Upload
mohammed-al-haj
View
265
Download
0
Embed Size (px)
Citation preview
8/2/2019 Intrusion Detection
1/15
8/2/2019 Intrusion Detection
2/15
Intrusion & Intrusion Detection
Intruders
Intrusion Detection systems
intrusion detection process
intrusion detection techniques
Data Mining for Intrusion Detection
2
8/2/2019 Intrusion Detection
3/15
The word:means a wrongful entry
or the act of seizing
or taking possession of the property of another
means identifying potentially malicious or undesirable activity
3
8/2/2019 Intrusion Detection
4/15
Outsiderpenetrates a systems access controls to usea users account
Insider makes unauthorized data, programsor resources access
both outsider and insider takes the system supervisory
control and uses it to avoid auditing and accesscontrols
4
8/2/2019 Intrusion Detection
5/15
The difficulty results from the fact that defender mustbe ready to prevent all possible attacks, whereas
attacker is free to find weakest link in the defense
chain and attack it
5
8/2/2019 Intrusion Detection
6/15
combination of software and hardware that attempts toperform intrusion detection
raises the alarm when possible intrusion happens
If afirewall is like having a security guard at your officedoor, checking the credentials of everyone coming andgoing,then an intrusion-detection system (IDS) is like having a
network of sensorsthat tells you when someone hasbroken in, where they are and what they're doing.
6
8/2/2019 Intrusion Detection
7/15
Information theft is up over 250% in the last 5 years.
99% of all major companies report at least one major incident.
Telecom and computer fraud totaled $10 billion in the US alone.
There are 5 million attacks in the DOD (Department of Defense)every day
7
8/2/2019 Intrusion Detection
8/15
Host-based IDSs analyze host-bound audit sources such as operating syst
audit trails, system logs, or application logs
Detect attacks against a single host
Network-Based IDSs Use network traffic as the audit data source, relieving the
burdenon the hosts that usually provide normal computin
services Detect attacks from network.
network-based IDS are likeneighborhood police patrols
8
8/2/2019 Intrusion Detection
9/15(BPM) for senesce & Technology UniversityIbb Branch9
8/2/2019 Intrusion Detection
10/1510
8/2/2019 Intrusion Detection
11/1511
8/2/2019 Intrusion Detection
12/1512
8/2/2019 Intrusion Detection
13/15
ModelLearn
Classifier
Tid SrcIP Starttime
Dest IP DestPort
Numberof bytes
Attack
1 206.135.38.95 11:07:20 160.94.179.223 139 192 No
2 206.163.37.95 11:13:56 160.94.179.219 139 195 No
3 206.163.37.95 11:14:29 160.94.179.217 139 180 No
4 206.163.37.95 11:14:30 160.94.179.255 139 199 No
5 206.163.37.95 11:14:32 160.94.179.254 139 19 Yes
6 206.163.37.95 11:14:35 160.94.179.253 139 177 No
7 206.163.37.95 11:14:36 160.94.179.252 139 172 No
8 206.163.37.95 11:14:38 160.94.179.251 139 285 Yes
9 206.163.37.95 11:14:41 160.94.179.250 139 195 No
10 206.163.37.9511:14:44 160.94.179.249 139 163 Yes1 0
Tid SrcIPStarttime
Dest PortNumberof bytes
Attack
1 206.163.37.81 11:17:51 160.94.179.208 150 ?
2 206.163.37.99 11:18:10 160.94.179.235 208 ?
3 206.163.37.55 11:34:35 160.94.179.221 195 ?
4 206.163.37.37 11:41:37 160.94.179.253 199 ?
5 206.163.37.41 11:55:19 160.94.179.244 181 ?
Rules Discovered:
{Src IP = 206.163.37.95,Dest Port = 139,
Bytes [150, 200]} --> {ATTACK}
Training Set
Test Set
13
8/2/2019 Intrusion Detection
14/15
Paul Dokas, Levent Ertoz, Vipin Kumar, Aleksandar Lazarevic, Jaideep ZSrivastava, Pang-
Ning Tan , Data Mining for Network Intrusion Detection
Vipin Kumar , Data Mining Based Network Intrusion Detection System
Stalling, Cryptography and Network Security Principles and
Practices, Fourth Edition, Prentice Hall,2005.
Marcin Dobrucki, Priorities in the deployment of networkintrusion detection systems
Phil Baskerville, Intrusion Prevention Systems: How
do they prevent intrusion?
Jie Lin, Intrusion Detection
Lisong Pei, Jakob Schtte, Carlos Simon, Intrusion detection systems
14
8/2/2019 Intrusion Detection
15/15
Thank you