Intrusion Detection System

SEMINAR PRESENTATION
ON
INTRUSION DETECTION
SYSTEM
NAME: ASHIK ATHREYA M S
USN: 4MH18CS014
GUIDE NAME: DR. WAHIDA BANU
ASSOC PROF, DEPT OF CSE, MITM
BATCH NO- 023
CONTENTS
• Introduction
• Literature Survey
• Concepts
• Applications
• Comparisons
• Advantages and drawbacks
• Result Analysis
• Conclusion
• Future Work
• References
DEPT OF CSE, MITM 2
INTRODUCTION
• An Intrusion Detection System (IDS) is a system that monitors network

traffic for suspicious activity and issues alerts when such activity is discovered.
• It is a software application that scans a network or a system for the harmful
activity or policy breaching.
• Any malicious venture or violation is normally reported either to an administrator
or collected centrally using a security information and event management (SIEM)
system.
DEPT OF CSE, MITM 3

LITERATURE SURVEY
Serial No Published Year, Name of the paper Description
Publisher
1 2022. Dependable Intrusion Detection In this paper, we proposed a deep
Sk. Tanzir Mehedi, Member, System for IoT: A transfer learning-based dependable
IEEE, Adnan Anwar, Deep Transfer Learning-based intrusion detection model along with
Member, IEEE, Ziaur Approach improved performance in comparison
Rahman, Member, IEEE, to several other existing approaches.
Kawsar The overall accuracy of the proposed
Ahmed, Member, IEEE, and detection model is 87%,ensuring
Rafiqul Islam, Senior dependability and low time
Member, IEEE complexity.
2 2021. An unsupervised generative This proposed “EdgeIDS”
Idriss Idrissi, Mostafa Azizi, adversarial network based-host outperforms quantitatively state-of-
Omar Moussaoui intrusion detection system for the-art methods. The experimental
MATSI Research internet of things devices results in this study shed light on the
Laboratory, Ecole suggested method's capacity to detect
Supérieure de Technologie, anomalies traffic thus attacks in an
Mohammed First University, IoT environment. Because most IoT
Oujda, Morocco devices have limited capabilities, the
proposed “EdgeIDS” will be
compelled to analyze only the
network's inbound data in real-time.
DEPT OF CSE, MITM 4
LITERATURE SURVEY
Serial No Published Year, Publisher Name of the paper Description
3 2022 Apache Spark and MLlib- A prototype intrusion detection
Otmane Azeroual and Anastasija Based Intrusion Detection system is developed aimed at
Nikiforova System or detecting data anomalies through
How the Big Data machine learning by using the k-
Technologies Can Secure means algorithm for clustering
the Data analysis implemented in Sparks
MLlib.
4 2022. Classification and This paper aims to enhance the attack

Thi-Thu-Huong Le 1,2 , Haeyoung Explanation for Intrusion detection performance of
Kim 3, Hyoeun Kang 3 and Howon Detection System IDS with big IoT-based IDS datasets as
well as provide explanations of machine
Kim Based on Ensemble Trees
learning (ML) model
and SHAP Method predictions. The proposed ML-based IDS
method is based on the ensemble trees
approach, including
decision tree (DT) and random forest (RF)
classifiers which do not require high
computing resources
DEPT OF CSE, MITM
for training models. 5
CONCEPTS (TWO WAYS)
NIDS:- Network based Intrusion Detection System.
 Network based.
 Monitors, capture and analyze network traffic.
 Detect malicious data present in packets.
 Analysis: Matches traffic to the library of known attack
DEPT OF CSE, MITM 6

CONCEPTS
• HIDS:- Host based Intrusion Detection System
Host based.
Installed on individual host or device on network.
It monitors data packets from the device only and alert admin if suspicious activity is detected.
Files are detected and modified
DEPT OF CSE, MITM 7

APPLICATIONS
• NIDS: Tools Used:
 Snort
• Threat reporting.  Zeek.
• Anomaly detection.  Sagan.
 Suricata.
• Prevention system.  Security Onion.
 Open WIPS-NG
• Network traffic processing.
• Threat classification.
• Signature matching.
DEPT OF CSE, MITM 8

COMPARISONS
• Place Security Devices Correctly:-
• Place a firewall at every junction of network zones, not just at the network edge. If you can’t deploy full-fledged
firewalls everywhere, use the built-in firewall functionality of your switches and routers. Deploy anti-DDoS devices
or cloud services at the network edge. Carefully consider where to place strategic devices like load balancers – if they
are outside the Demilitarized Zone (DMZ), they won’t be protected by your network security apparatus.
• Use Network Address Translation :-
• Network Address Translation (NAT) lets you translate internal IP addresses into addresses accessible on public
networks. You can use it to connect multiple computers to the Internet using a single IP address. This provides an extra
layer of security, because any inbound or outgoing traffic has to go through a NAT device, and there are fewer IP
addresses which makes it difficult for attackers to understand which host they are connecting to.
• Monitor Network Traffic :-
• Ensure you have complete visibility of incoming, outgoing and internal network traffic, with the ability to
automatically detect threats, and understand their context and impact. Combine data from different security tools to get
a clear picture of what is happening on the network, recognizing that many attacks span multiple IT systems, user
accounts and threat vectors.
DEPT OF CSE, MITM 9
COMPARISONS
• Comparison of IDS with Firewalls: :-
• IDS and firewall both are related to network security but an IDS differs from a firewall as a firewall
looks outwardly for intrusions in order to stop them from happening. Firewalls restrict access between
networks to prevent intrusion and if an attack is from inside the network it doesn’t signal. An IDS
describes a suspected intrusion once it has happened and then signals an alarm.
• Regulate Access to the Internet via Proxy Server :-
• Do not allow network users to access the Internet unchecked. Pass all requests through a transparent
proxy, and use it to control and monitor user behavior. Ensure that outbound connections are actually
performed by a human and not a bot or other automated mechanism. Whitelist domains to ensure
corporate users can only access websites you have explicitly approved.
DEPT OF CSE, MITM 10

