SlideShare a Scribd company logo

(Group 2) intrusion detection system.pptx

Download as PPTX, PDF
A
AceAtigaVallo

An intrusion detection system (IDS) operates through a systematic process of monitoring network and system activities, collecting data from various sources, analyzing the data to recognize patterns and detect anomalies, generating alerts when potential threats are identified, and responding to incidents. The core components of an IDS include sensors that monitor for suspicious activity, an analysis engine that examines alerts for actual threats using techniques like signature-based detection, and a central console to manage the system.

Software
1 of 45
Components of an Intrusion Detection System
Sensors Sensors monitor network traffic, system logs, and other data sources for suspicious activity. They are the first component of an IDS. These sensors can either be host- or network-based. They provide alerts when potential breaches are detected.
Analysis Engine After the sensors generate alerts, the IDS’s analysis engine examines them to determine whether they reflect actual threats. To identify potential threats, this component uses various techniques like signature-based detection, anomaly detection, and behavioral analysis.
Central Console After the sensors generate alerts, the IDS’s analysis engine examines them to determine whether they reflect actual threats. To identify potential threats, this component uses various techniques like signature-based detection, anomaly detection, and behavioral analysis.
Response Mechanism Finally, an IDS should provide a reaction mechanism for dealing with discovered threats to mitigate the effects of the intrusion. This can include restricting traffic, quarantining affected systems, or triggering automated actions.
The Intrusion Detection System (IDS) operates through a systematic process designed to identify and respond to potential security threats. Monitoring - where the system continuously observes network and system activities, including data packets, system logs, and user behaviors. This ongoing surveillance establishes the foundation for the subsequent steps. Data collection - from diverse sources, such as network devices and servers. This collected data forms the basis for understanding normal behavior patterns, encompassing typical traffic and system activities. With this baseline established, the system moves into the pattern recognition phase. Pattern recognition - the IDS analyzes the collected data using either predefined signatures for known threats (signature- based IDS) or statistical models to detect anomalies (anomaly-based IDS). This step involves comparing current activities against the established baseline or known attack signatures. Upon detecting a deviation or a match, the IDS generates alerts to notify administrators or the security team. Alerts - are then prioritized based on severity, allowing for a focused response. The IDS notifies administrators through various channels, such as email, SMS, or a centralized management console. Upon receiving alerts, security personnel review the information and initiate an appropriate incident response. Response - are actions that may include isolating affected systems, blocking malicious traffic, or implementing additional security measures.
Technologies of Intrusion Detection System 1 . Signature-based detection is a fundamental technology used in Intrusion Detection Systems (IDS) to identify known security threats. It relies on a database of predefined signatures or patterns associated with known malicious activities. These signatures represent characteristics unique to specific types of attacks, such as viruses, worms, or other forms of malware.
Functionality 1. Signature Database: The IDS maintains a database of signatures, each representing a specific threat or attack pattern. 2. Pattern Matching: During monitoring, the IDS compares current network or system activity against the stored signatures. 3. Identification: If there is a match between the observed activity and a signature, the IDS identifies and classifies the event as a known security threat.
Pros and Cons Pros 1. Effectiveness: Signature-based detection is highly effective at identifying and blocking known threats. 2. Low False Positives: It tends to produce fewer false positives because it specifically targets recognized attack patterns. Cons 1. Limited to Known Threats: The main limitation is its reliance on a database of known signatures, making it less effective against new or modified threats. 2. Inability to Detect Unknown Threats: Signature-based detection may not catch novel attacks that do not match any existing signatures.
Technologies of Intrusion Detection System 2. Anomaly-based detection is a technology used in Intrusion Detection System (IDS) to identify potential security threats by detecting deviations from normal or expected behavior. Anomaly-based detection focuses on establishing a baseline of normal system or network behavior. It then identifies activities that deviate significantly from this baseline, considering them as potential security threats.
Functionality 1. Baseline Establishment: During an initial learning phase, the IDS observes and analyzes normal patterns of network traffic, system calls, or user behavior to create a baseline of what is considered typical. 2. Continuous Monitoring: After the baseline is established, the IDS continuously monitors activities, comparing ongoing behavior against the baseline. 3. Anomaly Identification: Any deviations or unusual patterns that fall outside the established baseline are flagged as anomalies. 4. Alert Generation: Detected anomalies trigger alerts or alarms to notify administrators of potential security threats.
Pros and Cons Pros 1. Adaptability: Anomaly-based detection can adapt to new and evolving threats without relying on predefined signatures. 2. Detection of Unknown Threats: Capable of identifying novel or previously unseen attacks by recognizing abnormal behavior. 3. Contextual Analysis: Provides a more context-aware approach by considering deviations within the specific environment. Cons 1. False Positives: May generate false positives, as normal behavior can vary and may be influenced by factors such as system updates or user changes. 2. Complexity: Requires continuous tuning and adjustment to reduce false positives and negatives. 3. Learning Period: Initially, the system needs a learning period to establish an accurate baseline.
Technologies of Intrusion Detection System 3. Heuristic-based detection is a technology employed in Intrusion Detection Systems (IDS) to identify potential security threats by using rules and algorithms to detect patterns indicative of suspicious behavior. Heuristic-based detection involves the application of rules or heuristics—general principles or guidelines—to identify behaviors that may indicate an intrusion or security threat. Unlike signature-based detection that relies on known patterns, heuristics allow for a more flexible approach to identifying potentially malicious activities.
