23-05-2014, 11:58 AM
A SEMINAR ON INTRUSION DETECTION SYSTEM
INTRUSION DETECTION.pptx (Size: 476.82 KB / Downloads: 14)
INTRODUCTION
Intrusion is any use or attempted use of a system that exceeds authentication limits.
Intrusions are similar to incidents
An incident does not necessarily involve an active system or network device, an intrusion does
Intrusion Detection System (IDS) can be either software or hardware based that monitors network activity and delivers an alert if it notices suspicious activity.
DETECTING INTRUDERS
An IDS monitors system activity in some way.
When it detects suspicious activity, it performs an action.
Action is usually an alert of some type
E-mail, cell phone, audible alert, etc. to a person or process
For highly sensitive systems, out-of-band channel is used
All IDS systems continuously sample system activity and compare the samples to a database.
Network Intrusion Detection System (NIDS)
Identifies intrusions by examining network traffic and monitors multiple hosts.
Gain access to network traffic by connecting to a network hub, network switch.
Sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders.
Host-Based Intrusion Detection System (HIDS)
consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications.
In a HIDS, sensors usually consist of a software agent. Some application-based IDS are also part of this category.
Host-based IDS examines all traffic and activity for a particular machine
Can examine system log files as well as inbound and outbound packets
Each system requires its own IDS
Statistical Anomaly-Based IDS
A statistical anomaly-based IDS determines normal network activity like what sort of bandwidth is generally used, what protocols are used, what ports and devices generally connect to each other- and alert the administrator or user when traffic is detected which is anomalous(not normal).
Observe traffic during normal operation.
Create normal traffic profile.
Doesn’t rely on having previous knowledge of attack.
CONCLUSION
An intrusion detection system is a crucial part of the defensive operations that complements the static defenses such as firewalls.
Future advances in IDS are likely to continue to integrate more information from multiple sources (sensor fusion) making further use of artificial intelligence to minimize the size of log files necessary to support signature databases.
Human intervention, however, is certainly necessary and set to continue for the foreseeable future.