Scribd Logo
Upload

Welcome to Scribd!

  • Seminar Ids

    Uploaded by

    udisha
    24 views19 pages
    The document discusses intrusion detection systems (IDS). It begins by defining intrusions and how they can occur on a network. It then explains different types of intrusions like asymmetric routing and buffer overflows. It describes what an IDS is and how it monitors network traffic to detect suspicious activity. There are different types of IDS classified based on where they are installed like network IDS (NIDS) and host IDS (HIDS). The common detection methods used by IDS are signature-based, which detects known patterns, and anomaly-based, which detects unknown threats. IDS provides visibility into network activity but cannot prevent attacks. While helpful, IDS also have disadvantages like producing false alarms and requiring experienced staff.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses intrusion detection systems (IDS). It begins by defining intrusions and how they can occur on a network. It then explains different types of intrusions like asymmetric routing and buffer overflows. It describes what an IDS is and how it monitors network traffic to detect suspicious activity. There are different types of IDS classified based on where they are installed like network IDS (NIDS) and host IDS (HIDS). The common detection methods used by IDS are signature-based, which detects known patterns, and anomaly-based, which detects unknown threats. IDS provides visibility into network activity but cannot prevent attacks. While helpful, IDS also have disadvantages like producing false alarms and requiring experienced staff.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    24 views19 pages

    Seminar Ids

    Uploaded by

    udisha
    The document discusses intrusion detection systems (IDS). It begins by defining intrusions and how they can occur on a network. It then explains different types of intrusions like asymmetric routing and buffer overflows. It describes what an IDS is and how it monitors network traffic to detect suspicious activity. There are different types of IDS classified based on where they are installed like network IDS (NIDS) and host IDS (HIDS). The common detection methods used by IDS are signature-based, which detects known patterns, and anomaly-based, which detects unknown threats. IDS provides visibility into network activity but cannot prevent attacks. While helpful, IDS also have disadvantages like producing false alarms and requiring experienced staff.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 19

    Intrusion Detection System

    CONTENTS
    1. Intrusion and Intrusion Detection
    2. Different ways to Intrude a Network
    3. What is IDS?
    4. Example of IPS in a Company
    5. Classification of Intrusion Detection System
    6. Detection Methods of IDS
    7. Advantages of IDS
    8. Disadvantage of IDS
    9. Future of IDS
    Intrusion and Intrusion
    Detection
    • Intrusion : Attempting to break into or misuse
    your system.

    • A network intrusion refers to any unauthorized


    activity on a digital network

    • Intruders may be from outside the network or


    legitimate users of the network 

    • Intrusion can be a physical, system or remote


    intrusion.
    Different ways to Intrude a
    Network
    • Asymmetric Routing - The attacker attempts to
    utilize more than one route to the targeted
    network device.
    • Buffer overflows Attacks - Attackers exploit buffer
    overflow issues by overwriting the memory of an
    application.
    • Protocol-Specific Attacks - The protocols like IP,
    TCP may inadvertently leave openings for
    network intrusions via protocol impersonation.
    • Traffic Flooding - In a congested and chaotic
    network environment, attackers can sometimes
    execute an undetected attack and even trigger an
    undetected "fail-open" condition.
    What is IDS?
    •An Intrusion Detection System (IDS) is a system that monitors network traffic
    for suspicious activity and issues alerts when such activity is discovered.
    • Any malicious venture or violation is normally reported either to an
    administrator or collected centrally using a security information and event
    management (SIEM) system.
    • Intrusion prevention systems monitor network packets inbound the system
    to check the malicious activities involved in it and at once sends the warning
    notifications.
    Example of IPS in a Company
    Classification of
    Intrusion Detection
    System
    IDS are classified into 5 types:

