VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
IDS Detection Methods
1. INTRUSION DETECTION SYSTEM
Heena Saini
M.Tech ,Cyber Security ,2nd Year
Sardar Patel University of Police Security & Criminal Justice, Jodhpur
Guided by: Mr.Vikas Sihag ,Assistant professor,SPUP Jodhpur
Dr. BM.Mehtre professor ,IDRBT Hyderbad
spu15cs07@policeuniversity.ac.in
September 27, 2016
Heena Saini (SPUP) Network Security September 27, 2016 1 / 17
2. Overview
1 Research area introduction:Network Security
2 Intrusion Detection System
3 Detection Methodologies
4 Misuse intrusions
5 Anomaly intrusions
6 IDS technology
7 Artificial Neural Network
8 ANN IN IDS
9 References
Heena Saini (SPUP) Network Security September 27, 2016 2 / 17
3. Network Security
Is process protecting assets ,like Password, Devices, Information,
Configuration, Servers, Users account.
network security objective is to maintain the
confidentiality,authenticity,integrity,dependability, availability and
audit-ability of the network.
Network security problem generally includes network system security
and data security.
Heena Saini (SPUP) Network Security September 27, 2016 3 / 17
4. NETWORK SECURITY TECHNOLOGIES
Authentication Technology
Based on cryptography
Identity Authentication,Message Authentication,Access
Authorization,Digital Signatures
Data Encryption Technology
data Encryption technology is mainly to improve data confidentiality
and prevent them from decoding.
symmetric-key encryption
asymmetric-key encryption
Firewall Technology:Key Techniques of Firewall
packet filtering technology
application gateway
proxy technology
Intrusion Detection System
Misuse Detection
Anomaly Detection
Heena Saini (SPUP) Network Security September 27, 2016 4 / 17
5. Intrusion Detection System
An intrusion can be defined as any set of actions that try to
compromise the integrity, confidentiality, or availability of a resource.
An IDS is a security system that monitors computer systems and
network traffic and analyzes traffic.
IDSs allows organizations to protect their systems from the threats
that come with increasing network connectivity and reliance on
information systems. eg.firewall is just a fence.
An IDS comprises of Management Console and sensors.
Error types which leads IDS’s failure gives:
False positive :occurs when the system classifies an action as
anomalous when it is legitimate.
False negative :occurs when an actual intrusive action has occurred but
the system allows it to pass through as non-intrusive behavior.
Subversion error:can occur when an intruder modifies the operation of
the intrusion detector to force false negatives to occur.
Heena Saini (SPUP) Network Security September 27, 2016 5 / 17
6. Detection methodologies
Misuse intrusions based detection
Anomaly intrusions based detection
Specification-based Detection
Hybrid Detection
Heena Saini (SPUP) Network Security September 27, 2016 6 / 17
7. Misuse intrusions
Misuse detection assumes all the intrusion behaviors.
all the known intrusions can be detected by matching method.
Figure: 1.Misuse detection system[3]
Heena Saini (SPUP) Network Security September 27, 2016 7 / 17
8. Misuse intrusions
Pattern Matching
Commonly used in the network based intrusion detection systems
attack patterns are modeled, matched and identified based on the
packet head, packet content or both.
Rule-based Techniques
Expert systems encode intrusive scenarios as a set of rules, which are
matched against audit or network traffic data.
Any deviation in the rule matching process is reported as an intrusion.
IDES (Intrusion Detection Expert System)
NIDES (Next-generation Intrusion Detection Expert System)
State-based Techniques
Figure: 2.Generic state transition diagram[3]
Heena Saini (SPUP) Network Security September 27, 2016 8 / 17
9. Anomaly intrusions
Anomaly detection assumes that all the intrusion behaviors are
different from normal behaviors.
Establishes normal behavior profile of the target system and its users.
All the system states different from the normal behavior profile can be
considered as suspicious.
Figure: 3.Anomaly detection system[3]
Heena Saini (SPUP) Network Security September 27, 2016 9 / 17
12. Artificial Neural Network
artificial Neural Network (ANN) is an information processing
paradigm that is inspired by the way biological nervous systems, such
as the brain, process information.
Neural networks process information in a similar way the human brain
does.
The network is composed of a large number of highly interconnected
processing elements(neurones) working in parallel to solve a specific
problem.
Neural networks learn by example. They cannot be programmed to
perform a specific task.
Heena Saini (SPUP) Network Security September 27, 2016 12 / 17
13. Artificial Neural Network:working
ANN have two working mode- training mode & using mode.
Training mode: it get trained about the pattern on which it have to
fired and its respective output.
Using mode:in using mode it do the detection work and give output
according the taught knowledge.In a new case firing rules will be
applied.
Figure: 5.Concept of ANN
Heena Saini (SPUP) Network Security September 27, 2016 13 / 17
15. ANN IN IDS
Anomaly based IDS can be work out through the Neural Network
concept.
Anomaly based IDS plus NN can be used against the malicious act.
IDS has 2 component
Event generator:its a sources through the data collection have be done.
analysis engine:detection method used to analysis a network traffic data
.
Heena Saini (SPUP) Network Security September 27, 2016 15 / 17
16. References
Fan Yan1,Yang Jian-wen,heng Lin
Computer Network Security and Technology Research
Wu Junqi, Hu Zhengbing
Study of Intrusion Detection Systems (IDSs) in Network Security
A.A. Ghorbani et al
Network Intrusion Detection and Prevention: Concepts and Techniques,
Hung-Jen Liao , Chun-Hung Richard Lin , Ying-Chih Lin , Kuang-Yuan Tung
Intrusion detection system: A comprehensive review
M. Embrechts Rensselaer Polytechnic Institute
Network-Based Intrusion Detection Using Neural
Gaby Abou Haidar,Charbel Boustany
High Perception Intrusion Detection Systems Using Neural Networks
Heena Saini (SPUP) Network Security September 27, 2016 16 / 17