SlideShare a Scribd company logo

Ids 003 attacks

Download as PPSX, PDF
J
jyoti_lakhani

Intrusion Detection System

Technology
1 of 22
Attacks 7/28/2021 (c) Dr. Jyoti Lakhani
Attack A set of malicious activities to disrupt, deny, degrade or destroy information and service resident in computer 7/28/2021 (c) Dr. Jyoti Lakhani
A network attack is executed through the data stream on networks and aims to compromise the Integrity , Confidentiality or Availability of computer network systems. Examples of Computer Attacks • Viruses attached to Emails • Probing* of system to collect information • Internet Worms • Unauthorized usage of a system • Denial-of-Service by abusing a feature of a system • Exploiting a bug in software to modify system data • Masquerading* Network Attack *Probing : inquiring closely into something; searching * Masquerading : pretend to be someone; Simulate 7/28/2021 (c) Dr. Jyoti Lakhani
Classification / Taxonomy of attacks Hansman’s Taxonomy Verdict Taxonomy 7/28/2021 (c) Dr. Jyoti Lakhani
Classification / Taxonomy of attacks VERDICT Taxonomy (Validation Exposure Randomness Deallocation Improper Conditions Taxonomy) VERRDICT shows that all computer attacks can be classified using four improper conditions Validation Exposure Randomness Deallocation 7/28/2021 (c) Dr. Jyoti Lakhani
During an improper validation, an insufficient or incorrect validation will lead an unauthorized access to critical information or a protected system. How to avoid the improper validation The parameters that are passed between two system components or between a system component and an external entity must be validated according to a set of conditions: 1. Presence or absence 2. Data types and formats 3. Number and order 4. Value ranges 5. Access rights to associated storage locations 6. Consistency among parameters Improper Validation 7/28/2021 (c) Dr. Jyoti Lakhani
The improper exposure always happens if the specific exposure conditions are satisfied. For instance, an inferior process might obtain the access to privileged information located in the storage Or privileged information is transferred to an inferior process indirectly through the acknowledgment or timing. In this situation, the critical information system will be improperly exposed to the attack Improper Exposure 7/28/2021 (c) Dr. Jyoti Lakhani
The improper randomness can result in an exposure to attack. A crucial aspect in cryptography is to generate random numbers. However, due to the lack of true random sources, pseudo-random numbers are used in current computer systems instead, which makes the development of unbreakable ciphering units extremely difficult. Improper Randomness 7/28/2021 (c) Dr. Jyoti Lakhani
The improper deallocation means the information stored in the system is not properly deleted after use, and thus it will lead a system vulnerability to the attack. A typical example of improper deallocation is the deletion of a file from a disk. In practice, most of the operating systems do not actually erase the file data from the disk, instead they just simply deallocate the occupied sectors from the allocation tables. A deletion is not completed until the location of that file on the disk is overwritten entirely with certain patterns. Improper Deallocation 7/28/2021 (c) Dr. Jyoti Lakhani
According to CERT (Computer Emergency Response Team)- 1. The VERDICT cannot be used to identify and classify the day-to- day new attacks. 2. It is general and abstract and does not give a description of attacks in terms of viruses, worms, Trojans and malwares, which is how the attacks are usually described in reality. Limitation of VERDICT Taxonomy 7/28/2021 (c) Dr. Jyoti Lakhani
Hansman’s taxonomy is more complete and practical, which includes four dimensions: Hansman’s taxonomy 1st dimension • Main behavior of the attack 2nd dimension • Classification of the attack targets 3rd dimension • Classifying vulnerabilities and exploits the attackers use 4th dimension • Payloads for an attack to have an effect beyond itself 7/28/2021 (c) Dr. Jyoti Lakhani
Hansman’s taxonomy Attacks Virus Trojan Buffer Overflow DoS Worm Network Attack Physical Attack Password Attack Information Gathering Attack classifies Behaviour of the Attack 10 categories First Dimension 7/28/2021 (c) Dr. Jyoti Lakhani
Targets Hardware Computer CPU Hard Disk Network Router Switch es Hubs Periphe ral Devices Keyboa rd etc. Software Operating System Windo ws Linux Unix MAC Apps Server Apps Web Server Databa se Server User Apps Email client Word Editor Networ k Protoco ls TCP/IP Hansman’s Taxonomy classifies Target of Attacks Second Dimension 7/28/2021 (c) Dr. Jyoti Lakhani
The CVE project is designed to produce common definitions of vulnerabilities which is originally proposed by Mann and Christey. identifies Vulnerabilities & Exploits Third Dimension 7/28/2021 (c) Dr. Jyoti Lakhani Since vulnerabilities are wide and varied, they usually apply to specific versions of a piece of software or operating systems. Once vulnerabilities that an attack exploits are known, the relevant CVE entries can be found. Classified as CVE Common Vulnerabilities and Exposures Hansman’s Taxonomy Click above image to follow link
Different payloads may have different effects beyond that attack itself For example, a worm attack may have a Trojan payload. As a result, the taxonomy allows for attacks classified in first dimension to launch other attacks defined in the fourth dimension. 7/28/2021 (c) Dr. Jyoti Lakhani Hansman’s Taxonomy deals with Attack Payload Fourth Dimension
7/28/2021 (c) Dr. Jyoti Lakhani Hansman’s Taxonomy deals with Attack Payload Fourth Dimension The payloads are classified into five categories in the fourth dimension, namely first dimension attack payload. 1. Corruption of information 2. Disclosure of information 3. Theft of service 4. Subversion
The first dimension attack payload is defined according to the attack class in the first dimension. The corruption of information payload alters or destroys some information. The disclosure of information payload discloses information without the authorization of the victim. The theft of service payload access services of systems without any authorization and without any impact on the services of legitimate users as well. The subversion occurs when the payload can gain control over part of the target and then use it for its own purpose. 7/28/2021 (c) Dr. Jyoti Lakhani First dimension attack payload
Self-replicating program that attach itself to an existing program and infects a system without permission or knowledge of the user. 7/28/2021 (c) Dr. Jyoti Lakhani Virus Worm Self-replicating program that propagates through network services on computers without any intervention of users.
Trojan A piece of program made to perform a certain benign action, but in fact perform different code for malicious purpose. 7/28/2021 (c) Dr. Jyoti Lakhani Buffer overflow A process that gains control or crashes another process by overwriting the boundary of a fixed length buffer.
Denial of Service (DoS) An attack which prevents intended legitimate users from accessing or using a computer or network resource. 7/28/2021 (c) Dr. Jyoti Lakhani Network Attack An attack that crash the users on the network or the network itself through manipulating network protocols, ranging from the data-link layer to the application layer.
Physical Attack An attack that attempts to damage physical components of a network or computer. 7/28/2021 (c) Dr. Jyoti Lakhani Password Attack An attack that aims to gain a password and is usually indicated by a series of failed logins within a short period of time.
Information Gathering Attack An attack that gathers information or finds known vulnerabilities by scanning or probing existing computer networks. 7/28/2021 (c) Dr. Jyoti Lakhani