ADVANTAGES
• Implementing IDS can prove beneficial for a company as:
• It monitors the working of routers, firewall, key servers and files. It uses its extensive attack signature
database, raises an alarm and sends appropriate notifications on detecting a breach. By using the
signature database, IDS ensures quick and effective detection of known anomalies with a low risk of
raising false alarms.
• It analyzes different types of attacks, identifies patterns of malicious content and help the
administrators to tune, organize and implement effective controls.
• It helps the company maintain regulatory compliance and meet security regulations as it provides
greater visibility across the entire network.
• Although IDS is typically a passive system, some active IDS can, along with detection and generating
alerts, block IP addresses or shut down access to restricted resources when an anomaly is detected.

DRAWBACKS
• They Will Not Prevent Incidents By Themselves :-
• An IDS does not block or prevent attacks, they merely help to uncover them. Because of this, an IDS
needs to be part of a comprehensive plan that includes other security measures and staff who know
how to react appropriately.
• An Experienced Engineer Is Needed to Administer Them :-
• An IDS is immensely helpful for monitoring the network, but their usefulness all depends on what you
do with the information that they give you. Because detection tools don’t block or resolve potential
issues, they are ineffective at adding a layer of security unless you have the right personnel and policy
to administer them and act on any threats.

DRAWBACKS
• IP Packets Can Still Be Faked :-
• The information from an IP packet is read by an IDS, but the network address can still be spoofed. If
an attacker is using a fake address, it makes the threat more difficult to detect and assess.
• False Positives Are Frequent :-
• One significant issue with an IDS is that they regularly alert you to false positives. In many cases false
positives are more frequent than actual threats. An IDS can be tuned to reduce the number of false
positives, however your engineers will still have to spend time responding to them. If they don’t take
care to monitor the false positives, real attacks can slip through or be ignored.

RESULT ANALYSIS
This curve shows the interaction between sensitivity and Results implies that, • Accuracy = 95.53% •
specificity which is inversely proportional. • The accuracy of Precision=98.94% • Sensitivity=96.51% •
the test depends on the left-hand boarder and after that top Specificity=1.7% Shape of DDoS attacks dataset: [225745
boarder of ROC space. • Likelihood ratio can be found from rows x 85 columns]
tangent line at a cut point which gives the output value of the
test. The area of this curve shows the text accuracy of the
measurement.

RESULT ANALYSIS
Deep Q network used for another dataset of port scan attack where we got 92% accuracy. • Accuracy =
92.32% • Precision=96.54% • Sensitivity=93.56% • Specificity=10.35%
RESULT ANALYSIS
Deep Q network used for another dataset of port scan attack where we got 89% accuracy. • Accuracy =
89.245% • Precision=95.93% • Sensitivity=92.34% • Specificity=10.1% Shape of Infiltration dataset:
[288602 rows x 85 columns
CONCLUSION
• The Intrusion detection system is the well known method for the detection of network attacks., this is a
system that monitors network traffic for suspicious activity and issues alerts when such activity is
discovered. And this has several advantages which leads to the enormous usage in network attacks as well
as in Device attacks

FUTURE WORK
• Future work can be divided into two parts: on one hand, evaluating the two stage IDS performance in a
complex ICS scenario, which contains more controllers and actuators; on the other hand, refining the
two stage IDS to defend I/O data transfers based on Ethernet/IP.

REFERENCES
• Sk. Tanzir Mehedi, Member, IEEE, Adnan Anwar, Member, IEEE, Ziaur Rahman, Member, IEEE,
KawsarAhmed, Member, IEEE, and Rafiqul Islam, Senior Member, IEEE. “Dependable Intrusion
Detection System for IoT: A Deep Transfer Learning-based Approach”. 2022.
• Idriss Idrissi, Mostafa Azizi, Omar Moussaoui “An unsupervised generative adversarial network
based-host intrusion detection system for internet of things devices.” 2021.
• Otmane Azeroual 1,* and Anastasija Nikiforova 2,3 “Apache Spark and MLlib-Based Intrusion
Detection System orHow the Big Data Technologies Can Secure the Data” 2022.
• Thi-Thu-Huong Le 1,2 , Haeyoung Kim 3, Hyoeun Kang 3 and Howon Kim 3, “Classification and
Explanation for Intrusion Detection System .Based on Ensemble Trees and SHAP Method”. 2022

THANK YOU

Intrusion Detection System

Uploaded by

Copyright:

Available Formats

You might also like

Intrusion Detection System

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Intrusion Detection System

Uploaded by

Copyright:

Available Formats

SEMINAR PRESENTATION

• An Intrusion Detection System (IDS) is a system that monitors network

DEPT OF CSE, MITM 3

4 2022. Classification and This paper aims to enhance the attack

DEPT OF CSE, MITM 6

DEPT OF CSE, MITM 7

DEPT OF CSE, MITM 8

• Use Network Address Translation :-

• Monitor Network Traffic :-

• Regulate Access to the Internet via Proxy Server :-

DEPT OF CSE, MITM 10

DEPT OF CSE, MITM 11

• An Experienced Engineer Is Needed to Administer Them :-

DEPT OF CSE, MITM 12

• False Positives Are Frequent :-

DEPT OF CSE, MITM 13

DEPT OF CSE, MITM 14

DEPT OF CSE, MITM 17

DEPT OF CSE, MITM 18

DEPT OF CSE, MITM 19

DEPT OF CSE, MITM 20

You might also like