Functionality 1.Rule-Based Analysis: Heuristic-based detection uses predefined rules or heuristics to analyze network traffic, system logs, or user behavior. 2. Behavioral Patterns: The rules are designed to identify patterns that may suggest malicious activity, even if specific signatures are not known. 3. Identification of Suspicious Behavior: When the observed behavior matches predefined heuristics, the IDS raises alerts, signaling potential security threats. 4. Adaptive Rules: Some heuristic-based systems may adapt over time, allowing for the refinement of rules based on new information and evolving threat landscapes.
Pros and Cons Pros 1. Flexibility: Heuristic-based detection is more flexible than signature-based approaches and can potentially detect unknown threats. 2. Behavioral Analysis: Allows for the analysis of behavior rather than relying on specific signatures, making it adaptable to novel attack methods. Cons 1. False Positives: May produce false positives if the heuristics are not finely tuned, as normal behavior can vary. 2. Dependence on Rule Quality: Effectiveness depends on the quality and accuracy of the predefined rules and heuristics. 3. Resource Intensive: Creating and maintaining effective heuristics may require significant computational resources.
Technologies of Intrusion Detection System 4. Behavioral analysis is a technology used in Intrusion Detection Systems (IDS) to identify potential security threats by monitoring and analyzing patterns of behavior over time. Unlike signature-based detection that relies on known attack patterns or heuristic-based detection with predefined rules, behavioral analysis focuses on understanding normal behaviors and detecting anomalies that may indicate a security breach. Behavioral analysis involves the continuous monitoring and analysis of user, system, or network behavior to establish a baseline of normal activities. Deviations from this baseline, such as unusual patterns or anomalies, can be indicative of a security threat.
Functionality 1.Baseline Establishment: The IDS observes and analyzes normal behavior patterns during an initial learning phase to establish a baseline. 2. Continuous Monitoring: Ongoing monitoring of activities, including user interactions, network traffic, and system operations. 3. Anomaly Detection: Behavioral analysis identifies deviations or anomalies from the established baseline that may indicate suspicious or malicious behavior. 4. Alert Generation: When anomalies are detected, the IDS generates alerts or alarms to notify administrators of potential security threats.
Pros and Cons Pros 1. Adaptability: Behavioral analysis can adapt to changes in the environment and detect novel or evolving threats. 2. Contextual Understanding: Provides a more contextual understanding of normal behavior, allowing for a nuanced approach to anomaly detection. Cons 1. False Positives: Like other anomaly- based approaches, behavioral analysis may produce false positives, as normal behavior can vary. 2. Learning Period: Initial learning phases are required to establish an accurate baseline, and during this time, some anomalies may not be detected.
Technologies of Intrusion Detection System 5. Network-Based Intrusion Detection System (NIDS) is a technology that monitors and analyzes network traffic to detect and respond to potential security threats. Network-Based IDS focuses on the observation of network packets and the analysis of communication flows to identify suspicious activities, intrusions, or security policy violations within a network.
Functionality 1. Packet Inspection: NIDS examines network packets, analyzing their content and headers to understand the nature of the communication. 2. Traffic Monitoring: Constantly monitors network traffic, looking for patterns that may indicate malicious activities or deviations from normal behavior. 3. Signature Matching: Utilizes predefined signatures or patterns to identify known threats within the network traffic. 4. Anomaly Detection: Applies anomaly-based detection to identify deviations from established baselines or normal network behavior. 5. Protocol Analysis: Understands and analyzes various network protocols to identify irregularities or misuse. 6. Alert Generation: When a potential threat is detected, the NIDS generates alerts or alarms, providing details about the nature of the threat and its source.
Pros and Cons Pros 1. Visibility: Provides comprehensive visibility into network activities and potential threats. 2. Real-Time Monitoring: Operates in real-time, allowing for immediate detection and response to security incidents. 3. Centralized Monitoring: Can be deployed at strategic points within the network to centrally monitor traffic. Cons 1. Encrypted Traffic Challenges: May face challenges in inspecting encrypted traffic, limiting its ability to detect threats within encrypted communications. 2. False Positives: Like any detection system, NIDS may generate false positives, especially if not properly tuned or configured.
Technologies of Intrusion Detection System 6.Signature-free detection, also known as signatureless detection or behavior-based detection, is an approach in cybersecurity that focuses on identifying and responding to security threats without relying on predefined signatures or known patterns. This method is particularly valuable for detecting novel or evolving threats that may not have established signatures. Signature-free detection relies on analyzing behaviors, anomalies, or deviations from normal patterns rather than matching against known attack signatures. It leverages advanced techniques, often involving machine learning, artificial intelligence, or heuristic algorithms, to detect and respond to previously unseen threats.
Functionality 1. Behavioral Analysis: Signature-free detection employs behavioral analysis to establish a baseline of normal activities and identify deviations that may indicate malicious behavior. 2. Machine Learning: Utilizes machine learning algorithms to analyze large datasets, learning from historical data to identify patterns and anomalies. 3. Heuristic Algorithms: Applies heuristic algorithms that use rules and guidelines to identify potentially malicious behaviors based on their characteristics. 4. Anomaly Detection: Focuses on detecting anomalies or irregularities within network traffic, system logs, or user behavior. 5. Dynamic Adaptation: Adapts and evolves over time as it learns from new data and emerging threats.