Recommended

Ids 005 computer viruses
Ids 005 computer virusesIds 005 computer viruses
Ids 005 computer viruses
jyoti_lakhani
 
dos attacks
dos attacksdos attacks
dos attacks
AMAL PERUMPALLIL
 
Finding Critical Link and Critical Node Vulnerability for Network
Finding Critical Link and Critical Node Vulnerability for NetworkFinding Critical Link and Critical Node Vulnerability for Network
Finding Critical Link and Critical Node Vulnerability for Network
ijircee
 
Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013
ijcsbi
 
Fight fire with fire draft
Fight fire with fire draftFight fire with fire draft
Fight fire with fire draft
Nishant Agrawal
 
An approach to containing computer viruses
An approach to containing computer virusesAn approach to containing computer viruses
An approach to containing computer viruses
UltraUploader
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
Mumbai Academisc
 
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
Migrant Systems
 

Recommended

Ids 005 computer viruses
Ids 005 computer virusesIds 005 computer viruses
Ids 005 computer viruses
jyoti_lakhani
 
dos attacks
dos attacksdos attacks
dos attacks
AMAL PERUMPALLIL
 
Finding Critical Link and Critical Node Vulnerability for Network
Finding Critical Link and Critical Node Vulnerability for NetworkFinding Critical Link and Critical Node Vulnerability for Network
Finding Critical Link and Critical Node Vulnerability for Network
ijircee
 
Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013
ijcsbi
 
Fight fire with fire draft
Fight fire with fire draftFight fire with fire draft
Fight fire with fire draft
Nishant Agrawal
 
An approach to containing computer viruses
An approach to containing computer virusesAn approach to containing computer viruses
An approach to containing computer viruses
UltraUploader
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
Mumbai Academisc
 
