مقبل الحاج Intrusion Detection

  • View
    229

  • Download
    0

Embed Size (px)

Text of مقبل الحاج Intrusion Detection

  • 8/2/2019 Intrusion Detection

    1/15

  • 8/2/2019 Intrusion Detection

    2/15

    Intrusion & Intrusion Detection

    Intruders

    Intrusion Detection systems

    intrusion detection process

    intrusion detection techniques

    Data Mining for Intrusion Detection

    2

  • 8/2/2019 Intrusion Detection

    3/15

    The word:means a wrongful entry

    or the act of seizing

    or taking possession of the property of another

    means identifying potentially malicious or undesirable activity

    3

  • 8/2/2019 Intrusion Detection

    4/15

    Outsiderpenetrates a systems access controls to usea users account

    Insider makes unauthorized data, programsor resources access

    both outsider and insider takes the system supervisory

    control and uses it to avoid auditing and accesscontrols

    4

  • 8/2/2019 Intrusion Detection

    5/15

    The difficulty results from the fact that defender mustbe ready to prevent all possible attacks, whereas

    attacker is free to find weakest link in the defense

    chain and attack it

    5

  • 8/2/2019 Intrusion Detection

    6/15

    combination of software and hardware that attempts toperform intrusion detection

    raises the alarm when possible intrusion happens

    If afirewall is like having a security guard at your officedoor, checking the credentials of everyone coming andgoing,then an intrusion-detection system (IDS) is like having a

    network of sensorsthat tells you when someone hasbroken in, where they are and what they're doing.

    6

  • 8/2/2019 Intrusion Detection

    7/15

    Information theft is up over 250% in the last 5 years.

    99% of all major companies report at least one major incident.

    Telecom and computer fraud totaled $10 billion in the US alone.

    There are 5 million attacks in the DOD (Department of Defense)every day

    7

  • 8/2/2019 Intrusion Detection

    8/15

    Host-based IDSs analyze host-bound audit sources such as operating syst

    audit trails, system logs, or application logs

    Detect attacks against a single host

    Network-Based IDSs Use network traffic as the audit data source, relieving the

    burdenon the hosts that usually provide normal computin

    services Detect attacks from network.

    network-based IDS are likeneighborhood police patrols

    8

  • 8/2/2019 Intrusion Detection

    9/15(BPM) for senesce & Technology UniversityIbb Branch9

  • 8/2/2019 Intrusion Detection

    10/1510

  • 8/2/2019 Intrusion Detection

    11/1511

  • 8/2/2019 Intrusion Detection

    12/1512

  • 8/2/2019 Intrusion Detection

    13/15

    ModelLearn

    Classifier

    Tid SrcIP Starttime

    Dest IP DestPort

    Numberof bytes

    Attack

    1 206.135.38.95 11:07:20 160.94.179.223 139 192 No

    2 206.163.37.95 11:13:56 160.94.179.219 139 195 No

    3 206.163.37.95 11:14:29 160.94.179.217 139 180 No

    4 206.163.37.95 11:14:30 160.94.179.255 139 199 No

    5 206.163.37.95 11:14:32 160.94.179.254 139 19 Yes

    6 206.163.37.95 11:14:35 160.94.179.253 139 177 No

    7 206.163.37.95 11:14:36 160.94.179.252 139 172 No

    8 206.163.37.95 11:14:38 160.94.179.251 139 285 Yes

    9 206.163.37.95 11:14:41 160.94.179.250 139 195 No

    10 206.163.37.9511:14:44 160.94.179.249 139 163 Yes1 0

    Tid SrcIPStarttime

    Dest PortNumberof bytes

    Attack

    1 206.163.37.81 11:17:51 160.94.179.208 150 ?

    2 206.163.37.99 11:18:10 160.94.179.235 208 ?

    3 206.163.37.55 11:34:35 160.94.179.221 195 ?

    4 206.163.37.37 11:41:37 160.94.179.253 199 ?

    5 206.163.37.41 11:55:19 160.94.179.244 181 ?

    Rules Discovered:

    {Src IP = 206.163.37.95,Dest Port = 139,

    Bytes [150, 200]} --> {ATTACK}

    Training Set

    Test Set

    13

  • 8/2/2019 Intrusion Detection

    14/15

    Paul Dokas, Levent Ertoz, Vipin Kumar, Aleksandar Lazarevic, Jaideep ZSrivastava, Pang-

    Ning Tan , Data Mining for Network Intrusion Detection

    Vipin Kumar , Data Mining Based Network Intrusion Detection System

    Stalling, Cryptography and Network Security Principles and

    Practices, Fourth Edition, Prentice Hall,2005.

    Marcin Dobrucki, Priorities in the deployment of networkintrusion detection systems

    Phil Baskerville, Intrusion Prevention Systems: How

    do they prevent intrusion?

    Jie Lin, Intrusion Detection

    Lisong Pei, Jakob Schtte, Carlos Simon, Intrusion detection systems

    14

  • 8/2/2019 Intrusion Detection

    15/15

    Thank you