Upload
nagpur-ankur
View
98
Download
2
Embed Size (px)
DESCRIPTION
Intrusion detection PPT
Citation preview
A seminar on
Intrusion Detection System
Department of Computer Science & EngineeringSession 2012-13
CONTENTSINTRODUCTION
LITERATURE REVIEW
MODULES & DESCRIPTION
PROJECT CONCEPT
SNAPSHOTS
ADVANTAGES
APPLICATION
REFERENCES
INTRODUCTIONINTRODUCTION
An intrusion detection system must reliably detect malicious activities in a network
It perform efficiently to cope with the large amount of network traffic.
In this project, we address these two issues of Accuracy and Efficiency using Conditional Random Fields and Layered Approach.
LITERATURE REVIEW
IEEE Paper Topic:-Layered Approach Using Conditional Random Fields for Intrusion Detection
Published in:-JANUARY-MARCH 2010
Author:-Kapil Kumar GuptaBaikunth Nath
Ramamohanarao Kotagiri
In this paper, they have addressed the dual problem of Accuracy and Efficiency for building robust and efficient intrusion detection systems
IEEE Paper Topic:- International Journal of Mobile Network Communications & Telematics (IJMNCT)
Published in:- June 2012
Author:- Mr.C.Saravanan Mr.M.V.Shivsankar
Prof.P.Tamije Selvy
In this paper, they have stated that CRFs are proven to be successfulframework for improving the attack detection accuracy rate and decreasing the FAR layered approach is used for high efficiency .
MODULE & DESCRITPIONMODULE & DESCRITPION
Conditional Random Field Probe layer DoS layer R2L layer U2R layer
Conditional Random FieldConditional Random Field
The CRFs have proven to be very successful in such tasks, as they do not make any unwarranted assumptions about the data.
Hence, we explore the suitability of CRFs for intrusion detection. system may consider features such as “logged in” and “number of file creations.” When these features are analyzed individually, they do not provide any information that can aid in detecting attacks
However, when these features are analyzed together, they can
provide meaningful information, which can be helpful for the classification task.
Probe layerProbe layer
Hacker scans a machine to determine the weakness or vulnerabilities that may later to be exploited is called probe attack
This layer will detect the user which scans the machine for to checks its vulnerabilities
Examples of probe attack is saint, portsweep, mscan
DoS(Denial Of Service) layerDoS(Denial Of Service) layer
Hacker makes a computing or memory resources too busy or too full to serve legitimate networking request is called DoS attack
This layer will detect the user which makes the resource busy
Example of DoS attacks are smurf, neptune, ping of death,mail bomb
R2L(Remote to Local) layerR2L(Remote to Local) layer
The R2L attacks are one of the most difficult to detect as they involve the network level and the host level features.
We therefore selected both the network level features such as the “duration of connection” and “service requested” and the host level features such as the “number of failed login attempts” among others for detecting R2L attack.
Examples of R2L attacks are xclock, xnsnoop, guest, phf, sentmail dictionary.
U2R(User to Root) layerU2R(User to Root) layer
Hackers are try to use the super user privileges to abuse the vulnerability in the system is called as U2R attack
This layer will detect the users which tries to use the super user privileges
Examples of U2R attacks are perl, xterm
PROJECT CONCEPT
SNAPSHOTS
This is the server side where the information about the intruder is displayed
This is the user registration at the server side
This is the login for the user
When any user entering the wrong username & password the server side will display the information
ADVANTAGES
Monitors the operation of firewalls, routers, key management servers and files critical to other security mechanisms
Allows administrator to tune, organize and comprehend often incomprehensible operating system audit trails and other logs
Can make the security management of systems by non-expert staff possible by providing nice user friendly interface
Comes with extensive attack signature database against which information from the customers system can be matched
Can recognize and report alterations to data files
APPLICATION
FOR SYSTEM ADMINISTRATOR
EDUCATIONAL INSTITUTES
CORPORATE OFFICES
REFERENCESREFERENCES
[1] Autonomous Agents for Intrusion Detection, http://www.cerias.purdue.edu
[2] KDD Cup 1999 Intrusion Detection Data,
http://kdd.ics.uci.edu
[3] Overview of Attack Trends,
http://www.cert.org
[4] Probabilistic Agent Based Intrusion Detection,
http://www.cse.sc.edu[5] “An Introduction To Intrusion Detection Systems”
By Paul Innella and Oba McMillan, Tetrad Digital Integrity, LLChttp://www.securityfocusonline.com/
[6] A survey of intrusion detection techniqueswww.sciencedirect.com