SlideShare a Scribd company logo
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Presentation by:
APOORV PANDEY
B.Tech (CSE)
BBDEC,Lucknow
Contents:Contents:
Introduction: Intrusion & its detection.
Ways of intrude.
Diagram of IDS.
Classification IDS.
Drawbacks and strength of IDS.
Future of IDS.
Conclusion.
References.
Intrusion and Intrusion DetectionIntrusion and Intrusion Detection
Intrusion : Attempting to break into or
misuse your system.
Intruders may be from outside the
network or legitimate users of the
network.
Intrusion can be a physical, system or
remote intrusion.
Different ways to intrudeDifferent ways to intrude
Buffer overflows
Unexpected combinations
Unhandled input
Race conditions
Intrusion Detection SystemIntrusion Detection System
Knowledge
Base
Response
Model
Alert
Data-
base
Event
Provider
Analysis Engine
Other
machines
Classifying an IDSClassifying an IDS
◦ anomaly detection
◦ signature based misuse
◦ host based
◦ network based
◦ Stack based
Intrusion Detection Systems (IDS)Intrusion Detection Systems (IDS)
Intrusion Detection Systems look for
attack signatures, which are specific
patterns that usually indicate malicious
or suspicious intent.
Anomaly based IDSAnomaly based IDS
This IDS models the normal usage of the
network as a noise characterization.
Anything distinct from the noise is
assumed to be an intrusion activity.
◦ E.g flooding a host with lots of packet.
The primary strength is its ability to
recognize novel attacks.
Drawbacks of Anomaly detectionDrawbacks of Anomaly detection
IDSIDS
Assumes that intrusions will be accompanied by
manifestations that are sufficiently unusual so as
to permit detection.
These generate many false alarms and hence
compromise the effectiveness of the IDS.
Signature based IDSSignature based IDS
This IDS possess an attacked description
that can be matched to sensed attack
manifestations.4
The question of what information is
relevant to an IDS depends upon what it
is trying to detect.
◦ E.g DNS, FTP etc.
Signature based IDS (contd.)Signature based IDS (contd.)
ID system is programmed to interpret a
certain series of packets, or a certain
piece of data contained in those
packets,as an attack.
For example, an IDS that watches web
servers might be programmed to look
for the string “phf” as an indicator of a
CGI program attack.
Signature based IDS (contd.)Signature based IDS (contd.)
Most signature analysis systems are based
off of simple pattern matching algorithms.
In most cases, the IDS simply looks for a
sub string within a stream of data carried
by network packets. When it finds this
sub string (for example, the ``phf'' in
``GET /cgi-bin/phf?''), it identifies those
network packets as vehicles of an attack.
Drawbacks of Signature based IDSDrawbacks of Signature based IDS
They are unable to detect novel attacks.
Suffer from false alarms
Have to programmed again for every
new pattern to be detected.
Host/Applications based IDSHost/Applications based IDS
The host operating system or the
application logs in the audit information.
These audit information includes events
like the use of identification and
authentication mechanisms (logins etc.) ,
file opens and program executions, admin
activities etc.
This audit is then analyzed to detect trails
of intrusion.
Drawbacks of the host based IDSDrawbacks of the host based IDS
The kind of information needed to be
logged in is a matter of experience.
Unselective logging of messages may
greatly increase the audit and analysis
burdens.
Selective logging runs the risk that attack
manifestations could be missed.
Strengths of the host based IDSStrengths of the host based IDS
Attack verification.
System specific activity.
Encrypted and switch environments.
Monitoring key components.
Near Real-Time detection and response.
No additional hardware.
Stack based IDSStack based IDS
They are integrated closely with the
TCP/IP stack, allowing packets to be
watched as they traverse their way up
the OSI layers.
This allows the IDS to pull the packets
from the stack before the OS or the
application have a chance to process the
packets.
Network based IDSNetwork based IDS
This IDS looks for attack signatures in
network traffic via a promiscuous
interface.[
A filter is usually applied to determine
which traffic will be discarded or passed
on to an attack recognition module. This
helps to filter out known un-malicious
traffic.
Strengths of Network based IDSStrengths of Network based IDS
Cost of ownership reduced[
Packet analysis
Evidence removal
Real time detection and response
Malicious intent detection
Complement and verification
Operating system independence
Future of IDSFuture of IDS
To integrate the network and host based
IDS for better detection.
Developing IDS schemes for detecting
novel attacks rather than individual
instantiations.
Application IDSApplication IDS
 Multivector threat identification—Detailed
inspection of Layer 2–7 traffic protects your network
from policy violations, vulnerability exploitations, and
anomalous activity.
 Accurate prevention technologies—Cisco
Systems’ innovative Risk Rating feature and Meta Event
Generator provide the confidence to take preventive
actions on a broader range of threats without the risk
of dropping legitimate traffic.
Conclusion:Conclusion:
Intrusion Detection Systems look for
attack signatures, which are specific
patterns that usually indicate malicious
or suspicious intent. IDS schemes for
detecting novel attacks rather than
individual instantiations.
Reference:Reference:
Book of Cisco IDS.
Intrusion Detection system TMH.
Wikipedia.

