Professional Documents
Culture Documents
Intrusion Detection Systems: Prepared by Mr. S. Saravanan, Asst. Prof, Amrita School of Computing, Chennai
Intrusion Detection Systems: Prepared by Mr. S. Saravanan, Asst. Prof, Amrita School of Computing, Chennai
Prepared by
Mr. S. Saravanan,
Asst. Prof, Amrita School of Computing, Chennai
Definitions
Network-based ID involves looking at the packets on the
net-
work as they pass by some sensor.
Monitoring Networks and Hosts
Network Packets
tcpdump
BSM
Operating System
Events
Host-Based IDSs
• Using OS auditing mechanisms
– E.G., BSM on Solaris: logs all direct or indirect events
generated by a user
• Other problems …
it relies on pre-defined patterns (signatures) to identify
malicious activity in network traffic
Example for signatures in misuse detection
Consider a web application that uses SQL queries
to authenticate users. The application may have a
login page with the following SQL query to check
user credentials
SELECT * FROM users WHERE username = 'input_username'
AND password = 'input_password';
Intrusion intrusion
Patterns
activities