SlideShare a Scribd company logo

Network intrusion detection system and analysis

Download as PPTX, PDF
Bikrant Gautam
Bikrant Gautam
Software
1 of 26
Network Intrusion Detection System And Analysis BIKRANT GAUTAM SECURITY AND CRYPTOGRAPHIC PROTOCOL – 606 SCSU 2015
Intrusion Detection System Overview What is Intrusion? Restricted Access to computer Infrastructure What is intrusion detection System? Mechanism to trace the intrusion Why is it required? Protect CIA triad How does IDS work?
Intrusion Detection System • Two IDS in this model • One external for monitoring external traffic • One internal for monitoring internal traffic
Types of IDS HIDs examine specific host-based actions, such as what applications are being used, what files are being accessed and what information resides in the kernel logs. NIDs analyze the flow of information between computers, i.e., network traffic. They essentially "sniff" the network for suspicious behavior.
NIDS Introduction Why NIDS? Monitor network traffic Alert the responsible personnel or the target Apply preventive measures-(Network Intrusion Prevention System)
NIDS Functionality How it works? Sniffing collect and inspect incoming traffic Protocol awareness protocol reassembly and normalization Alerting Send email / log events / Sending SNMP
Modes of Detection Signature Based Old method Compare data packets against known malicious sequence Protocol Awareness Compare the network packets against standard protocol Behavioral Analysis Recent Development Learn pattern, alert when pattern changes
Types of NIDS/NIPSs Commercial Check Point IPS, CISO IPS, IBM Security NIPS Roll on your own Free to use for users, SNORT, BRO
Output of NIDS/NIPS Depends upon the vendor General evidences/output Configuration: Configuration of devices being monitored Alert Data: Alert through text files emails sms Packet headers/flow Information: logged malicious packets headers Content Data: Captured full data packets Correlated Activates: Correlated event data
NIDS EXAMPLE SNORT The single most widely used IDS in the world. Signature Based Open Source Large support community
SNORT ARCHITECTURE Trucia Victor / url / http://truica-victor.com/snort-architecture/
SNORT CONFIGURATIONS RULES Rules written in a single line Rules are created with known intrusion signatures Stored in /etc/snort/rules Native alerts are stored in /var/log/snort Global values are stored at /etc/snort/snort.conf
Header Example rule header log tcp 192.168.1.12 123 -> 192.168.1.19 27
RULE BODY Rule Body Used to extract meta data about the events rule options: msg, sid, rev, reference Example:
SNORT EXAMPLES Snort rule alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:”ICMP PING”; icode:0; itype:8; classtype:misc-activity: sid:384; rev:5;) Snort packet IP 10.0.1.10 > 10.0.1.254: ICMP echo request, id 32335, seq 0, length 64 0x0000: 4500 0045 a023 ab00 87ef 0a00 abc8 01oe E . . T . . . . .@ . X . . . . . 0x0010: 3400 0145 02a3 acd0 84af 0000 dbc5 0101 .u . T . - &. . . . . . . . . . I Snort Alert [**] [1:384:5] ICMP PING [**] [Classification: Misc Activity] [Priority: 3] 04/13 - 03:12:08.359790 10.0.1.10 -> 10.0.1.254 ICMP TTL:64 TOS: 0X0 ID:38125 IpLen:20 DmgLen:84 Type:8 Code:0 ID:32335 Seq:1 ECHO Malicious Packet Snort rule to capture malicious packet Alert Fired
Challenges with current NIDS SNORT/Signature based More processing for packet logging Requires high disk capacity to log information
Conclusion NIDS/NIPS are the first step on against malicious activities Investigators leverage evidence from NIDS to find the root of the problem Field of further study and research
Case Study
Case Study Corresponding packet analysis SNORT ALERT Corresponding Packet
Case Study Further exploring the Packet content Packet Content Analysis:
Case Study Analysis of HEX Values
Case Study Further Action:
Case Study Further analysis of Target IP (192.168.1.69) Searching all the alerts related with this IP Count of Malicious Alert for same IP Alert Message
Case Study Alert Message Analysis: The alert TCP windows scale option found with length > 14 Findings:
Case Study Investigation Findings and Conclusion Further Steps
Thank you

Recommended

Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAkhil Kumar
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortDisha Bedi
 

Recommended

Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAkhil Kumar
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortDisha Bedi
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project ReportRaghav Bisht
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemOECLIB Odisha Electronics Control Library
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention SystemVishwanath Badiger
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
Intrusion prevention systems
Intrusion prevention systemsIntrusion prevention systems
Intrusion prevention systemssamis
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion DetectionGregory Hanis
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Network-Based Intrusion Detection System
Network-Based Intrusion Detection SystemNetwork-Based Intrusion Detection System
Network-Based Intrusion Detection Systemjohnb0118
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 