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
Migrant Systems
 
AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...
Priyanka Aash
 
IDS - Analysis of SVM and decision trees
IDS - Analysis of SVM and decision treesIDS - Analysis of SVM and decision trees
IDS - Analysis of SVM and decision trees
Vahid Farrahi
 
A methodology to detect and characterize kernel level rootkit exploits involv...
A methodology to detect and characterize kernel level rootkit exploits involv...A methodology to detect and characterize kernel level rootkit exploits involv...
A methodology to detect and characterize kernel level rootkit exploits involv...
UltraUploader
 
Indexing Building Evaluation Criteria
Indexing Building Evaluation CriteriaIndexing Building Evaluation Criteria
Indexing Building Evaluation Criteria
IJERA Editor
 
Ista presentation-android
Ista presentation-androidIsta presentation-android
Ista presentation-android
vinaykumar R
 
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
IJNSA Journal
 
Testbed For Ids
Testbed For IdsTestbed For Ids
Testbed For Ids
amiable_indian
 
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSA SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
IJNSA Journal
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusion
vinaykumar R
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Future
amiable_indian
 
Automated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data AcquisitionAutomated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data Acquisition
IJERA Editor
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
ijseajournal
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET Journal
 
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed ServersIRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET Journal
 
Finding Diversity In Remote Code Injection Exploits
Finding Diversity In Remote Code Injection ExploitsFinding Diversity In Remote Code Injection Exploits
Finding Diversity In Remote Code Injection Exploits
amiable_indian
 
A framework for modelling trojans and computer virus infection
A framework for modelling trojans and computer virus infectionA framework for modelling trojans and computer virus infection
A framework for modelling trojans and computer virus infection
UltraUploader
 
Incident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase JournalIncident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase Journal
brittanyjespersen
 
VCU INFO 644 Critical Thinking 2
VCU INFO 644 Critical Thinking 2VCU INFO 644 Critical Thinking 2
VCU INFO 644 Critical Thinking 2
tgbrunet
 
A comparative study of physical attacks on wireless sensor networks
A comparative study of physical attacks on wireless sensor networksA comparative study of physical attacks on wireless sensor networks
A comparative study of physical attacks on wireless sensor networks
eSAT Publishing House
 
unproctored online assessments bromme.ppt
unproctored online assessments bromme.pptunproctored online assessments bromme.ppt
unproctored online assessments bromme.ppt
AbdurrehmanKhan61
 
NetWitness
NetWitnessNetWitness
NetWitness
TechBiz Forense Digital
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
DamaineFranklinMScBE
 

More Related Content

What's hot

AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...
Priyanka Aash
 
A methodology to detect and characterize kernel level rootkit exploits involv...
A methodology to detect and characterize kernel level rootkit exploits involv...A methodology to detect and characterize kernel level rootkit exploits involv...
A methodology to detect and characterize kernel level rootkit exploits involv...
UltraUploader
 
Indexing Building Evaluation Criteria
Indexing Building Evaluation CriteriaIndexing Building Evaluation Criteria
Indexing Building Evaluation Criteria
IJERA Editor
 
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
IJNSA Journal
 
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSA SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
IJNSA Journal
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
ijseajournal
 
A framework for modelling trojans and computer virus infection
A framework for modelling trojans and computer virus infectionA framework for modelling trojans and computer virus infection
A framework for modelling trojans and computer virus infection
UltraUploader
 
Incident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase JournalIncident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase Journal
brittanyjespersen
 
VCU INFO 644 Critical Thinking 2
VCU INFO 644 Critical Thinking 2VCU INFO 644 Critical Thinking 2
VCU INFO 644 Critical Thinking 2
tgbrunet
 

What's hot (19)

AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...
 
IDS - Analysis of SVM and decision trees
IDS - Analysis of SVM and decision treesIDS - Analysis of SVM and decision trees
IDS - Analysis of SVM and decision trees
 
A methodology to detect and characterize kernel level rootkit exploits involv...
A methodology to detect and characterize kernel level rootkit exploits involv...A methodology to detect and characterize kernel level rootkit exploits involv...
A methodology to detect and characterize kernel level rootkit exploits involv...
 
Indexing Building Evaluation Criteria
Indexing Building Evaluation CriteriaIndexing Building Evaluation Criteria
Indexing Building Evaluation Criteria
 
Ista presentation-android
Ista presentation-androidIsta presentation-android
Ista presentation-android
 
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
Architecture for Intrusion Detection System with Fault Tolerance Using Mobile...
 
