intrusion detection approaches and techniques n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Intrusion Detection Approaches and Techniques PowerPoint Presentation
Download Presentation
Intrusion Detection Approaches and Techniques

Loading in 2 Seconds...

play fullscreen
1 / 16

Intrusion Detection Approaches and Techniques - PowerPoint PPT Presentation


  • 158 Views
  • Uploaded on

Intrusion Detection Approaches and Techniques. Meikang Qiu Chang-en Yang Dept. of Computer Science University of Texas at Dallas. Introduction. Intrusion Detection Intrusion: il legal action unauthorized access Intruder: External

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Intrusion Detection Approaches and Techniques' - liam


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
intrusion detection approaches and techniques

Intrusion Detection Approaches and Techniques

Meikang Qiu

Chang-en Yang

Dept. of Computer Science

University of Texas at Dallas

introduction
Introduction
  • Intrusion Detection
    • Intrusion: illegal action

unauthorized access

    • Intruder: External

Internal

    • Detection: prevent intrusion

UTD Qiu & Yang

anti intrusion techniques

Control Center Response to intrusion

Reference

Data

Configuration

Data

Monitored

system

Control

Center

Audit

collection

Audit

storage

Processing

(Detection)

ALARM

Active/Processing

Data

Anti-intrusion techniques

UTD Qiu & Yang

types of intrusion detection
Types of Intrusion Detection
  • two major detection approaches:
    • Anomaly Detection
      • define correct static behavior
      • define acceptable dynamic behavior
      • detect wrongful changes
    • Misuse Detection (or Signature)
      • known intrusion pattern
      • monitor previous defined intrusion pattern

UTD Qiu & Yang

anomaly detection
Anomaly Detection
  • Two types:
    • Static anomaly detector
      • system code
      • Constant data
    • Dynamic anomaly detector
      • sequence of events
      • audit records

UTD Qiu & Yang

static anomaly detection
Static anomaly detection
  • techniques
    • Compare:

the archived state representation

computed current state

    • String match:

checksums, meta-data

message-digest algorithms

hash functions

UTD Qiu & Yang

dynamic anomaly detection
Dynamic anomaly detection
  • a base profile -- acceptable behavior:

- log-in time, log-in location, and favorite editor

- length of interactive session

- representative sequences of actions

  • Difficulties:

- Feature selection

- statistical way

UTD Qiu & Yang

misuse detection
Misuse Detection
  • Techniques
    • Aware of all the known vulnerabilities
    • Intrusion scenario
    • First generation
      • rule-based
    • second generation
      • state-based

UTD Qiu & Yang

rule based systems
Rule-Based Systems
  • Techniques
    • intrusion scenarios: a set of rules
    • knowledge base

- fact base

- rule base

    • Rule-fact binding

- fires

UTD Qiu & Yang

state based systems

Action

Actions

Action

Initial State

Transition State

Transition State

Compromi-sed State

State-based Systems
  • intrusion scenarios :

transitions between states

UTD Qiu & Yang

comparison of the two approaches
Comparison of the two approaches
  • Anomaly detection
    • Advantages:

- automatically learns, run unattended

- possible to catch novel intrusions

    • Disadvantages:

- unusual not mean illegal

  • Misuse Detection
    • Advantages

- “knows” correct behavior

    • Disadvantages

- can not detect novel intrusions

- difficult to define correct behavior

UTD Qiu & Yang

network intrusion detection
Network Intrusion Detection
  • Cooperative intrusion
  • Network-user Identification (NID) problem
  • Clock synchronization
  • Two types
    • Centralized analysis
    • Hierarchical analysis

UTD Qiu & Yang

centralized analysis
Centralized analysis
  • distributed, heterogeneous

audit collection

  • centralized analysis
  • well for smaller network
  • inadequate for larger networks
  • e.g. setuid shell intrusion in SunOS

UTD Qiu & Yang

decentralized hierarchical analysis
Decentralized (hierarchical) analysis
  • distributed audit data collection
  • distributed analysis
  • modeled as hierarchies
  • partition into domains

UTD Qiu & Yang

conclusions
Conclusions

- First generation:

single operating systems

- Second generation:

distributed systems

- Third generation:

heterogeneous networks

UTD Qiu & Yang

future trends
Future Trends
  • Future Trends

(Fourth generation)

- hybrid between anomaly and

misuse

- real time detection

- consider consumption of

resource

UTD Qiu & Yang