2. Agenda :
➔ What is intrusion detection?
➔ Objectives of Intrusion Detection System
➔ Types of intrusion detection systems
➔ How it works?
➔ Conclusion & future work
3. What is intrusion detection?
✔ Detecting unwanted intrusions on a network or a device
✔ Intrusion detection can be installed software or device that
monitors on network traffic.
✔ It is needed as burglar alarm system to commercial buildings.
4. Objectives of IDS
➔ Identifying problems with security policies.
➔ Documenting existing threats.
➔ Preventing individuals from intruding
5. Types of Intrusion Detection Systems
Based on the scope of monitoring...
Network Based Intrusion Detection Systems
Host Based Intrusion Detection Systems
Intrusion
Detection
Systems
7. Host-Based Intrusion Detection System
✔ Its a software or device Installed on computer
it detects and informs
✔ Through Sensors ,It analyzes and stores system
calls,application logs,executable files,file-system
modifcations for evidence of intrusion.
✔ Alerts if it encounters any intrusion.
8. Sensors :
Collects the data from network packets,log files, system call
traces.
Forward the data to Analyzers.
Analyzer :
Analyzes whether intrusion has occured or not.
Output contains evidence supporting the intrusion report.
User interface :
End user view, through this user can control and configure the
system.
Host-Based Intrusion Detection System
11. Patten matching
Detecting intrusion based on 'patterns'
Analogous to :
Identifying the criminal by fingerprint process.
Process :
✔ Install software with various pre-defined patterns of attacks.
✔ IDS matches the intruder pattern with pre-defined pattens.
✔ If match found,IDS reports intrusion.
✔ Patterns in software must be kept up to date.
Drawback:
● It fails to to catch the new attack to which software has no
defined pattern to match
12. This is how it works....
Intruder / Attacker
Pre-Defined patterns
Is
Match
found?
Intruder
Pattern
Notify
Intrusion Detected
Grant Access
Yes No
13. Statistical Anomalies
✔ Generating a signature of normal behaviour for each user with
sequence of commands that they type in.
✔ With signature of all the frequent command traces of a user
types, we can compare future command traces.
✔ IDS notifies immediately if anomalies actions detected.
✔ Sequence of commands that user frequently type in.
✔ Ex:open directory,text editor,check mail,compile a program,
14. Future work
Our future work would be on INTRUSION PREVENTION
through following methods:
➔ SMS configuration when log in
➔ Setting Hardware address for remote login for better support to
username and password scenario.
➔ Analysis Using Snapshots.
➔Using image capturing techinique
15. Conclusion
✔ Data is everything..!
✔ We must protect their data.
✔ IDS is to monitoring, detecting, and responding to security
threats.
✔ IDS has gone through many iterations for efficient use to
protect single byte of data not to get hacked.