More Related Content

PPSX
Intrusion detection system
PPTX
Intrusion detection system
PPTX
Intrusion detection system
PPTX
Intrusion Detection System(IDS)
PPTX
Intrusion detection system
PPTX
Network intrusion detection system and analysis
PPT
intrusion detection system (IDS)
PPTX
Malware analysis
Intrusion detection system
Intrusion detection system
Intrusion detection system
Intrusion Detection System(IDS)
Intrusion detection system
Network intrusion detection system and analysis
intrusion detection system (IDS)
Malware analysis

What's hot (20)

PPTX
Intrusion detection and prevention system
PPT
Intrusion Detection System
PPTX
Intrusion detection
 
PPT
IDS and IPS
PDF
Overview of the Cyber Kill Chain [TM]
PPTX
Cyber forensics ppt
PPTX
Intrusion detection system
PDF
Computer Security and Intrusion Detection(IDS/IPS)
PDF
Cyber Security Vulnerabilities
PPTX
Intrusion Detection Systems (IDS)
PPTX
Network security - Defense in Depth
PPTX
Security vulnerability
PPT
Intrusion Detection Systems
PPTX
Lecture 10 intruders
PPTX
Machine learning in Cyber Security
PPTX
DoS or DDoS attack
PPTX
Network defenses
PPT
Email Security : PGP & SMIME
PPTX
Denial of service
PPT
Network Intrusion Detection System Using Snort
Intrusion detection and prevention system
Intrusion Detection System
Intrusion detection
 
IDS and IPS
Overview of the Cyber Kill Chain [TM]
Cyber forensics ppt
Intrusion detection system
Computer Security and Intrusion Detection(IDS/IPS)
Cyber Security Vulnerabilities
Intrusion Detection Systems (IDS)
Network security - Defense in Depth
Security vulnerability
Intrusion Detection Systems
Lecture 10 intruders
Machine learning in Cyber Security
DoS or DDoS attack
Network defenses
Email Security : PGP & SMIME
Denial of service
Network Intrusion Detection System Using Snort
Ad

Viewers also liked (15)

PPTX
Intrusion detection
PPTX
Intrusion Detection System (IDS) & Disaster Recovery Plan (DRP)
PPT
Data Mining and Intrusion Detection
PPT
Introduction To Intrusion Detection Systems
PDF
A combined approach to search for evasion techniques in network intrusion det...
PDF
IDS (intrusion detection system)
PPTX
Improving intrusion detection system by honeypot
PPTX
PPT
PPT
Intrusion detection system ppt
PPTX
Firewall presentation
PPT
Data mining slides
 
PPTX
Data mining
PPT
FireWall
PPTX
Firewall presentation
Intrusion detection
Intrusion Detection System (IDS) & Disaster Recovery Plan (DRP)
Data Mining and Intrusion Detection
Introduction To Intrusion Detection Systems
A combined approach to search for evasion techniques in network intrusion det...
IDS (intrusion detection system)
Improving intrusion detection system by honeypot
Intrusion detection system ppt
Firewall presentation
Data mining slides
 
Data mining
FireWall
Firewall presentation
Ad

Similar to AN INTRUSION DETECTION SYSTEM (20)

