SlideShare a Scribd company logo

arun.ppt

Download as PPT, PDF
D
DiyarAldusky

intrusion detection system

Technology
1 of 26
Intrusion Detection - Arun Hodigere
Intrusion and Intrusion Detection • Intrusion : Attempting to break into or misuse your system. • Intruders may be from outside the network or legitimate users of the network. • Intrusion can be a physical, system or remote intrusion.
Different ways to intrude • Buffer overflows • Unexpected combinations • Unhandled input • Race conditions
Intrusion Detection Systems (IDS) Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent.
Intrusion Detection Systems (IDS) • Different ways of classifying an IDS IDS based on – anomaly detection – signature based misuse – host based – network based
Anomaly based IDS • This IDS models the normal usage of the network as a noise characterization. • Anything distinct from the noise is assumed to be an intrusion activity. – E.g flooding a host with lots of packet. • The primary strength is its ability to recognize novel attacks.
Drawbacks of Anomaly detection IDS • Assumes that intrusions will be accompanied by manifestations that are sufficiently unusual so as to permit detection. • These generate many false alarms and hence compromise the effectiveness of the IDS.
Signature based IDS • This IDS possess an attacked description that can be matched to sensed attack manifestations. • The question of what information is relevant to an IDS depends upon what it is trying to detect. – E.g DNS, FTP etc.
Signature based IDS (contd.) • ID system is programmed to interpret a certain series of packets, or a certain piece of data contained in those packets,as an attack. For example, an IDS that watches web servers might be programmed to look for the string “phf” as an indicator of a CGI program attack. • Most signature analysis systems are based off of simple pattern matching algorithms. In most cases, the IDS simply looks for a sub string within a stream of data carried by network packets. When it finds this sub string (for example, the ``phf'' in ``GET /cgi-bin/phf?''), it identifies those network packets as vehicles of an attack.
Drawbacks of Signature based IDS • They are unable to detect novel attacks. • Suffer from false alarms • Have to programmed again for every new pattern to be detected.
Host/Applications based IDS • The host operating system or the application logs in the audit information. • These audit information includes events like the use of identification and authentication mechanisms (logins etc.) , file opens and program executions, admin activities etc. • This audit is then analyzed to detect trails of intrusion.
Drawbacks of the host based IDS • The kind of information needed to be logged in is a matter of experience. • Unselective logging of messages may greatly increase the audit and analysis burdens. • Selective logging runs the risk that attack manifestations could be missed.
Strengths of the host based IDS • Attack verification • System specific activity • Encrypted and switch environments • Monitoring key components • Near Real-Time detection and response. • No additional hardware
Stack based IDS • They are integrated closely with the TCP/IP stack, allowing packets to be watched as they traverse their way up the OSI layers. • This allows the IDS to pull the packets from the stack before the OS or the application have a chance to process the packets.
Network based IDS • This IDS looks for attack signatures in network traffic via a promiscuous interface. • A filter is usually applied to determine which traffic will be discarded or passed on to an attack recognition module. This helps to filter out known un-malicious traffic.
Strengths of Network based IDS • Cost of ownership reduced • Packet analysis • Evidence removal • Real time detection and response • Malicious intent detection • Complement and verification • Operating system independence
Commercial ID Systems • ISS – Real Secure from Internet Security Systems: – Real time IDS. – Contains both host and network based IDS. • Tripwire – File integrity assessment tool. • Bro and Snort – open source public-domain system.
Bro: Real time IDS • Network based IDS • Currently developed for six Internet applications: FTP, Finger, Portmapper, Ident, Telnet and Rlogin.
Design goals for Bro • High-speed, large volume monitoring • No packet filter drops • Real time notification • Mechanism separate from policy • Extensible • Monitor will be attacked
Structure of the Bro System Network libcap Event engine Policy Script Interpreter Packet Stream Filtered Packet Stream Event Stream Real time notification Policy script Event Control Tcpdump filter
Bro - libcap • It’s the packet capture library used by tcpdump. • Isolates Bro from details of the network link technology. • Filters the incoming packet stream from the network to extract the required packets. • E.g port finger, port ftp, tcp port 113 (Ident), port telnet, port login, port 111 (Portmapper). • Can also capture packets with the SYN, FIN, or RST Control bits set.
Bro – Event Engine • The filtered packet stream from the libcap is handed over to the Event Engine. • Performs several integrity checks to assure that the packet headers are well formed. • It looks up the connection state associated with the tuple of the two IP addresses and the two TCP or UDP port numbers. • It then dispatches the packet to a handler for the corresponding connection.
Bro – TCP Handler • For each TCP packet, the connection handler verifies that the entire TCP Header is present and validates the TCP checksum. • If successful, it then tests whether the TCP header includes any of the SYN/FIN/RST control flags and adjusts the connection’s state accordingly. • Different changes in the connection’s state generate different events.
Policy Script Interpreter • The policy script interpreter receives the events generated by the Event Engine. • It then executes scripts written in the Bro language which generates events like logging real-time notifications, recording data to disk or modifying internal state. • Adding new functionality to Bro consists of adding a new protocol analyzer to the event engine and then writing new events handlers in the interpreter.
Application Specific Processing - Finger Finger request Event Engine Generates Finger_request event Script interpreter Tests for buffer overflow, checks the user against sensitive ids, etc Event Engine Generates event controls based on the policy Finger reply
Future of IDS • To integrate the network and host based IDS for better detection. • Developing IDS schemes for detecting novel attacks rather than individual instantiations.