More Related Content

What's hot

Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project ReportRaghav Bisht
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
Intrusion prevention systems
Intrusion prevention systemsIntrusion prevention systems
Intrusion prevention systemssamis
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 

What's hot (20)

Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networks
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project Report
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
 
Intrusion prevention systems
Intrusion prevention systemsIntrusion prevention systems
Intrusion prevention systems
 
Dmz
Dmz Dmz
Dmz
 
Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 

Viewers also liked

Network-Based Intrusion Detection System
Network-Based Intrusion Detection SystemNetwork-Based Intrusion Detection System
Network-Based Intrusion Detection Systemjohnb0118
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...Migrant Systems
 
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypots
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypotsCehv8 - Module 17: Evading, IDS, firewalls, and honeypots
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypotsVuz Dở Hơi
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDSMichael Boman
 
Using Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionUsing Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionSagar Uday Kumar
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Introduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsIntroduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsPaul Green
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)shraddha_b
 
Network Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionNetwork Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionPramod M Mithyantha
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
How to Present Data in PowerPoint
How to Present Data in PowerPointHow to Present Data in PowerPoint
How to Present Data in PowerPointMatt Hunter
 
Firewall
FirewallFirewall
FirewallApo
 
My research proposal.ppt
My research proposal.pptMy research proposal.ppt
My research proposal.pptnanimamat
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)david rom
 

Viewers also liked (17)

Network-Based Intrusion Detection System
Network-Based Intrusion Detection SystemNetwork-Based Intrusion Detection System
Network-Based Intrusion Detection System
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
 
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
 
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypots
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypotsCehv8 - Module 17: Evading, IDS, firewalls, and honeypots
Cehv8 - Module 17: Evading, IDS, firewalls, and honeypots
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDS
 
Using Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionUsing Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion Detection
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Introduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsIntroduction To Intrusion Detection Systems
Introduction To Intrusion Detection Systems
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 
Network Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionNetwork Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure Selection
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
How to Present Data in PowerPoint
How to Present Data in PowerPointHow to Present Data in PowerPoint
How to Present Data in PowerPoint
 
Firewall
FirewallFirewall
Firewall
 
My research proposal.ppt
My research proposal.pptMy research proposal.ppt
My research proposal.ppt
 
FireWall
FireWallFireWall
FireWall
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)
 

Similar to Network intrusion detection system and analysis

IDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxIDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxaskaripayalo
 
Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemnewbie2019
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Deepak Mishra
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityAPNIC
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...skpatel91
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...skpatel91
 
An analysis of Network Intrusion Detection System using SNORT
An analysis of Network Intrusion Detection System using SNORTAn analysis of Network Intrusion Detection System using SNORT
An analysis of Network Intrusion Detection System using SNORTijsrd.com
 
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Disha Bedi
 
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...Disha Bedi
 
INSECS: Intelligent networks security system
INSECS: Intelligent networks security systemINSECS: Intelligent networks security system
INSECS: Intelligent networks security systemNadun Rajasinghe
 
Chapter-3-Intrusion-Detection-Systems-part-1.ppt
Chapter-3-Intrusion-Detection-Systems-part-1.pptChapter-3-Intrusion-Detection-Systems-part-1.ppt
Chapter-3-Intrusion-Detection-Systems-part-1.pptmadin20232022
 
Snort
SnortSnort
Snortnazzf
 
A Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network SecurityA Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network SecurityIRJET Journal
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
Cryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfCryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfahmeddeath6
 
All About Snort
All About SnortAll About Snort
All About Snort28pranjal
 

Similar to Network intrusion detection system and analysis (20)

IDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxIDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptx
 
Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection system
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
 
Snort
SnortSnort
Snort
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
 
6
66
6
 
An analysis of Network Intrusion Detection System using SNORT
An analysis of Network Intrusion Detection System using SNORTAn analysis of Network Intrusion Detection System using SNORT
An analysis of Network Intrusion Detection System using SNORT
 
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
 
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...
 