Testbed For Ids
Testbed For IdsTestbed For Ids
Testbed For Ids
 
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSA SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusion
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Future
 
Automated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data AcquisitionAutomated Live Forensics Analysis for Volatile Data Acquisition
Automated Live Forensics Analysis for Volatile Data Acquisition
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
 
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed ServersIRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
 
Finding Diversity In Remote Code Injection Exploits
Finding Diversity In Remote Code Injection ExploitsFinding Diversity In Remote Code Injection Exploits
Finding Diversity In Remote Code Injection Exploits
 
A framework for modelling trojans and computer virus infection
A framework for modelling trojans and computer virus infectionA framework for modelling trojans and computer virus infection
A framework for modelling trojans and computer virus infection
 
Incident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase JournalIncident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase Journal
 
VCU INFO 644 Critical Thinking 2
VCU INFO 644 Critical Thinking 2VCU INFO 644 Critical Thinking 2
VCU INFO 644 Critical Thinking 2
 
A comparative study of physical attacks on wireless sensor networks
A comparative study of physical attacks on wireless sensor networksA comparative study of physical attacks on wireless sensor networks
A comparative study of physical attacks on wireless sensor networks
 

Similar to Ids 003 attacks

Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
International Journal of Engineering Inventions www.ijeijournal.com
 
Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...
UltraUploader
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitor
UltraUploader
 
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
todd521
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD Proposal
Todd Deshane
 
why security is needed
why security is neededwhy security is needed
why security is needed
sourov_das
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
IJNSA Journal
 
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Editor IJCATR
 

Similar to Ids 003 attacks (20)

unproctored online assessments bromme.ppt
unproctored online assessments bromme.pptunproctored online assessments bromme.ppt
unproctored online assessments bromme.ppt
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
Ids 004 cve
Ids 004 cveIds 004 cve
Ids 004 cve
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitor
 
Ids 006 computer worms
Ids 006 computer wormsIds 006 computer worms
Ids 006 computer worms
 
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD Proposal
 
why security is needed
why security is neededwhy security is needed
why security is needed
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
E04 05 2841
E04 05 2841E04 05 2841
E04 05 2841
 
Paper-ComputerWormClassification.pdf
Paper-ComputerWormClassification.pdfPaper-ComputerWormClassification.pdf
Paper-ComputerWormClassification.pdf
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in clouds
 
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
 

More from jyoti_lakhani

Ds06 linked list- insert a node after a given node
Ds06 linked list- insert a node after a given nodeDs06 linked list- insert a node after a given node
Ds06 linked list- insert a node after a given node
jyoti_lakhani
 
Ds01 data structure introduction - by jyoti lakhani
Ds01 data structure introduction - by jyoti lakhaniDs01 data structure introduction - by jyoti lakhani
Ds01 data structure introduction - by jyoti lakhani
jyoti_lakhani
 

More from jyoti_lakhani (20)

CG02 Computer Graphic Systems.ppsx
CG02 Computer Graphic Systems.ppsxCG02 Computer Graphic Systems.ppsx
CG02 Computer Graphic Systems.ppsx
 
Projections.pptx
Projections.pptxProjections.pptx
Projections.pptx
 
CG04 Color Models.ppsx
CG04 Color Models.ppsxCG04 Color Models.ppsx
CG04 Color Models.ppsx
 
CG03 Random Raster Scan displays and Color CRTs.ppsx
CG03 Random Raster Scan displays and Color CRTs.ppsxCG03 Random Raster Scan displays and Color CRTs.ppsx
CG03 Random Raster Scan displays and Color CRTs.ppsx
 
CG02 Computer Graphic Systems.pptx
CG02 Computer Graphic Systems.pptxCG02 Computer Graphic Systems.pptx
CG02 Computer Graphic Systems.pptx
 
CG01 introduction.ppsx
CG01 introduction.ppsxCG01 introduction.ppsx
CG01 introduction.ppsx
 
Doubly linked list
Doubly linked listDoubly linked list
Doubly linked list
 
Double ended queue
Double ended queueDouble ended queue
Double ended queue
 
Tree terminology and introduction to binary tree
Tree terminology and introduction to binary treeTree terminology and introduction to binary tree
Tree terminology and introduction to binary tree
 