Pros and Cons Pros 1. Adaptability: Can detect unknown or zero-day threats that lack known signatures. 2. Advanced Threat Detection: Effective against sophisticated, polymorphic, or rapidly evolving threats. 3. Reduced Dependency on Updates: Less reliant on frequent signature updates compared to traditional signature-based approaches. Cons 1. False Positives: Like any anomaly- based approach, signature-free detection may generate false positives if not properly tuned or if normal behavior varies. 2. Complexity: Implementation and fine- tuning of machine learning models or heuristic algorithms can be complex and resource-intensive.
Technologies of Intrusion Detection System 7. Wireless Intrusion Detection System (WIDS) is a technology designed to monitor and secure wireless networks by detecting and responding to potential security threats. Wireless networks present unique security challenges, and a WIDS is specifically designed to address these challenges by monitoring and analyzing activities within the wireless spectrum.
Functionality 1. Wireless Traffic Monitoring: WIDS continuously monitors the wireless spectrum, including Wi-Fi channels, to observe network traffic and detect potential security issues. 2. Packet Analysis: Analyzes wireless packets to identify anomalies, unauthorized devices, or malicious activities. 3. Rogue AP Detection: Identifies unauthorized or rogue access points that may pose security risks to the network. 4. Intrusion Signature Detection: Utilizes predefined signatures or patterns to detect known wireless threats, such as specific attack types targeting Wi-Fi protocols. 5. Anomaly Detection: Applies anomaly-based detection to identify deviations from normal wireless behavior, helping detect unknown or evolving threats. 6. Authentication and Encryption Monitoring: Monitors authentication and encryption mechanisms to ensure the security of wireless communications. 7. Location Tracking: Some advanced WIDS systems incorporate location-tracking capabilities to pinpoint the physical location of detected threats.
Pros and Cons Pros 1. Visibility into Wireless Spectrum: Provides visibility into wireless network activities, helping identify and respond to potential threats. 2. Rogue Device Detection: Effectively identifies unauthorized devices or access points within the wireless network. 3. Comprehensive Security: Addresses security challenges specific to wireless environments, such as eavesdropping and unauthorized access. Cons 1. False Positives: Like any intrusion detection system, WIDS may generate false positives, especially if not properly configured or if normal wireless behavior varies. 2. Encryption Challenges: Detecting threats within encrypted wireless traffic can be challenging.
Technologies of Intrusion Detection System 8. Network Behavior Analysis (NBA) is a security technology that focuses on monitoring and analyzing patterns of behavior within a network to identify anomalies, potential security threats, or abnormal activities. Network Behavior Analysis involves the continuous observation and analysis of network traffic, system logs, and user activities to establish a baseline of normal behavior. Deviations from this baseline are flagged as potential security concerns.
Functionality 1. Baseline Establishment: NBA starts with a learning phase to establish a baseline of normal behavior within the network. This includes understanding typical traffic patterns, application usage, and user behavior. 2. Continuous Monitoring: Ongoing monitoring of network activities, including the analysis of data packets, system logs, and user interactions. 3. Anomaly Detection: Identifies deviations or anomalies from the established baseline, such as unusual traffic patterns, irregular user access, or unexpected system behavior. 4. Alert Generation: When potential security threats or anomalies are detected, the system generates alerts or alarms to notify administrators. 5. Correlation Analysis: Some advanced NBA systems perform correlation analysis, connecting seemingly unrelated events to identify more complex security threats. 6. Forensic Analysis: Provides tools for detailed forensic analysis of network events, aiding in post-incident investigations.
Pros and Cons Pros 1. Adaptability: Can adapt to evolving threats and changes in network behavior over time. 2. Detection of Advanced Threats: Effective in identifying subtle or advanced threats that may not be apparent through other detection methods. 3. Contextual Understanding: Provides a more contextual understanding of network activities, allowing for a nuanced approach to anomaly detection. Cons 1.False Positives: Like any anomaly- based approach, NBA may generate false positives, especially during the initial learning phase or if normal behavior patterns vary. 2.Resource Intensive: Performing continuous analysis and maintaining baselines can be resource-intensive.
Technologies of Intrusion Detection System 9. Protocol-based detection is a method used in network security to identify and respond to potential security threats by examining the characteristics and behaviors of network protocols. This approach involves analyzing network traffic to detect deviations from expected protocol behaviors, identifying anomalies, and potentially flagging malicious activities. Protocol-based detection focuses on understanding and monitoring the expected behavior of various network protocols, such as TCP/IP, UDP, HTTP, DNS, and others. It involves analyzing the traffic patterns, headers, and content associated with these protocols to identify abnormal or potentially malicious activities.
Functionality 1. Protocol Analysis: Examines the headers and content of network packets to understand the structure and behavior of different protocols. 2. Traffic Pattern Monitoring: Monitors network traffic patterns associated with specific protocols to establish normal behavior. 3. Anomaly Detection: Identifies deviations or anomalies from the expected behavior of protocols, such as unusual packet structures or non-compliant communication patterns. 4. Alert Generation: Generates alerts or alarms when potential protocol violations or abnormalities are detected, signaling potential security threats.
Pros and Cons Pros 1. Focused Analysis: Allows for focused analysis on specific protocols, providing targeted detection for known vulnerabilities or attack patterns. 2. Early Detection: Can enable early detection of protocol-specific attacks or exploits before they can cause significant damage. 3. Granular Understanding: Provides a granular understanding of the interactions between devices and services within the network. Cons 1. False Positives: Protocol-based detection may generate false positives if normal variations or legitimate protocol deviations are not properly accounted for. 2. Limited to Known Protocols: Effectiveness is constrained to known protocols, and may not be as adaptable to identifying novel or unknown threats.
Presented by: Althea Dominguez Andrea Jamila Ancheta Gisela Carissa Marjalino Honey Joy Valdez Jan Rave Aturdido Jerome Mosada Launce Joshua Dayao Keneth Sabid

