Published on

Published in: Technology
  • Be the first to comment


  1. 1. Intrusion Detection System Presentation By: D.Shiva, S.Gagan Kumar
  2. 2. Agenda : ➔ What is intrusion detection? ➔ Objectives of Intrusion Detection System ➔ Types of intrusion detection systems ➔ How it works? ➔ Conclusion & future work
  3. 3. What is intrusion detection? ✔ Detecting unwanted intrusions on a network or a device ✔ Intrusion detection can be installed software or device that monitors on network traffic. ✔ It is needed as burglar alarm system to commercial buildings.
  4. 4. Objectives of IDS ➔ Identifying problems with security policies. ➔ Documenting existing threats. ➔ Preventing individuals from intruding
  5. 5. Types of Intrusion Detection Systems Based on the scope of monitoring... Network Based Intrusion Detection Systems Host Based Intrusion Detection Systems Intrusion Detection Systems
  6. 6. Host-Based Intrusion Detection System
  7. 7. Host-Based Intrusion Detection System ✔ Its a software or device Installed on computer it detects and informs ✔ Through Sensors ,It analyzes and stores system calls,application logs,executable files,file-system modifcations for evidence of intrusion. ✔ Alerts if it encounters any intrusion.
  8. 8. Sensors : Collects the data from network packets,log files, system call traces. Forward the data to Analyzers. Analyzer : Analyzes whether intrusion has occured or not. Output contains evidence supporting the intrusion report. User interface : End user view, through this user can control and configure the system. Host-Based Intrusion Detection System
  9. 9. Analyzer Sensor User Interface Database Host-Based Intrusion Detection System
  10. 10. How HIDS works? Two methods ✔ Pattern Matching ✔ Statistical anomalies
  11. 11. Patten matching Detecting intrusion based on 'patterns' Analogous to : Identifying the criminal by fingerprint process. Process : ✔ Install software with various pre-defined patterns of attacks. ✔ IDS matches the intruder pattern with pre-defined pattens. ✔ If match found,IDS reports intrusion. ✔ Patterns in software must be kept up to date. Drawback: ● It fails to to catch the new attack to which software has no defined pattern to match
  12. 12. This is how it works.... Intruder / Attacker Pre-Defined patterns Is Match found? Intruder Pattern Notify Intrusion Detected Grant Access Yes No
  13. 13. Statistical Anomalies ✔ Generating a signature of normal behaviour for each user with sequence of commands that they type in. ✔ With signature of all the frequent command traces of a user types, we can compare future command traces. ✔ IDS notifies immediately if anomalies actions detected. ✔ Sequence of commands that user frequently type in. ✔ Ex:open directory,text editor,check mail,compile a program,
  14. 14. Future work Our future work would be on INTRUSION PREVENTION through following methods: ➔ SMS configuration when log in ➔ Setting Hardware address for remote login for better support to username and password scenario. ➔ Analysis Using Snapshots. ➔Using image capturing techinique
  15. 15. Conclusion ✔ Data is everything..! ✔ We must protect their data. ✔ IDS is to monitoring, detecting, and responding to security threats. ✔ IDS has gone through many iterations for efficient use to protect single byte of data not to get hacked.
  16. 16. References: ➔ ➔ ➔ ➔ ➔
  17. 17. Any Queries???