Professional Documents
Culture Documents
Intrusion Detection System
Intrusion Detection System
Intrusion Detection System
ON
INTRUSION DETECTION
SYSTEM
NAME: ASHIK ATHREYA M S
USN: 4MH18CS014
GUIDE NAME: DR. WAHIDA BANU
ASSOC PROF, DEPT OF CSE, MITM
BATCH NO- 023
CONTENTS
• Introduction
• Literature Survey
• Concepts
• Applications
• Comparisons
• Advantages and drawbacks
• Result Analysis
• Conclusion
• Future Work
• References
DEPT OF CSE, MITM 2
INTRODUCTION
• Place a firewall at every junction of network zones, not just at the network edge. If you can’t deploy full-fledged
firewalls everywhere, use the built-in firewall functionality of your switches and routers. Deploy anti-DDoS devices
or cloud services at the network edge. Carefully consider where to place strategic devices like load balancers – if they
are outside the Demilitarized Zone (DMZ), they won’t be protected by your network security apparatus.
• Network Address Translation (NAT) lets you translate internal IP addresses into addresses accessible on public
networks. You can use it to connect multiple computers to the Internet using a single IP address. This provides an extra
layer of security, because any inbound or outgoing traffic has to go through a NAT device, and there are fewer IP
addresses which makes it difficult for attackers to understand which host they are connecting to.
• Ensure you have complete visibility of incoming, outgoing and internal network traffic, with the ability to
automatically detect threats, and understand their context and impact. Combine data from different security tools to get
a clear picture of what is happening on the network, recognizing that many attacks span multiple IT systems, user
accounts and threat vectors.
DEPT OF CSE, MITM 9
COMPARISONS
• Comparison of IDS with Firewalls: :-
• IDS and firewall both are related to network security but an IDS differs from a firewall as a firewall
looks outwardly for intrusions in order to stop them from happening. Firewalls restrict access between
networks to prevent intrusion and if an attack is from inside the network it doesn’t signal. An IDS
describes a suspected intrusion once it has happened and then signals an alarm.
• Do not allow network users to access the Internet unchecked. Pass all requests through a transparent
proxy, and use it to control and monitor user behavior. Ensure that outbound connections are actually
performed by a human and not a bot or other automated mechanism. Whitelist domains to ensure
corporate users can only access websites you have explicitly approved.
• It monitors the working of routers, firewall, key servers and files. It uses its extensive attack signature
database, raises an alarm and sends appropriate notifications on detecting a breach. By using the
signature database, IDS ensures quick and effective detection of known anomalies with a low risk of
raising false alarms.
• It analyzes different types of attacks, identifies patterns of malicious content and help the
administrators to tune, organize and implement effective controls.
• It helps the company maintain regulatory compliance and meet security regulations as it provides
greater visibility across the entire network.
• Although IDS is typically a passive system, some active IDS can, along with detection and generating
alerts, block IP addresses or shut down access to restricted resources when an anomaly is detected.
• An IDS does not block or prevent attacks, they merely help to uncover them. Because of this, an IDS
needs to be part of a comprehensive plan that includes other security measures and staff who know
how to react appropriately.
• An IDS is immensely helpful for monitoring the network, but their usefulness all depends on what you
do with the information that they give you. Because detection tools don’t block or resolve potential
issues, they are ineffective at adding a layer of security unless you have the right personnel and policy
to administer them and act on any threats.
• The information from an IP packet is read by an IDS, but the network address can still be spoofed. If
an attacker is using a fake address, it makes the threat more difficult to detect and assess.
• One significant issue with an IDS is that they regularly alert you to false positives. In many cases false
positives are more frequent than actual threats. An IDS can be tuned to reduce the number of false
positives, however your engineers will still have to spend time responding to them. If they don’t take
care to monitor the false positives, real attacks can slip through or be ignored.
This curve shows the interaction between sensitivity and Results implies that, • Accuracy = 95.53% •
specificity which is inversely proportional. • The accuracy of Precision=98.94% • Sensitivity=96.51% •
the test depends on the left-hand boarder and after that top Specificity=1.7% Shape of DDoS attacks dataset: [225745
boarder of ROC space. • Likelihood ratio can be found from rows x 85 columns]
tangent line at a cut point which gives the output value of the
test. The area of this curve shows the text accuracy of the
measurement.
Deep Q network used for another dataset of port scan attack where we got 92% accuracy. • Accuracy =
92.32% • Precision=96.54% • Sensitivity=93.56% • Specificity=10.35%
DEPT OF CSE, MITM 15
RESULT ANALYSIS
Deep Q network used for another dataset of port scan attack where we got 89% accuracy. • Accuracy =
89.245% • Precision=95.93% • Sensitivity=92.34% • Specificity=10.1% Shape of Infiltration dataset:
[288602 rows x 85 columns
DEPT OF CSE, MITM 16
CONCLUSION
• The Intrusion detection system is the well known method for the detection of network attacks., this is a
system that monitors network traffic for suspicious activity and issues alerts when such activity is
discovered. And this has several advantages which leads to the enormous usage in network attacks as well
as in Device attacks
• Future work can be divided into two parts: on one hand, evaluating the two stage IDS performance in a
complex ICS scenario, which contains more controllers and actuators; on the other hand, refining the
two stage IDS to defend I/O data transfers based on Ethernet/IP.
• Sk. Tanzir Mehedi, Member, IEEE, Adnan Anwar, Member, IEEE, Ziaur Rahman, Member, IEEE,
KawsarAhmed, Member, IEEE, and Rafiqul Islam, Senior Member, IEEE. “Dependable Intrusion
Detection System for IoT: A Deep Transfer Learning-based Approach”. 2022.
• Idriss Idrissi, Mostafa Azizi, Omar Moussaoui “An unsupervised generative adversarial network
based-host intrusion detection system for internet of things devices.” 2021.
• Otmane Azeroual 1,* and Anastasija Nikiforova 2,3 “Apache Spark and MLlib-Based Intrusion
Detection System orHow the Big Data Technologies Can Secure the Data” 2022.
• Thi-Thu-Huong Le 1,2 , Haeyoung Kim 3, Hyoeun Kang 3 and Howon Kim 3, “Classification and
Explanation for Intrusion Detection System .Based on Ensemble Trees and SHAP Method”. 2022