Recommended

Ids
IdsIds
Ids
Savyasachi14
 
Kx3419591964
Kx3419591964Kx3419591964
Kx3419591964
IJERA Editor
 
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
thilakrajc
 
idps
idpsidps
idps
iskrene
 
Detecting Anomaly IDS in Network using Bayesian Network
Detecting Anomaly IDS in Network using Bayesian NetworkDetecting Anomaly IDS in Network using Bayesian Network
Detecting Anomaly IDS in Network using Bayesian Network
IOSR Journals
 
IS - Firewall
IS - FirewallIS - Firewall
IS - Firewall
FumikageTokoyami4
 
Ids 014 anomaly detection
Ids 014 anomaly detectionIds 014 anomaly detection
Ids 014 anomaly detection
jyoti_lakhani
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
useonlyfortech140
 

Recommended

Ids
IdsIds
Ids
Savyasachi14
 
Kx3419591964
Kx3419591964Kx3419591964
Kx3419591964
IJERA Editor
 
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
thilakrajc
 
idps
idpsidps
idps
iskrene
 
Detecting Anomaly IDS in Network using Bayesian Network
Detecting Anomaly IDS in Network using Bayesian NetworkDetecting Anomaly IDS in Network using Bayesian Network
Detecting Anomaly IDS in Network using Bayesian Network
IOSR Journals
 
IS - Firewall
IS - FirewallIS - Firewall
IS - Firewall
FumikageTokoyami4
 
Ids 014 anomaly detection
Ids 014 anomaly detectionIds 014 anomaly detection
Ids 014 anomaly detection
jyoti_lakhani
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
useonlyfortech140
 
Intrusiond and detection
Intrusiond and detectionIntrusiond and detection
Intrusiond and detection
Piyu Karande
 
46 102-112
46 102-11246 102-112
46 102-112
idescitation
 
Intrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIntrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction Technique
IDES Editor
 
Idps
IdpsIdps
Idps
iskrena
 
A Comprehensive Review On Intrusion Detection System And Techniques
A Comprehensive Review On Intrusion Detection System And TechniquesA Comprehensive Review On Intrusion Detection System And Techniques
A Comprehensive Review On Intrusion Detection System And Techniques
Kelly Taylor
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
IJCSIS Research Publications
 
50320130403001 2-3
50320130403001 2-350320130403001 2-3
50320130403001 2-3IAEME Publication
 
50320130403001 2-3
50320130403001 2-350320130403001 2-3
50320130403001 2-3IAEME Publication
 
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSAN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
ieijjournal
 
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSAN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
ieijjournal1
 
Know The Difference Between Intrusion Detection vs Intrusion Prevention Syste...
Know The Difference Between Intrusion Detection vs Intrusion Prevention Syste...Know The Difference Between Intrusion Detection vs Intrusion Prevention Syste...
Know The Difference Between Intrusion Detection vs Intrusion Prevention Syste...
securens
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptx
DrRajapraveen
 
Detecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisDetecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data Analysis
Editor IJMTER
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy LogicCurrent Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logicijdpsjournal
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
ijsrd.com
 
Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques
IJMER
 
Presentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptxPresentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptx
Yash Sharma
 