    • Network Intrusion Detection System


    (NIDS)
    • Host Intrusion Detection System
    (HIDS)
    • Protocol-based Intrusion Detection
    System (PIDS)
    • Application Protocol-based
    Intrusion Detection System (APIDS)
    • Hybrid Intrusion Detection System
    Network Intrusion Detection System (NIDS)

    NIDS are set up at a planned point


    within the network to examine traffic
    from all devices on the network. It
    performs an observation of passing
    traffic on the entire subnet and
    matches the traffic that is passed on
    the subnets to the collection of known
    attacks.
    Host Intrusion Detection System (HIDS)

    HIDS run on independent hosts or devices


    on the network. A HIDS monitors the
    incoming and outgoing packets from the
    device only and will alert the administrator
    if suspicious or malicious activity is
    detected. It takes a snapshot of existing
    system files and compares it with the
    current system files snapshot.
    Protocol-based Intrusion Detection System (PIDS)

    PIDS comprises of a system or agent that


    would consistently resides at the front end
    of a server, controlling and interpreting the
    protocol between an user/device and the
    server. It is trying to secure the web server
    by regularly monitoring the HTTPS
    protocol stream and accept the related
    HTTP protocol.
    Application Protocol-based Intrusion Detection
    System (APIDS)

    Application Protocol-based Intrusion


    Detection System (APIDS) is a system or
    agent that generally resides within a group
    of servers. It identifies the intrusions by
    monitoring and interpreting the
    communication on application specific
    protocols.
    Hybrid Intrusion Detection System

    Hybrid intrusion detection system is made


    by the combination of two or more
    approaches of the intrusion detection
    system. In the hybrid intrusion detection
    system, host agent or system data is
    combined with network information to
    develop a complete view of the network
    system.
    Detection An IDS can only detect an
    Methods of IDS attack. It cannot prevent
    attacks. An attack is any
    attempt to compromise
    • Signature-based confidentiality, integrity, or
    Method availability.
    There are two types of
    • Anomaly-based detection methods.
    Method
    Signature-based
    Signature-based IDS detects
    Method the attacks on the basis of the
    specific patterns such as
    number of bytes in the
    network traffic. It also detects
    on the basis of the already
    known malicious instruction
    sequence that is used by the
    malware. The detected
    patterns in the IDS are known
    as signatures.
    Anomaly-based
    Anomaly-based IDS was
    Method introduced to detect the
    unknown malware attacks as
    new malware are developed
    rapidly. In anomaly-based IDS
    there is use of machine learning
    to create a trustful activity
    model and anything coming is
    compared with that model and
    it is declared suspicious if it is
    not found in model.
    • Visibility.
    An IDS provides a clear view of what's going on within your network. It is a
    valuable source of information about suspicious or malicious network traffic.

    • Defense.

    Advantages An IDS adds a layer of defense to your security profile, providing a useful
    backstop to some of your other security measures.

    Of • Tracking of virus propagation.

    IDS When a virus first hits your network, an IDS can tell you which machines it
    compromised, as well as how it is propagating through the network to infect
    other machines.

    • Evidence.
    A properly configured IDS can produce data that can form the basis for a civil
    or criminal case against someone who misuses your network.
    • More maintenance.
    When you install it, it will require additional maintenance effort and will not
    remove much, if any, of the existing virus.

    • False positives.

    Disadvantages IDSs are famous for setting off false positives-sounding the alarm when
    nothing is wrong.

    Of • False negatives.

    IDS IDSs can also miss intrusions. Technologies are improving, but IDSs don't
    always catch everything.

    • Staff requirements.
    Properly managing an IDS requires experienced staff. The less experienced
    your staff are, the more time they will spend responding to false positives.
    Future of IDS
    • Introducing cloud-centric product
    development
    • Shift from product- to service-
    focused models
    • Growing connectivity
    • Wireless, two-way communication
    THANK YOU!!

    Presented By -
    Name: Udisha Mandal
    Section: CS3E
    Roll No:76
    Enrollment No:12018009019108

    You might also like