1 intrusion detection “intrusion detection is the process of identifying and responding to...

1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

Upload: myles-cain

Post on 19-Jan-2016

214 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Intrusion Detection

“Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

IDS vs. Surveillance Camera

• Constant vigilance

• Stealth Design

• Infrastructure support

• Adversary belief

Page 3: 1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

Basic concepts

• Monitor

• Report

• Respond

The Seven Fundamentals

1. What are the methods used

2. How are IDS organized

3. What is an intrusion

4. How do we trace and how do they hide

5. How do we correlate information

6. How can we trap intruders

7. Incident response

Page 5: 1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

What are the methods used by IDS?• Audit trail processing

– Use log file from various processes– Proper collection and consolidations of logs

• On-the-fly processing– Mostly network based– Looks at raw traffic– Tries to find known “signatures”

Page 6: 1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

What are the methods used by IDS? (cont.)• Profiles of normal behavior

– Estimation of initial behavior– Fine-tuning– Using out-of-band information

• Signatures of abnormal behavior– Known attacks– Suspicious patterns

• Parameter pattern matching or anomaly discovery

Page 7: 1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

How are IDS organized

• Architecture

• CIDF

Page 8: 1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

How are IDS organized (cont.)

• Sensor• System Management (custom, SYSlog, SNMP, …

etc.)• Processing (Analysis)• Knowledge Bases• Audits and Archives• Alarms (Static and Dynamic)• User interface (GUI, tail –f, …etc.)

Page 9: 1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

What is an Intrusion

• Intrusion vs. attack

“Sequence of actions that maybe interleaved with other unrelated actions”

Page 10: 1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

How do we trace and how do they hide• In-band techniques

– May use cryptography, weaving approaches, compromised systems, ..etc

• Out-of-band techniques– Public access areas: Cyber cafes, telephony

techniques, ..etc.

Page 11: 1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

How do we correlate information

• Single sessions and multiple session correlation

• Real time vs. After the fact correlation

• In-band vs. all-band information

Page 12: 1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

How can we trap intruders

• Real systems

• Trap systems

• IDS diverting

Page 13: 1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

Incident response

• Ignore the problem, and hope it goes away• Panic• Consider the real factors:

– Does the incident involve critical assets– Has it occurred before– It is still going on– Has damage occurred– What policies and procedures have been violated– Are traps available for use

d Defending against Intrusion of Malicious UAVs with

Intrusion Detection and Malware Analysis - Introduction to ...Backdoor:remote access to compromized computers (especially used in botnets) Downloader:installation of malicious content

INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION

Intrusion Detection System for Detecting Malicious Nodes in

Technical Report - Intrusion Detection Systemtrap.ncirl.ie/2734/1/stephenkelly.pdf · Intrusion Detection System for Malicious Email Technical Report BSHC ... 3.1.2 Requirement 1:

Intrusion Detection System using AI and Machine Learning … · Intrusion detection systems are used for this purpose. An intrusion detection system can alert administrators of malicious

INTRUSION DETECTION SYSTEM (IDS) · 2015-07-02 · Intrusion detection system (IDS) Intrusion: Sequence related actions performed by a malicious adversary that results in the compromise

Detection Systems Signature Based Intrusioncaesar.web.engr.illinois.edu/courses/CS598.S13/... · Intrusion Detection Systems Detect malicious activities/attacks Hacking/ unauthorized

1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking

Intrusion Detection & Intrusion Prevention Systems

AN EFFICIENT CROSS-LAYER BASED INTRUSION … · 2017-01-15 · AN EFFICIENT CROSS-LAYER BASED INTRUSION DETECTION SYSTEM FOR MOBILE AD HOC ... camouflage its malicious behavior under

Intrusion Detection