Intrusion Detection Systems.pptx
Intrusion Detection Systems.pptxIntrusion Detection Systems.pptx
Intrusion Detection Systems.pptx
AnonymousEImkf6RGdQ
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 

More Related Content

Similar to (Group 2) intrusion detection system.pptx

Intrusiond and detection
Intrusiond and detectionIntrusiond and detection
Intrusiond and detection
Piyu Karande
 
46 102-112
46 102-11246 102-112
46 102-112
idescitation
 
Intrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIntrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction Technique
IDES Editor
 
Idps
IdpsIdps
Idps
iskrena
 
A Comprehensive Review On Intrusion Detection System And Techniques
A Comprehensive Review On Intrusion Detection System And TechniquesA Comprehensive Review On Intrusion Detection System And Techniques
A Comprehensive Review On Intrusion Detection System And Techniques
Kelly Taylor
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
IJCSIS Research Publications
 
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSAN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
ieijjournal
 
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSAN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
ieijjournal1
 
Know The Difference Between Intrusion Detection vs Intrusion Prevention Syste...
Know The Difference Between Intrusion Detection vs Intrusion Prevention Syste...Know The Difference Between Intrusion Detection vs Intrusion Prevention Syste...
Know The Difference Between Intrusion Detection vs Intrusion Prevention Syste...
securens
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptx
DrRajapraveen
 
Detecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisDetecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data Analysis
Editor IJMTER
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy LogicCurrent Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logicijdpsjournal
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
ijsrd.com
 
Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques
IJMER
 
Presentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptxPresentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptx
Yash Sharma
 
Intrusion Detection Systems.pptx
Intrusion Detection Systems.pptxIntrusion Detection Systems.pptx
Intrusion Detection Systems.pptx
AnonymousEImkf6RGdQ
 

Similar to (Group 2) intrusion detection system.pptx (20)

Intrusiond and detection
Intrusiond and detectionIntrusiond and detection
Intrusiond and detection
 
46 102-112
46 102-11246 102-112
46 102-112
 
Intrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIntrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction Technique
 
Idps
IdpsIdps
Idps
 
A Comprehensive Review On Intrusion Detection System And Techniques
A Comprehensive Review On Intrusion Detection System And TechniquesA Comprehensive Review On Intrusion Detection System And Techniques
A Comprehensive Review On Intrusion Detection System And Techniques
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
 
50320130403001 2-3
50320130403001 2-350320130403001 2-3
50320130403001 2-3
 
50320130403001 2-3
50320130403001 2-350320130403001 2-3
50320130403001 2-3
 
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSAN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
 
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSAN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
 
Know The Difference Between Intrusion Detection vs Intrusion Prevention Syste...
Know The Difference Between Intrusion Detection vs Intrusion Prevention Syste...Know The Difference Between Intrusion Detection vs Intrusion Prevention Syste...
Know The Difference Between Intrusion Detection vs Intrusion Prevention Syste...
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptx
 
Detecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisDetecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data Analysis
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy LogicCurrent Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
 
Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques
 
Presentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptxPresentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptx
 
Intrusion Detection Systems.pptx
Intrusion Detection Systems.pptxIntrusion Detection Systems.pptx
Intrusion Detection Systems.pptx
 

Recently uploaded

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaTop 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Yara Milbes
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
Roshan Dwivedi
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 

Recently uploaded (20)

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaTop 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 