PPTX
Intrusion detection system
PDF
Chapter 3- Intrusion Detection.pdf
PDF
Intrusion_Detection_By_loay_elbasyouni
PPTX
Network Security - Intrusion Detection System.pptx
DOCX
The way of network intrusion and their detection and prevention
PPTX
Intrusion Detection in WLANs
PPTX
Introduction to IDS & IPS - Part 1
PPTX
Intrusion detection system (ids)
PDF
Exploring the Insights of Intrusion Detection Systems in Cybercrime.pdf
PDF
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
PPTX
Snort IDS/IPS Basics
PPTX
Intrusion Detection systems detaild.pptx
PDF
Intrusion Detection System: Security Monitoring System
PPTX
Intrusion Detection Systems of Cyber Security
PDF
Efficient String Matching Algorithm for Intrusion Detection
PPTX
Intrusion Detection Systems.pptx
PDF
Module 19 (evading ids, firewalls and honeypots)
PDF
Intrusion detection
PDF
Optimized Intrusion Detection System using Deep Learning Algorithm
PPTX
L5A - Intrusion Detection Systems.pptx
Intrusion detection system
Chapter 3- Intrusion Detection.pdf
Intrusion_Detection_By_loay_elbasyouni
Network Security - Intrusion Detection System.pptx
The way of network intrusion and their detection and prevention
Intrusion Detection in WLANs
Introduction to IDS & IPS - Part 1
Intrusion detection system (ids)
Exploring the Insights of Intrusion Detection Systems in Cybercrime.pdf
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Snort IDS/IPS Basics
Intrusion Detection systems detaild.pptx
Intrusion Detection System: Security Monitoring System
Intrusion Detection Systems of Cyber Security
Efficient String Matching Algorithm for Intrusion Detection
Intrusion Detection Systems.pptx
Module 19 (evading ids, firewalls and honeypots)
Intrusion detection
Optimized Intrusion Detection System using Deep Learning Algorithm
L5A - Intrusion Detection Systems.pptx

Recently uploaded (20)

PDF
Sports Quiz easy sports quiz sports quiz
PPTX
Microbial diseases, their pathogenesis and prophylaxis
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
PDF
Insiders guide to clinical Medicine.pdf
PDF
VCE English Exam - Section C Student Revision Booklet
PDF
01-Introduction-to-Information-Management.pdf
PPTX
GDM (1) (1).pptx small presentation for students
PDF
Anesthesia in Laparoscopic Surgery in India
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
PDF
Classroom Observation Tools for Teachers
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
PDF
TR - Agricultural Crops Production NC III.pdf
PPTX
Lesson notes of climatology university.
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Sports Quiz easy sports quiz sports quiz
Microbial diseases, their pathogenesis and prophylaxis
Abdominal Access Techniques with Prof. Dr. R K Mishra
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
O5-L3 Freight Transport Ops (International) V1.pdf
Insiders guide to clinical Medicine.pdf
VCE English Exam - Section C Student Revision Booklet
01-Introduction-to-Information-Management.pdf
GDM (1) (1).pptx small presentation for students
Anesthesia in Laparoscopic Surgery in India
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Classroom Observation Tools for Teachers
Module 4: Burden of Disease Tutorial Slides S2 2025
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
TR - Agricultural Crops Production NC III.pdf
Lesson notes of climatology university.
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
3rd Neelam Sanjeevareddy Memorial Lecture.pdf

