1 / 17

Intrusion detection system

Intrusion detection system. Overview of intrusion detection system. What is intrusion? What is intrusion detection ? What is intrusion detection system Functions of IDS. Process models of intrusioin detection. Information sources Analysis Response. IDS Architecture.

paxton
Download Presentation

Intrusion detection system

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion detection system

  2. Overview of intrusion detection system • What is intrusion? • What is intrusion detection ? • What is intrusion detection system • Functions of IDS

  3. Process models of intrusioin detection • Information sources • Analysis • Response

  4. IDS Architecture • Architecture collection/storage unit. • Processing unit. • Alarm/response units.

  5. Information sources • NIDS(network based IDs) • HIDS(host based IDS) • Application based IDS.

  6. IDS Analysis/Techniques • Misuse detection • Anomaly detection • Specification-based detection

  7. Misuse detection • Analyzes system activity • Matches the patterns of activity of a system to that of an attack • Advantages • Disadvantages

  8. Anomaly detection • Identifies abnormal usual behavior. • Matches the attack with normal pattern. • Advantages • Disadvantages

  9. Specificationbaseddetection • Combines anomaly & misuse detection. • Advantages. • Disadvantages.

  10. Tools for IDS

  11. Deploying IDS • Deployment of NIDS. • Deployment of HIDS .

  12. Deployment of NIDS • Figure • Location 1 • Location 2 • Location 3 • Location 4

  13. Deployment of HIDS .

  14. Strength of IDS • Monitoring and analysis of system events and user behavior. • Testing the security states of system configuration. • Tracking any changes to the baseline of the security system. • Recognizing patterns of the system events that corresponding to known attacks • Recognizing patterns of normal activity.

  15. Limitations • Detecting newly published attacks • Automatically investigating attacks without human interventions. • Detecting attacks in heavily loaded networks.

  16. Challenges with IDS • Protecting IDS from attacks. • Too many false alarms. • Choosing grid IDS policy.

  17. Thank you

More Related