INSECS: Intelligent networks security system
INSECS: Intelligent networks security systemINSECS: Intelligent networks security system
INSECS: Intelligent networks security system
 
snort.ppt
snort.pptsnort.ppt
snort.ppt
 
Chapter-3-Intrusion-Detection-Systems-part-1.ppt
Chapter-3-Intrusion-Detection-Systems-part-1.pptChapter-3-Intrusion-Detection-Systems-part-1.ppt
Chapter-3-Intrusion-Detection-Systems-part-1.ppt
 
Snort
SnortSnort
Snort
 
A Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network SecurityA Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network Security
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
Cryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfCryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdf
 
All About Snort
All About SnortAll About Snort
All About Snort
 
Snort
SnortSnort
Snort
 

Recently uploaded

The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 

Recently uploaded (20)

The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 

Network intrusion detection system and analysis

  • 1. Network Intrusion Detection System And Analysis BIKRANT GAUTAM SECURITY AND CRYPTOGRAPHIC PROTOCOL – 606 SCSU 2015
  • 2. Intrusion Detection System Overview What is Intrusion? Restricted Access to computer Infrastructure What is intrusion detection System? Mechanism to trace the intrusion Why is it required? Protect CIA triad How does IDS work?
  • 3. Intrusion Detection System • Two IDS in this model • One external for monitoring external traffic • One internal for monitoring internal traffic
  • 4. Types of IDS HIDs examine specific host-based actions, such as what applications are being used, what files are being accessed and what information resides in the kernel logs. NIDs analyze the flow of information between computers, i.e., network traffic. They essentially "sniff" the network for suspicious behavior.
  • 5. NIDS Introduction Why NIDS? Monitor network traffic Alert the responsible personnel or the target Apply preventive measures-(Network Intrusion Prevention System)
  • 6. NIDS Functionality How it works? Sniffing collect and inspect incoming traffic Protocol awareness protocol reassembly and normalization Alerting Send email / log events / Sending SNMP
  • 7. Modes of Detection Signature Based Old method Compare data packets against known malicious sequence Protocol Awareness Compare the network packets against standard protocol Behavioral Analysis Recent Development Learn pattern, alert when pattern changes
  • 8. Types of NIDS/NIPSs Commercial Check Point IPS, CISO IPS, IBM Security NIPS Roll on your own Free to use for users, SNORT, BRO
  • 9. Output of NIDS/NIPS Depends upon the vendor General evidences/output Configuration: Configuration of devices being monitored Alert Data: Alert through text files emails sms Packet headers/flow Information: logged malicious packets headers Content Data: Captured full data packets Correlated Activates: Correlated event data
  • 10. NIDS EXAMPLE SNORT The single most widely used IDS in the world. Signature Based Open Source Large support community
  • 11. SNORT ARCHITECTURE Trucia Victor / url / http://truica-victor.com/snort-architecture/
  • 12. SNORT CONFIGURATIONS RULES Rules written in a single line Rules are created with known intrusion signatures Stored in /etc/snort/rules Native alerts are stored in /var/log/snort Global values are stored at /etc/snort/snort.conf
  • 13. Header Example rule header log tcp 192.168.1.12 123 -> 192.168.1.19 27
  • 14. RULE BODY Rule Body Used to extract meta data about the events rule options: msg, sid, rev, reference Example:
  • 15. SNORT EXAMPLES Snort rule alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:”ICMP PING”; icode:0; itype:8; classtype:misc-activity: sid:384; rev:5;) Snort packet IP 10.0.1.10 > 10.0.1.254: ICMP echo request, id 32335, seq 0, length 64 0x0000: 4500 0045 a023 ab00 87ef 0a00 abc8 01oe E . . T . . . . .@ . X . . . . . 0x0010: 3400 0145 02a3 acd0 84af 0000 dbc5 0101 .u . T . - &. . . . . . . . . . I Snort Alert [**] [1:384:5] ICMP PING [**] [Classification: Misc Activity] [Priority: 3] 04/13 - 03:12:08.359790 10.0.1.10 -> 10.0.1.254 ICMP TTL:64 TOS: 0X0 ID:38125 IpLen:20 DmgLen:84 Type:8 Code:0 ID:32335 Seq:1 ECHO Malicious Packet Snort rule to capture malicious packet Alert Fired
  • 16. Challenges with current NIDS SNORT/Signature based More processing for packet logging Requires high disk capacity to log information
  • 17. Conclusion NIDS/NIPS are the first step on against malicious activities Investigators leverage evidence from NIDS to find the root of the problem Field of further study and research
  • 19. Case Study Corresponding packet analysis SNORT ALERT Corresponding Packet
  • 20. Case Study Further exploring the Packet content Packet Content Analysis:
  • 23. Case Study Further analysis of Target IP (192.168.1.69) Searching all the alerts related with this IP Count of Malicious Alert for same IP Alert Message
  • 24. Case Study Alert Message Analysis: The alert TCP windows scale option found with length > 14 Findings:
  • 25. Case Study Investigation Findings and Conclusion Further Steps