AN INTRUSION DETECTION SYSTEM

  • 1. Intrusion Detection System(IDS)Intrusion Detection System(IDS) Presentation by: APOORV PANDEY B.Tech (CSE) BBDEC,Lucknow
  • 2. Contents:Contents: Introduction: Intrusion & its detection. Ways of intrude. Diagram of IDS. Classification IDS. Drawbacks and strength of IDS. Future of IDS. Conclusion. References.
  • 3. Intrusion and Intrusion DetectionIntrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from outside the network or legitimate users of the network. Intrusion can be a physical, system or remote intrusion.
  • 4. Different ways to intrudeDifferent ways to intrude Buffer overflows Unexpected combinations Unhandled input Race conditions
  • 5. Intrusion Detection SystemIntrusion Detection System Knowledge Base Response Model Alert Data- base Event Provider Analysis Engine Other machines
  • 6. Classifying an IDSClassifying an IDS ◦ anomaly detection ◦ signature based misuse ◦ host based ◦ network based ◦ Stack based
  • 7. Intrusion Detection Systems (IDS)Intrusion Detection Systems (IDS) Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent.
  • 8. Anomaly based IDSAnomaly based IDS This IDS models the normal usage of the network as a noise characterization. Anything distinct from the noise is assumed to be an intrusion activity. ◦ E.g flooding a host with lots of packet. The primary strength is its ability to recognize novel attacks.
  • 9. Drawbacks of Anomaly detectionDrawbacks of Anomaly detection IDSIDS Assumes that intrusions will be accompanied by manifestations that are sufficiently unusual so as to permit detection. These generate many false alarms and hence compromise the effectiveness of the IDS.
  • 10. Signature based IDSSignature based IDS This IDS possess an attacked description that can be matched to sensed attack manifestations.4 The question of what information is relevant to an IDS depends upon what it is trying to detect. ◦ E.g DNS, FTP etc.
  • 11. Signature based IDS (contd.)Signature based IDS (contd.) ID system is programmed to interpret a certain series of packets, or a certain piece of data contained in those packets,as an attack. For example, an IDS that watches web servers might be programmed to look for the string “phf” as an indicator of a CGI program attack.
  • 12. Signature based IDS (contd.)Signature based IDS (contd.) Most signature analysis systems are based off of simple pattern matching algorithms. In most cases, the IDS simply looks for a sub string within a stream of data carried by network packets. When it finds this sub string (for example, the ``phf'' in ``GET /cgi-bin/phf?''), it identifies those network packets as vehicles of an attack.
  • 13. Drawbacks of Signature based IDSDrawbacks of Signature based IDS They are unable to detect novel attacks. Suffer from false alarms Have to programmed again for every new pattern to be detected.
  • 14. Host/Applications based IDSHost/Applications based IDS The host operating system or the application logs in the audit information. These audit information includes events like the use of identification and authentication mechanisms (logins etc.) , file opens and program executions, admin activities etc. This audit is then analyzed to detect trails of intrusion.
  • 15. Drawbacks of the host based IDSDrawbacks of the host based IDS The kind of information needed to be logged in is a matter of experience. Unselective logging of messages may greatly increase the audit and analysis burdens. Selective logging runs the risk that attack manifestations could be missed.
  • 16. Strengths of the host based IDSStrengths of the host based IDS Attack verification. System specific activity. Encrypted and switch environments. Monitoring key components. Near Real-Time detection and response. No additional hardware.
  • 17. Stack based IDSStack based IDS They are integrated closely with the TCP/IP stack, allowing packets to be watched as they traverse their way up the OSI layers. This allows the IDS to pull the packets from the stack before the OS or the application have a chance to process the packets.
  • 18. Network based IDSNetwork based IDS This IDS looks for attack signatures in network traffic via a promiscuous interface.[ A filter is usually applied to determine which traffic will be discarded or passed on to an attack recognition module. This helps to filter out known un-malicious traffic.
  • 19. Strengths of Network based IDSStrengths of Network based IDS Cost of ownership reduced[ Packet analysis Evidence removal Real time detection and response Malicious intent detection Complement and verification Operating system independence
  • 20. Future of IDSFuture of IDS To integrate the network and host based IDS for better detection. Developing IDS schemes for detecting novel attacks rather than individual instantiations.
  • 21. Application IDSApplication IDS  Multivector threat identification—Detailed inspection of Layer 2–7 traffic protects your network from policy violations, vulnerability exploitations, and anomalous activity.  Accurate prevention technologies—Cisco Systems’ innovative Risk Rating feature and Meta Event Generator provide the confidence to take preventive actions on a broader range of threats without the risk of dropping legitimate traffic.
  • 22. Conclusion:Conclusion: Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent. IDS schemes for detecting novel attacks rather than individual instantiations.
  • 23. Reference:Reference: Book of Cisco IDS. Intrusion Detection system TMH. Wikipedia.