Priority queue
Priority queuePriority queue
Priority queue
 
Ds006 linked list- delete from front
Ds006 linked list- delete from frontDs006 linked list- delete from front
Ds006 linked list- delete from front
 
Ds06 linked list- insert a node after a given node
Ds06 linked list- insert a node after a given nodeDs06 linked list- insert a node after a given node
Ds06 linked list- insert a node after a given node
 
Ds06 linked list- insert a node at end
Ds06 linked list- insert a node at endDs06 linked list- insert a node at end
Ds06 linked list- insert a node at end
 
Ds06 linked list- insert a node at beginning
Ds06 linked list- insert a node at beginningDs06 linked list- insert a node at beginning
Ds06 linked list- insert a node at beginning
 
Ds06 linked list- intro and create a node
Ds06 linked list- intro and create a nodeDs06 linked list- intro and create a node
Ds06 linked list- intro and create a node
 
Ds04 abstract data types (adt) jyoti lakhani
Ds04 abstract data types (adt) jyoti lakhaniDs04 abstract data types (adt) jyoti lakhani
Ds04 abstract data types (adt) jyoti lakhani
 
Ds03 part i algorithms by jyoti lakhani
Ds03 part i algorithms by jyoti lakhaniDs03 part i algorithms by jyoti lakhani
Ds03 part i algorithms by jyoti lakhani
 
Ds03 algorithms jyoti lakhani
Ds03 algorithms jyoti lakhaniDs03 algorithms jyoti lakhani
Ds03 algorithms jyoti lakhani
 
Ds02 flow chart and pseudo code
Ds02 flow chart and pseudo codeDs02 flow chart and pseudo code
Ds02 flow chart and pseudo code
 
Ds01 data structure introduction - by jyoti lakhani
Ds01 data structure introduction - by jyoti lakhaniDs01 data structure introduction - by jyoti lakhani
Ds01 data structure introduction - by jyoti lakhani
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Recently uploaded (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Ids 003 attacks