(Group 2) intrusion detection system.pptx

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 13. Sensors Sensors monitor network traffic, system logs, and other data sources for suspicious activity. They are the first component of an IDS. These sensors can either be host- or network-based. They provide alerts when potential breaches are detected.
  • 14. Analysis Engine After the sensors generate alerts, the IDS’s analysis engine examines them to determine whether they reflect actual threats. To identify potential threats, this component uses various techniques like signature-based detection, anomaly detection, and behavioral analysis.
  • 15. Central Console After the sensors generate alerts, the IDS’s analysis engine examines them to determine whether they reflect actual threats. To identify potential threats, this component uses various techniques like signature-based detection, anomaly detection, and behavioral analysis.
  • 16. Response Mechanism Finally, an IDS should provide a reaction mechanism for dealing with discovered threats to mitigate the effects of the intrusion. This can include restricting traffic, quarantining affected systems, or triggering automated actions.
  • 17. The Intrusion Detection System (IDS) operates through a systematic process designed to identify and respond to potential security threats. Monitoring - where the system continuously observes network and system activities, including data packets, system logs, and user behaviors. This ongoing surveillance establishes the foundation for the subsequent steps. Data collection - from diverse sources, such as network devices and servers. This collected data forms the basis for understanding normal behavior patterns, encompassing typical traffic and system activities. With this baseline established, the system moves into the pattern recognition phase. Pattern recognition - the IDS analyzes the collected data using either predefined signatures for known threats (signature- based IDS) or statistical models to detect anomalies (anomaly-based IDS). This step involves comparing current activities against the established baseline or known attack signatures. Upon detecting a deviation or a match, the IDS generates alerts to notify administrators or the security team. Alerts - are then prioritized based on severity, allowing for a focused response. The IDS notifies administrators through various channels, such as email, SMS, or a centralized management console. Upon receiving alerts, security personnel review the information and initiate an appropriate incident response. Response - are actions that may include isolating affected systems, blocking malicious traffic, or implementing additional security measures.
  • 18. Technologies of Intrusion Detection System 1 . Signature-based detection is a fundamental technology used in Intrusion Detection Systems (IDS) to identify known security threats. It relies on a database of predefined signatures or patterns associated with known malicious activities. These signatures represent characteristics unique to specific types of attacks, such as viruses, worms, or other forms of malware.
  • 19. Functionality 1. Signature Database: The IDS maintains a database of signatures, each representing a specific threat or attack pattern. 2. Pattern Matching: During monitoring, the IDS compares current network or system activity against the stored signatures. 3. Identification: If there is a match between the observed activity and a signature, the IDS identifies and classifies the event as a known security threat.
  • 20. Pros and Cons Pros 1. Effectiveness: Signature-based detection is highly effective at identifying and blocking known threats. 2. Low False Positives: It tends to produce fewer false positives because it specifically targets recognized attack patterns. Cons 1. Limited to Known Threats: The main limitation is its reliance on a database of known signatures, making it less effective against new or modified threats. 2. Inability to Detect Unknown Threats: Signature-based detection may not catch novel attacks that do not match any existing signatures.
  • 21. Technologies of Intrusion Detection System 2. Anomaly-based detection is a technology used in Intrusion Detection System (IDS) to identify potential security threats by detecting deviations from normal or expected behavior. Anomaly-based detection focuses on establishing a baseline of normal system or network behavior. It then identifies activities that deviate significantly from this baseline, considering them as potential security threats.
  • 22. Functionality 1. Baseline Establishment: During an initial learning phase, the IDS observes and analyzes normal patterns of network traffic, system calls, or user behavior to create a baseline of what is considered typical. 2. Continuous Monitoring: After the baseline is established, the IDS continuously monitors activities, comparing ongoing behavior against the baseline. 3. Anomaly Identification: Any deviations or unusual patterns that fall outside the established baseline are flagged as anomalies. 4. Alert Generation: Detected anomalies trigger alerts or alarms to notify administrators of potential security threats.
  • 23. Pros and Cons Pros 1. Adaptability: Anomaly-based detection can adapt to new and evolving threats without relying on predefined signatures. 2. Detection of Unknown Threats: Capable of identifying novel or previously unseen attacks by recognizing abnormal behavior. 3. Contextual Analysis: Provides a more context-aware approach by considering deviations within the specific environment. Cons 1. False Positives: May generate false positives, as normal behavior can vary and may be influenced by factors such as system updates or user changes. 2. Complexity: Requires continuous tuning and adjustment to reduce false positives and negatives. 3. Learning Period: Initially, the system needs a learning period to establish an accurate baseline.
  • 24. Technologies of Intrusion Detection System 3. Heuristic-based detection is a technology employed in Intrusion Detection Systems (IDS) to identify potential security threats by using rules and algorithms to detect patterns indicative of suspicious behavior. Heuristic-based detection involves the application of rules or heuristics—general principles or guidelines—to identify behaviors that may indicate an intrusion or security threat. Unlike signature-based detection that relies on known patterns, heuristics allow for a more flexible approach to identifying potentially malicious activities.