Recommended

Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxssuserc517ee1
 
Intrusion detection and prevention
Intrusion detection and preventionIntrusion detection and prevention
Intrusion detection and preventionNicholas Davis
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And PreventionNicholas Davis
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxSriK49
 
ids.ppt
ids.pptids.ppt
ids.pptAgostinho9
 
INTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMBhushan Gajare
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 

Recommended

Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxssuserc517ee1
 
Intrusion detection and prevention
Intrusion detection and preventionIntrusion detection and prevention
Intrusion detection and preventionNicholas Davis
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And PreventionNicholas Davis
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxSriK49
 
ids.ppt
ids.pptids.ppt
ids.pptAgostinho9
 
INTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMBhushan Gajare
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention SystemVishwanath Badiger
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptxRoyBokhiriya
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxRineri1
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS BasicsMahendra Pratap Singh
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptuseonlyfortech140
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...Zara Nawaz
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMApoorv Pandey
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
012
012012
012chatakondu karthik uday bhaskar
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfAschalewAyele2
 
L5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptxL5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptxRebeccaMunasheChimhe
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesAmy Gerrie
 
Network security
Network securityNetwork security
Network securityNandini Raj
 
Linux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxLinux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxBrenoMeister
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPSSAurabh PRajapati
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

More Related Content

Similar to arun.ppt

Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxRineri1
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptuseonlyfortech140
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...Zara Nawaz
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMApoorv Pandey
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfAschalewAyele2
 
L5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptxL5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptxRebeccaMunasheChimhe
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesAmy Gerrie
 
Network security
Network securityNetwork security
Network securityNandini Raj
 
Linux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxLinux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxBrenoMeister
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 

Similar to arun.ppt (20)

Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptx
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEM
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
012
012012
012
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdf
 
L5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptxL5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptx
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slides
 
Network security
Network securityNetwork security
Network security
 
Linux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxLinux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsx
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
 

Recently uploaded

Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Recently uploaded (20)

Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

arun.ppt

  • 2. Intrusion and Intrusion Detection • Intrusion : Attempting to break into or misuse your system. • Intruders may be from outside the network or legitimate users of the network. • Intrusion can be a physical, system or remote intrusion.
  • 3. Different ways to intrude • Buffer overflows • Unexpected combinations • Unhandled input • Race conditions
  • 4. Intrusion Detection Systems (IDS) Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent.
  • 5. Intrusion Detection Systems (IDS) • Different ways of classifying an IDS IDS based on – anomaly detection – signature based misuse – host based – network based
  • 6. Anomaly based IDS • This IDS models the normal usage of the network as a noise characterization. • Anything distinct from the noise is assumed to be an intrusion activity. – E.g flooding a host with lots of packet. • The primary strength is its ability to recognize novel attacks.
  • 7. Drawbacks of Anomaly detection IDS • Assumes that intrusions will be accompanied by manifestations that are sufficiently unusual so as to permit detection. • These generate many false alarms and hence compromise the effectiveness of the IDS.
  • 8. Signature based IDS • This IDS possess an attacked description that can be matched to sensed attack manifestations. • The question of what information is relevant to an IDS depends upon what it is trying to detect. – E.g DNS, FTP etc.
  • 9. Signature based IDS (contd.) • ID system is programmed to interpret a certain series of packets, or a certain piece of data contained in those packets,as an attack. For example, an IDS that watches web servers might be programmed to look for the string “phf” as an indicator of a CGI program attack. • Most signature analysis systems are based off of simple pattern matching algorithms. In most cases, the IDS simply looks for a sub string within a stream of data carried by network packets. When it finds this sub string (for example, the ``phf'' in ``GET /cgi-bin/phf?''), it identifies those network packets as vehicles of an attack.
  • 10. Drawbacks of Signature based IDS • They are unable to detect novel attacks. • Suffer from false alarms • Have to programmed again for every new pattern to be detected.
  • 11. Host/Applications based IDS • The host operating system or the application logs in the audit information. • These audit information includes events like the use of identification and authentication mechanisms (logins etc.) , file opens and program executions, admin activities etc. • This audit is then analyzed to detect trails of intrusion.
  • 12. Drawbacks of the host based IDS • The kind of information needed to be logged in is a matter of experience. • Unselective logging of messages may greatly increase the audit and analysis burdens. • Selective logging runs the risk that attack manifestations could be missed.
  • 13. Strengths of the host based IDS • Attack verification • System specific activity • Encrypted and switch environments • Monitoring key components • Near Real-Time detection and response. • No additional hardware
  • 14. Stack based IDS • They are integrated closely with the TCP/IP stack, allowing packets to be watched as they traverse their way up the OSI layers. • This allows the IDS to pull the packets from the stack before the OS or the application have a chance to process the packets.
  • 15. Network based IDS • This IDS looks for attack signatures in network traffic via a promiscuous interface. • A filter is usually applied to determine which traffic will be discarded or passed on to an attack recognition module. This helps to filter out known un-malicious traffic.
  • 16. Strengths of Network based IDS • Cost of ownership reduced • Packet analysis • Evidence removal • Real time detection and response • Malicious intent detection • Complement and verification • Operating system independence
  • 17. Commercial ID Systems • ISS – Real Secure from Internet Security Systems: – Real time IDS. – Contains both host and network based IDS. • Tripwire – File integrity assessment tool. • Bro and Snort – open source public-domain system.
  • 18. Bro: Real time IDS • Network based IDS • Currently developed for six Internet applications: FTP, Finger, Portmapper, Ident, Telnet and Rlogin.
  • 19. Design goals for Bro • High-speed, large volume monitoring • No packet filter drops • Real time notification • Mechanism separate from policy • Extensible • Monitor will be attacked
  • 20. Structure of the Bro System Network libcap Event engine Policy Script Interpreter Packet Stream Filtered Packet Stream Event Stream Real time notification Policy script Event Control Tcpdump filter
  • 21. Bro - libcap • It’s the packet capture library used by tcpdump. • Isolates Bro from details of the network link technology. • Filters the incoming packet stream from the network to extract the required packets. • E.g port finger, port ftp, tcp port 113 (Ident), port telnet, port login, port 111 (Portmapper). • Can also capture packets with the SYN, FIN, or RST Control bits set.
  • 22. Bro – Event Engine • The filtered packet stream from the libcap is handed over to the Event Engine. • Performs several integrity checks to assure that the packet headers are well formed. • It looks up the connection state associated with the tuple of the two IP addresses and the two TCP or UDP port numbers. • It then dispatches the packet to a handler for the corresponding connection.
  • 23. Bro – TCP Handler • For each TCP packet, the connection handler verifies that the entire TCP Header is present and validates the TCP checksum. • If successful, it then tests whether the TCP header includes any of the SYN/FIN/RST control flags and adjusts the connection’s state accordingly. • Different changes in the connection’s state generate different events.
  • 24. Policy Script Interpreter • The policy script interpreter receives the events generated by the Event Engine. • It then executes scripts written in the Bro language which generates events like logging real-time notifications, recording data to disk or modifying internal state. • Adding new functionality to Bro consists of adding a new protocol analyzer to the event engine and then writing new events handlers in the interpreter.
  • 25. Application Specific Processing - Finger Finger request Event Engine Generates Finger_request event Script interpreter Tests for buffer overflow, checks the user against sensitive ids, etc Event Engine Generates event controls based on the policy Finger reply
  • 26. Future of IDS • To integrate the network and host based IDS for better detection. • Developing IDS schemes for detecting novel attacks rather than individual instantiations.