Intrusion Detection System

presented by,
GURUMUNI M
1JV07CS013

1
AGENDA
History.
WHAT’S AN IDS?
Security and Roles
Types of Violations.
Types of Detection
Types of IDS.
IDS issues.
Application.
History:
1970s - Observation by administrators
When an account is used
When/how much a resource is used

Early 1980s – Usage models

First proposed by Anderson (1980)
Based on accounting logs
Login frequency, volume data processed, etc.
Batch processing; not real time
What’s an IDS?
Any set of actions that attempt to compromise the
confidentiality, integrity, or availability of a computer
resource is called as ids.

Term is overloaded

Trying to detect a policy violation

4
COMPUTER SECURITY AND ROLES:
 Confidentiality: Transforming data such that only
authorized parties can decode it.
Authentication: Proving or disproving someone’s or
something’s claimed identity.
Integrity checking: Ensuring that data cannot be
modified without such modification .
being detectable
Non – repudiation: Proving that a source of some
data did in fact send data that he might later deny
sending
5
TYPES OF VIOLATIONS:
Attack
Attempts to exploit a vulnerability
Ex: denial of service, privilege escalation
Intrusion
Acts as another legitimate user
Misuse
User abuses privileges
Often called the “insider threat”

6
TYPES OF DETECTION:
Misuse detection
Built with knowledge of “bad” behaviors
Collection of signatures
Examine event stream for signature match

Anomaly detection
Built with knowledge of “normal” behaviors
Examine event stream for deviations from normal

7
SOME OF THE HACKING TOOLS:

8
Types of IDS
Primary Types:
Network IDS (NIDS)
Host IDS (HIDS)

Hybrid Types:
Per-Host Network IDS (PH-NIDS)
Load Balanced Network IDS (LB-NIDS)
Firewall IDS (FW-IDS)

9
NETWORK BASED (Advantages)
Can get information quickly without any
reconfiguration of computers.

Does not affect network or data sources

Monitor and detects in real time networks attacks or

misuses

Does not create system overhead

NETWORK BASED (Disavantages)
Cannot scan protocols if the data is encrypted

Hard to implement on fully switched networks

Has difficulties sustaining network with a very large

bandwidth
Naïve Simulation Network

Target Host

Test
Network

Attack
Attack Stream NIDS
Generator

12
What’s HAPPENING?
IN THE ABOVE FIG THERE ARE THREE COMPUTERS
1.TARGET HOST : IT IS ALSO A MAIN COMPUTER
AND CLIENT IS WORKING IN IT.

2.ATTACK GENERATOR : IT IS ALSO A CLIENT SIDE

COMPUTER BUT IT IS USED BY ATTACKER.

3.NIDS : IT MEANS NAÏVE SYSTEM USING THIS

SYSTEM THE HACKER TRIES TO HACK THE DATA
PRESENT IN TARGET HOST.
13
IDS ISSUES:
 Lack of Physical Wires

 Bandwidth Issues

 Difficulty of Anomaly and Normality Distinction

 Possibility of a Node Being Compromised

14
 ONTOLOGY SERVERS

ONTOLOGY IS AN MEDICAL APPROACH WHICH IS

IMPLEMENTED IN NETWORKS PLATFORM.

ONE OF THE APPROACH WHERE WE CAN PROVIDE HIGH

SECURITY IS BY USING ONTOLOGY SERVERS.

15
HOW IT WORKS?

 WENEVER THE DATA IS PRESENT IN ONE OR TWO SERVERS,THE

WORK BECOMES EASY FOR AN HACKER TO HACK THOSE DATA.

SO WAT ONTOLOGY SERVER DOES IS,IT SPLITS THE DATA

PRESENT IN MAIN SERVER TO FOUR SUB SERVERS.

16
CONTD……
SO WENEVER HACKER HACKS ANY SUBSERVER HE
WILL GET ONLY PARTIAL INFORMATION WHICH HE
CANNOT ENCRYPT OR DECRYPT IT.

IF SUPPOSE CLIENT SENDS AN API TO SERVER TO

SEND THE DATA WHICH IT SENT THEN THE MAIN
SERVER WILL SEND THE API’S TO SUBSERVER GATHER
THE INFORMATION AND SENDS IT BACK TO CLIENT.

17
ADVANTAGES:
1.IT PROVIDES HIGH SECURITY.
2.DATA LOSS IS LESS.

DIS ADVANTAGES:
1.TIME TAKEN IS MORE AND COST IS HIGH.
2.NEEDS MANY NUMBER OF SYSTEMS.

18
Conclusion:
BY MAKING USE OF ABOVE APPROACH WE CAN
PROVIDE HIGH SECURITY TO ANY EXISTING
SYSTEM.

WE CAN AVOID INTRUDERS INTRUDING THE

DATA.

19
FUTURE ENHANCEMENT:
There is a need for a COMPETENT analyst
Need someone that can fine tune the IDS in order to
avoid false positive or false negative
Must subscribe to popular advisories and security
newsletters such as bugtraq, CERT, GIAC, SANS, and
others
REFERENCES:
[1] Lidong Z., Zygmunt J. H., “Securing ad hoc
networks”, IEEE Network, Vol. 13,
No. 6, 1999, pp. 24-30.
[2] Sundaram A., "An Introduction to Intrusion
Detection",
http://www.acm.org/crossroads/xrds2-4/intrus.html
[3] Arbaugh W., Shankar N., Wan Y.C.J., “Your 802.11
Wireless Network Has No
Clothes”, University of Maryland, 30-Mar-2001.
 
21
THANK YOU

22