Intrusion Detection System

UNIT-2
Contents

Classes of Attacks
Network Layer Attack
Application Layer Attacks
Human Layer Attacks
Classes of attackers
Introduction
 An attack can be defined as any method, process, or means used to
maliciously attempt to compromise security.
Introduction
• In May 2000, the Internet Engineering Task Force defined attack in RFC 2828 as:

“An assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate
attempt (especially in the sense of a method or technique) to evade security services and violate the
security policy of a system.”

• CNSS Instruction No. 4009 dated 26 April 2010 by Committee on National Security Systems of the
United States of America defines an attack as:

“Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system
resources or the information itself.”

• The increasing dependency of modern society on information and computer networks (both in private and
public sectors, including the military)has led to new terms like cyber attack and cyberwarfare.

• CNSS Instruction No. 4009 define a cyber attack as:

“An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting,
disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the
integrity of the data or stealing controlled information.”
 Security Attacks/Threats
These are actions that compromise the security of
information owned or transferred by an entity. Attacks
can be one of 4 forms:
• Interruption
• Interception
• Modification
• Fabrication
Type Of Attacks/Threats

Information Information
source (a) Normal Flow Destination

I
I

(b) Interruption (d) Fabrication

I I

(c) Modification (e) Interception

Classes Of Attacks

 ACTIVE ATTAC
K

 PASSIVE
ATTACK
Active and Passive Attacks
Attack/threats

Active threats
Passive threats

Interception
Interruption Modification Fabrication
(Availability) (Integrity) (authentication)

Denial of Service Message modification Masquerade

Release of message Traffic analysis

contents
Active Attack and Passive
Attack
PASSIVE ATTACKS
Passive
Attack
Passive attack tries to read or make use of information from the system but does not
influence system resources.
Passive • A passive attack is a network attack in which a system
is monitored and sometimes scanned for open ports
and vulnerabilities. The purpose is solely to gain
information about the target and no data is changed

Attacks on the target.

• In passive reconnaissance, an intruder monitors
systems for vulnerabilities without interaction, through
methods like session capture(traffic analysis). In active
reconnaissance, the intruder engages with the target
system through methods like port scans.
Types of • Interception Attack
• Traffic Analysis
Attack

Passive

Attacks
Interception • The phenomenon of confidentiality plays an important
role in this type of attack. The data or message which is
sent by the sender is intercepted by an unauthorized
individual where the message will be changed to the
different form or it will be used by the individual for his
malicious process. So the confidentiality of the
message is lost in this type of attack.
• It is also known as “Release of message contents”.
Interception
 Traffic • Traffic
and
examining
analysis is the process of intercepting
messages in order to deduce information
from patterns in communication. It can be performed
even when the messages are encrypted and cannot be

Analysis decrypted. In general, the greater the number of

messages observed, or even intercepted and stored,
the more can be inferred from the traffic. Traffic
analysis can be performed in the context of military
intelligence or counter-intelligence, and is a concern in
computer security.
 Traffic

Analysis

Observe traffic pattern

ACT I VE ATTACKS
Active
Attack
 Active attack tries to change the system resources or affect their operation. Always
causes damage to the system.
 Active • An active attack is a network exploit in which a hacker
attempts to make changes to data on the target or
data en-route to the target.
• The purpose is to gain information about the target

Attacks and no data is changed. However, passive attacks are

often preparatory activities for active attacks.
Types of • Masquerade Attack
• Interruption Attack

Active • Fabrication Attack

Attacks • Session Replay Attack

• Modification Attack
• Denial of Service (DOS)
Attack
Masquerade • In a masquerade attack, the intruder pretends to be a
particular user of a system to gain access or to gain
greater privileges than they are authorized for. A

masquerade may be attempted through the use of stolen

login IDs and passwords, through finding security gaps in
programs or through bypassing the authentication
mechanism.
Interruption • This type of attack is due to the obstruction of any kind in
the communication process between one or more
systems. So the systems which are used become
unusable after this attack by the unauthorized users
which results in the wastage of systems.
Fabrication • In this type of attack a fake message is inserted into
the network by an unauthorized user as if it is a valid
user. This results in the loss of confidentiality,
authenticity and integrity of the message.

Fabricate message
Session • In a session replay attack, a hacker steals an authorized
user’s log in information by stealing the session ID.
The intruder gains access and the ability to do
anything the authorized user can do on the website.

Replay
Modification • In message modification attack, an intruder alters
packet header addresses to direct a message to a
different destination or modify the data on a target
machine.

Modify
message
Denial of • In a denial of service (DoS) attack, users are deprived of
access to a network or web resource. This is generally
accomplished by overwhelming the target with more
traffic than it can handle.

Service
(DOS)
Attacks on OSI Layer
What Are The 7 Layers Of Security?
 What Are The 7 Layers Of Security?
This question is a bit more complex than it first looks. Many readers may be familiar with the OSI Model, a
framework that many early cybersecurity adopters use to prescribe security solutions as related to a
networking system. Unfortunately, cybersecurity today goes far beyond a networking-only approach. Today,
cybersecurity traverses far beyond the network realm to the endpoint, perimeter, and the humans on the
other side.
That’s why cyber experts proposed a new model that looks at cybersecurity more holistically.
The 7 layers of cybersecurity should center on the mission critical assets we are seeking to protect.
1: Mission Critical Assets – This is the data you need to protect*
2: Data Security – Data security controls protect the storage and transfer of data.
3: Application Security – Applications security controls protect access to an application, an application’s
access to your mission critical assets, and the internal security of the application.
4: Endpoint Security – Endpoint security controls protect the connection between devices and the network.
5: Network Security – Network security controls protect an organization’s network and prevent
unauthorized access of the network.
6: Perimeter Security – Perimeter security controls include both the physical and digital security
methodologies that protect the business overall.
7: The Human Layer – Humans are the weakest link in any cybersecurity posture. Human security controls
include phishing simulations and access management controls that protect mission critical assets from a wide
variety of human threats, including cyber criminals, malicious insiders, and negligent users.
Password Based
Attack
 An attack in which repetitive attempts are made to duplicate a
valid logon or password sequence.
Malware
Attack
DOS
ATTACK
MAN IN THE MIDDEL
ATTACK
IP SPOOFING
SQL INJECTION ATTACK
XSS
ATTACK
Network Attackers Tool(Penetration Testing Tool)

Metasploit Framework
Ettercap

sqlmap

Kali Linux

Social Engineering Tool Kit

Cain and Able

Network Attack Prevention Tips

 Install Software Updates

 Use Unique Password
 Use Two Factor AUTHENTICATION
 USE STRONG PASSSWORD
 USE A PASSWORD MANAGER
 Use a firewall for your Internet connection.
 Browse Safely Online
 Clear Browser after Leaving Computer