview  Abstract  Introduction to NICE  NICE models  NICE system design  NICE attack analyzer  Counter measures  Conclusion  References
  • 3. Abstract  In Cloud System attackers can explore vulnerabilities of a cloud system and compromise virtual machines.  To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multi- phase distributed vulnerability detection and countermeasure selection mechanism called NICE.  NICE is built on attack graph based analytical models and reconfigurable virtual network-based countermeasures.
  • 4. Introduction User can use the cloud system resources to have his own virtual machine to run the desired application.  Attackers can exploit vulnerabilities in clouds and utilize cloud system resources to deploy attacks.  Cloud users can install vulnerable software on their VMs, which essentially contributes to loopholes in
  • 5. Introduction(continued…) The challenge is to establish an effective attack detection and response system for accurately identifying attacks and minimizing the impact of security breach to cloud users.  For better attack detection, NICE incorporates attack graph analytical procedures into the intrusion detection processes.
  • 6. Introduction(continued…)  NICE includes two main phases (1)Deploy network intrusion detection agent (NICE-A) on each cloud server to capture and analyze cloud traffic. NICE-A periodically scans the virtual system vulnerabilities within a cloud server to establish Scenario Attack Graph (SAGs), and then based on the severity of identified vulnerability towards the collaborative attack goals, NICE will decide whether or not to put a VM in network inspection state.
  • 7. Introduction(continued…)  (2) Once a VM enters inspection state, Deep Packet Inspection(DPI) is applied, or virtual network reconfigurations can be deployed to the inspecting VM to make the potential attack behaviors prominent.
  • 8. Nice Models  Nice Model is to describe how to utilize attack graphs to model security threats and vulnerabilities in a virtual networked system. (1)Threat Model  The attacker’s primary goal is to exploit vulnerable VMs and compromise them as zombies.
  • 9. Nice Models(continued…) Protection model focuses on virtual- network based attack detection and reconfiguration solutions.
  • 10. Nice Models(continued…) (2)Attack Graph Model  An attack graph is a modeling tool to illustrate all possible multi-stage, multi- host attack paths that are crucial to understand threats and then to decide appropriate countermeasures.  In an attack graph, each node represents either precondition or consequence of an exploit.
  • 11. Nice Models(continued…)  Attack graph is helpful in identifying potential threats, possible attacks and known vulnerabilities in a cloud system. Attack graph provides whole picture of current security situation of the system where we can predict the possible threats and attacks by correlating detected events or activities.
  • 12. Nice Models(continued…) (3) VM Protection Model The VM protection model of NICE consists of a VM profiler, a security indexer and a state monitor. Security index is specified by the number of vulnerabilities present and their impact scores.
  • 14. Nice System Design  NICE- A is a software agent running in each cloud server connected to the control center. NICE- A is a network intrusion detection engine. Intrusion detection alerts are sent to control center when suspicious traffic is detected.
  • 15. After receiving an alert, attack analyzer decides what countermeasure strategies to take, and then initiates it through the network controller. The network controller is responsible for deploying attack counter measures based on decisions made by the attack analyzer.  VM profiles are maintained in a database and contain comprehensive information about vulnerabilities and alert.
  • 16. Every detected vulnerability is added to its corresponding VM entry in the database. Alert involving theVM will be recorded in the VM profile database.
  • 18.  After receiving an alert from NICE-A, alert analyzer matches the alert in the ACG. If the alert already exists in the graph and it is a known attack, the attack analyzer performs countermeasure selection procedure. If the alert is new, attack analyzer will perform alert correlation and analysis. If the alert is a new vulnerability and is not present in the NICE attack graph, the attack analyzer adds it to attack graph and then reconstructs it.
  • 19. Counter Measures By changing the MAC address of the virtual machine, one can prevent the vulnerabilities on the virtual machine. Creating filtering rules, will also help in preventing the attacks on the virtual machines. By changing the IP address.
  • 20. Conclusion NICE is used to identify attacks in the cloud virtual networking environment. NICE utilizes the attack graph model to conduct attack detection and prediction. NICE shows that the proposed solution can significantly reduce the risk of the cloud system.
  • 21. REFERENCES [1] Coud Sercurity Alliance, “Top threats to cloud computing v1.0,” https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf , March 2010. [2] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Kon- winski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A view of cloud computing,” ACM Commun., vol. 53, no. 4, pp. 50–58, Apr. 2010. [3] B. Joshi, A. Vijayan, and B. Joshi, “Securing cloud computing environment against DDoS attacks,” IEEE Int’l Conf. Computer Communication and Informatics (ICCCI ’12), Jan. 2012. [4] H. Takabi, J. B. Joshi, and G. Ahn, “Security and privacy chal- lenges in cloud computing environments,” IEEE Security & Pri- vacy, vol. 8, no. 6, pp. 24–31, Dec. 2010. [5] “Open vSwitch project,” http://openvswitch.org, May 2012. [6] Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, and J. Barker, “Detecting spam zombies by monitoring outgoing mes- sages,” IEEE Trans. Dependable and Secure Computing, vol. 9, no. 2, pp. 198–210, Apr. 2012.