  • 2. Attack A set of malicious activities to disrupt, deny, degrade or destroy information and service resident in computer 7/28/2021 (c) Dr. Jyoti Lakhani
  • 3. A network attack is executed through the data stream on networks and aims to compromise the Integrity , Confidentiality or Availability of computer network systems. Examples of Computer Attacks • Viruses attached to Emails • Probing* of system to collect information • Internet Worms • Unauthorized usage of a system • Denial-of-Service by abusing a feature of a system • Exploiting a bug in software to modify system data • Masquerading* Network Attack *Probing : inquiring closely into something; searching * Masquerading : pretend to be someone; Simulate 7/28/2021 (c) Dr. Jyoti Lakhani
  • 4. Classification / Taxonomy of attacks Hansman’s Taxonomy Verdict Taxonomy 7/28/2021 (c) Dr. Jyoti Lakhani
  • 5. Classification / Taxonomy of attacks VERDICT Taxonomy (Validation Exposure Randomness Deallocation Improper Conditions Taxonomy) VERRDICT shows that all computer attacks can be classified using four improper conditions Validation Exposure Randomness Deallocation 7/28/2021 (c) Dr. Jyoti Lakhani
  • 6. During an improper validation, an insufficient or incorrect validation will lead an unauthorized access to critical information or a protected system. How to avoid the improper validation The parameters that are passed between two system components or between a system component and an external entity must be validated according to a set of conditions: 1. Presence or absence 2. Data types and formats 3. Number and order 4. Value ranges 5. Access rights to associated storage locations 6. Consistency among parameters Improper Validation 7/28/2021 (c) Dr. Jyoti Lakhani
  • 7. The improper exposure always happens if the specific exposure conditions are satisfied. For instance, an inferior process might obtain the access to privileged information located in the storage Or privileged information is transferred to an inferior process indirectly through the acknowledgment or timing. In this situation, the critical information system will be improperly exposed to the attack Improper Exposure 7/28/2021 (c) Dr. Jyoti Lakhani
  • 8. The improper randomness can result in an exposure to attack. A crucial aspect in cryptography is to generate random numbers. However, due to the lack of true random sources, pseudo-random numbers are used in current computer systems instead, which makes the development of unbreakable ciphering units extremely difficult. Improper Randomness 7/28/2021 (c) Dr. Jyoti Lakhani
  • 9. The improper deallocation means the information stored in the system is not properly deleted after use, and thus it will lead a system vulnerability to the attack. A typical example of improper deallocation is the deletion of a file from a disk. In practice, most of the operating systems do not actually erase the file data from the disk, instead they just simply deallocate the occupied sectors from the allocation tables. A deletion is not completed until the location of that file on the disk is overwritten entirely with certain patterns. Improper Deallocation 7/28/2021 (c) Dr. Jyoti Lakhani
  • 10. According to CERT (Computer Emergency Response Team)- 1. The VERDICT cannot be used to identify and classify the day-to- day new attacks. 2. It is general and abstract and does not give a description of attacks in terms of viruses, worms, Trojans and malwares, which is how the attacks are usually described in reality. Limitation of VERDICT Taxonomy 7/28/2021 (c) Dr. Jyoti Lakhani
  • 11. Hansman’s taxonomy is more complete and practical, which includes four dimensions: Hansman’s taxonomy 1st dimension • Main behavior of the attack 2nd dimension • Classification of the attack targets 3rd dimension • Classifying vulnerabilities and exploits the attackers use 4th dimension • Payloads for an attack to have an effect beyond itself 7/28/2021 (c) Dr. Jyoti Lakhani
  • 13. Targets Hardware Computer CPU Hard Disk Network Router Switch es Hubs Periphe ral Devices Keyboa rd etc. Software Operating System Windo ws Linux Unix MAC Apps Server Apps Web Server Databa se Server User Apps Email client Word Editor Networ k Protoco ls TCP/IP Hansman’s Taxonomy classifies Target of Attacks Second Dimension 7/28/2021 (c) Dr. Jyoti Lakhani
  • 14. The CVE project is designed to produce common definitions of vulnerabilities which is originally proposed by Mann and Christey. identifies Vulnerabilities & Exploits Third Dimension 7/28/2021 (c) Dr. Jyoti Lakhani Since vulnerabilities are wide and varied, they usually apply to specific versions of a piece of software or operating systems. Once vulnerabilities that an attack exploits are known, the relevant CVE entries can be found. Classified as CVE Common Vulnerabilities and Exposures Hansman’s Taxonomy Click above image to follow link
  • 15. Different payloads may have different effects beyond that attack itself For example, a worm attack may have a Trojan payload. As a result, the taxonomy allows for attacks classified in first dimension to launch other attacks defined in the fourth dimension. 7/28/2021 (c) Dr. Jyoti Lakhani Hansman’s Taxonomy deals with Attack Payload Fourth Dimension
  • 16. 7/28/2021 (c) Dr. Jyoti Lakhani Hansman’s Taxonomy deals with Attack Payload Fourth Dimension The payloads are classified into five categories in the fourth dimension, namely first dimension attack payload. 1. Corruption of information 2. Disclosure of information 3. Theft of service 4. Subversion
  • 17. The first dimension attack payload is defined according to the attack class in the first dimension. The corruption of information payload alters or destroys some information. The disclosure of information payload discloses information without the authorization of the victim. The theft of service payload access services of systems without any authorization and without any impact on the services of legitimate users as well. The subversion occurs when the payload can gain control over part of the target and then use it for its own purpose. 7/28/2021 (c) Dr. Jyoti Lakhani First dimension attack payload
  • 18. Self-replicating program that attach itself to an existing program and infects a system without permission or knowledge of the user. 7/28/2021 (c) Dr. Jyoti Lakhani Virus Worm Self-replicating program that propagates through network services on computers without any intervention of users.
  • 19. Trojan A piece of program made to perform a certain benign action, but in fact perform different code for malicious purpose. 7/28/2021 (c) Dr. Jyoti Lakhani Buffer overflow A process that gains control or crashes another process by overwriting the boundary of a fixed length buffer.
  • 20. Denial of Service (DoS) An attack which prevents intended legitimate users from accessing or using a computer or network resource. 7/28/2021 (c) Dr. Jyoti Lakhani Network Attack An attack that crash the users on the network or the network itself through manipulating network protocols, ranging from the data-link layer to the application layer.
  • 21. Physical Attack An attack that attempts to damage physical components of a network or computer. 7/28/2021 (c) Dr. Jyoti Lakhani Password Attack An attack that aims to gain a password and is usually indicated by a series of failed logins within a short period of time.
  • 22. Information Gathering Attack An attack that gathers information or finds known vulnerabilities by scanning or probing existing computer networks. 7/28/2021 (c) Dr. Jyoti Lakhani