  • 25. Functionality 1.Rule-Based Analysis: Heuristic-based detection uses predefined rules or heuristics to analyze network traffic, system logs, or user behavior. 2. Behavioral Patterns: The rules are designed to identify patterns that may suggest malicious activity, even if specific signatures are not known. 3. Identification of Suspicious Behavior: When the observed behavior matches predefined heuristics, the IDS raises alerts, signaling potential security threats. 4. Adaptive Rules: Some heuristic-based systems may adapt over time, allowing for the refinement of rules based on new information and evolving threat landscapes.
  • 26. Pros and Cons Pros 1. Flexibility: Heuristic-based detection is more flexible than signature-based approaches and can potentially detect unknown threats. 2. Behavioral Analysis: Allows for the analysis of behavior rather than relying on specific signatures, making it adaptable to novel attack methods. Cons 1. False Positives: May produce false positives if the heuristics are not finely tuned, as normal behavior can vary. 2. Dependence on Rule Quality: Effectiveness depends on the quality and accuracy of the predefined rules and heuristics. 3. Resource Intensive: Creating and maintaining effective heuristics may require significant computational resources.
  • 27. Technologies of Intrusion Detection System 4. Behavioral analysis is a technology used in Intrusion Detection Systems (IDS) to identify potential security threats by monitoring and analyzing patterns of behavior over time. Unlike signature-based detection that relies on known attack patterns or heuristic-based detection with predefined rules, behavioral analysis focuses on understanding normal behaviors and detecting anomalies that may indicate a security breach. Behavioral analysis involves the continuous monitoring and analysis of user, system, or network behavior to establish a baseline of normal activities. Deviations from this baseline, such as unusual patterns or anomalies, can be indicative of a security threat.
  • 28. Functionality 1.Baseline Establishment: The IDS observes and analyzes normal behavior patterns during an initial learning phase to establish a baseline. 2. Continuous Monitoring: Ongoing monitoring of activities, including user interactions, network traffic, and system operations. 3. Anomaly Detection: Behavioral analysis identifies deviations or anomalies from the established baseline that may indicate suspicious or malicious behavior. 4. Alert Generation: When anomalies are detected, the IDS generates alerts or alarms to notify administrators of potential security threats.
  • 29. Pros and Cons Pros 1. Adaptability: Behavioral analysis can adapt to changes in the environment and detect novel or evolving threats. 2. Contextual Understanding: Provides a more contextual understanding of normal behavior, allowing for a nuanced approach to anomaly detection. Cons 1. False Positives: Like other anomaly- based approaches, behavioral analysis may produce false positives, as normal behavior can vary. 2. Learning Period: Initial learning phases are required to establish an accurate baseline, and during this time, some anomalies may not be detected.
  • 30. Technologies of Intrusion Detection System 5. Network-Based Intrusion Detection System (NIDS) is a technology that monitors and analyzes network traffic to detect and respond to potential security threats. Network-Based IDS focuses on the observation of network packets and the analysis of communication flows to identify suspicious activities, intrusions, or security policy violations within a network.
  • 31. Functionality 1. Packet Inspection: NIDS examines network packets, analyzing their content and headers to understand the nature of the communication. 2. Traffic Monitoring: Constantly monitors network traffic, looking for patterns that may indicate malicious activities or deviations from normal behavior. 3. Signature Matching: Utilizes predefined signatures or patterns to identify known threats within the network traffic. 4. Anomaly Detection: Applies anomaly-based detection to identify deviations from established baselines or normal network behavior. 5. Protocol Analysis: Understands and analyzes various network protocols to identify irregularities or misuse. 6. Alert Generation: When a potential threat is detected, the NIDS generates alerts or alarms, providing details about the nature of the threat and its source.
  • 32. Pros and Cons Pros 1. Visibility: Provides comprehensive visibility into network activities and potential threats. 2. Real-Time Monitoring: Operates in real-time, allowing for immediate detection and response to security incidents. 3. Centralized Monitoring: Can be deployed at strategic points within the network to centrally monitor traffic. Cons 1. Encrypted Traffic Challenges: May face challenges in inspecting encrypted traffic, limiting its ability to detect threats within encrypted communications. 2. False Positives: Like any detection system, NIDS may generate false positives, especially if not properly tuned or configured.
  • 33. Technologies of Intrusion Detection System 6.Signature-free detection, also known as signatureless detection or behavior-based detection, is an approach in cybersecurity that focuses on identifying and responding to security threats without relying on predefined signatures or known patterns. This method is particularly valuable for detecting novel or evolving threats that may not have established signatures. Signature-free detection relies on analyzing behaviors, anomalies, or deviations from normal patterns rather than matching against known attack signatures. It leverages advanced techniques, often involving machine learning, artificial intelligence, or heuristic algorithms, to detect and respond to previously unseen threats.
  • 34. Functionality 1. Behavioral Analysis: Signature-free detection employs behavioral analysis to establish a baseline of normal activities and identify deviations that may indicate malicious behavior. 2. Machine Learning: Utilizes machine learning algorithms to analyze large datasets, learning from historical data to identify patterns and anomalies. 3. Heuristic Algorithms: Applies heuristic algorithms that use rules and guidelines to identify potentially malicious behaviors based on their characteristics. 4. Anomaly Detection: Focuses on detecting anomalies or irregularities within network traffic, system logs, or user behavior. 5. Dynamic Adaptation: Adapts and evolves over time as it learns from new data and emerging threats.
  • 35. Pros and Cons Pros 1. Adaptability: Can detect unknown or zero-day threats that lack known signatures. 2. Advanced Threat Detection: Effective against sophisticated, polymorphic, or rapidly evolving threats. 3. Reduced Dependency on Updates: Less reliant on frequent signature updates compared to traditional signature-based approaches. Cons 1. False Positives: Like any anomaly- based approach, signature-free detection may generate false positives if not properly tuned or if normal behavior varies. 2. Complexity: Implementation and fine- tuning of machine learning models or heuristic algorithms can be complex and resource-intensive.
  • 36. Technologies of Intrusion Detection System 7. Wireless Intrusion Detection System (WIDS) is a technology designed to monitor and secure wireless networks by detecting and responding to potential security threats. Wireless networks present unique security challenges, and a WIDS is specifically designed to address these challenges by monitoring and analyzing activities within the wireless spectrum.
  • 37. Functionality 1. Wireless Traffic Monitoring: WIDS continuously monitors the wireless spectrum, including Wi-Fi channels, to observe network traffic and detect potential security issues. 2. Packet Analysis: Analyzes wireless packets to identify anomalies, unauthorized devices, or malicious activities. 3. Rogue AP Detection: Identifies unauthorized or rogue access points that may pose security risks to the network. 4. Intrusion Signature Detection: Utilizes predefined signatures or patterns to detect known wireless threats, such as specific attack types targeting Wi-Fi protocols. 5. Anomaly Detection: Applies anomaly-based detection to identify deviations from normal wireless behavior, helping detect unknown or evolving threats. 6. Authentication and Encryption Monitoring: Monitors authentication and encryption mechanisms to ensure the security of wireless communications. 7. Location Tracking: Some advanced WIDS systems incorporate location-tracking capabilities to pinpoint the physical location of detected threats.
  • 38. Pros and Cons Pros 1. Visibility into Wireless Spectrum: Provides visibility into wireless network activities, helping identify and respond to potential threats. 2. Rogue Device Detection: Effectively identifies unauthorized devices or access points within the wireless network. 3. Comprehensive Security: Addresses security challenges specific to wireless environments, such as eavesdropping and unauthorized access. Cons 1. False Positives: Like any intrusion detection system, WIDS may generate false positives, especially if not properly configured or if normal wireless behavior varies. 2. Encryption Challenges: Detecting threats within encrypted wireless traffic can be challenging.
  • 39. Technologies of Intrusion Detection System 8. Network Behavior Analysis (NBA) is a security technology that focuses on monitoring and analyzing patterns of behavior within a network to identify anomalies, potential security threats, or abnormal activities. Network Behavior Analysis involves the continuous observation and analysis of network traffic, system logs, and user activities to establish a baseline of normal behavior. Deviations from this baseline are flagged as potential security concerns.
  • 40. Functionality 1. Baseline Establishment: NBA starts with a learning phase to establish a baseline of normal behavior within the network. This includes understanding typical traffic patterns, application usage, and user behavior. 2. Continuous Monitoring: Ongoing monitoring of network activities, including the analysis of data packets, system logs, and user interactions. 3. Anomaly Detection: Identifies deviations or anomalies from the established baseline, such as unusual traffic patterns, irregular user access, or unexpected system behavior. 4. Alert Generation: When potential security threats or anomalies are detected, the system generates alerts or alarms to notify administrators. 5. Correlation Analysis: Some advanced NBA systems perform correlation analysis, connecting seemingly unrelated events to identify more complex security threats. 6. Forensic Analysis: Provides tools for detailed forensic analysis of network events, aiding in post-incident investigations.
  • 41. Pros and Cons Pros 1. Adaptability: Can adapt to evolving threats and changes in network behavior over time. 2. Detection of Advanced Threats: Effective in identifying subtle or advanced threats that may not be apparent through other detection methods. 3. Contextual Understanding: Provides a more contextual understanding of network activities, allowing for a nuanced approach to anomaly detection. Cons 1.False Positives: Like any anomaly- based approach, NBA may generate false positives, especially during the initial learning phase or if normal behavior patterns vary. 2.Resource Intensive: Performing continuous analysis and maintaining baselines can be resource-intensive.
  • 42. Technologies of Intrusion Detection System 9. Protocol-based detection is a method used in network security to identify and respond to potential security threats by examining the characteristics and behaviors of network protocols. This approach involves analyzing network traffic to detect deviations from expected protocol behaviors, identifying anomalies, and potentially flagging malicious activities. Protocol-based detection focuses on understanding and monitoring the expected behavior of various network protocols, such as TCP/IP, UDP, HTTP, DNS, and others. It involves analyzing the traffic patterns, headers, and content associated with these protocols to identify abnormal or potentially malicious activities.
  • 43. Functionality 1. Protocol Analysis: Examines the headers and content of network packets to understand the structure and behavior of different protocols. 2. Traffic Pattern Monitoring: Monitors network traffic patterns associated with specific protocols to establish normal behavior. 3. Anomaly Detection: Identifies deviations or anomalies from the expected behavior of protocols, such as unusual packet structures or non-compliant communication patterns. 4. Alert Generation: Generates alerts or alarms when potential protocol violations or abnormalities are detected, signaling potential security threats.
  • 44. Pros and Cons Pros 1. Focused Analysis: Allows for focused analysis on specific protocols, providing targeted detection for known vulnerabilities or attack patterns. 2. Early Detection: Can enable early detection of protocol-specific attacks or exploits before they can cause significant damage. 3. Granular Understanding: Provides a granular understanding of the interactions between devices and services within the network. Cons 1. False Positives: Protocol-based detection may generate false positives if normal variations or legitimate protocol deviations are not properly accounted for. 2. Limited to Known Protocols: Effectiveness is constrained to known protocols, and may not be as adaptable to identifying novel or unknown threats.
  • 45. Presented by: Althea Dominguez Andrea Jamila Ancheta Gisela Carissa Marjalino Honey Joy Valdez Jan Rave Aturdido Jerome Mosada Launce Joshua Dayao Keneth Sabid