-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
1/26
Z`^a_[ZW`WU`[Z
Z`^a_[Z^WbWZ`[Z
_`W_
-ff-fffffffffffff
n
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
2/26
-@-@
fn
n
$9nn
fnf
f$9
fnn,
fn%,n
fn
@f,
f9
fn%n
@nffnn
f$9
f$9
9fnn
ff9
f nf%$9
,
ff
nff
f
-f nf%-$-9
nn-f$9
@
f9ff-f
f9ff
f-f
@nf9
D@f,ff
D@,f
@D@,
D@,
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
3/26
nD@,
Jn
Jnf
fnff
9ff
nffnf
fnf
9ffnf
@fn
fn%
@fffnf
,fnn
nf
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
4/26
9f-fJf
nfn,n f 9 @f,f
n,ff9fnnfnff
fn nfnfn@ff
n n nf n nf n ffn fn nfff nnffn
ffnnfffffnnJ
,fnfnnfnfnnf
f f # nf ffn nf
ffn#fnf nfnf
f
n%fnffnf
@ f n n f
nnfnnfffffff
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
5/26
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
6/26
$9nn
fnf$9 fffnffnf@
f
O fnffO -fffnfnnff$9n
n
f$9$9nfnn
O ff n n f f ff ff nf
O n f f n n n fffn
O f n nf fn fn f f f f$ff fn %fn
9
nfnfn
f$9
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
7/26
fnn,
fnnnf@fn
ff
fn%,n
f n fn f fn $n fn
fnffnnfn
fffn ffff ff
fn ffn nnf n
fnnffn
fff fffJfffffnf
fffffffnfnf
f f f ff nffnn nf n
ffnffnfffnfffnnfn
nffnffn ff
fnf@ffnffn
ffffff nf
nf
n nnf ffn nf fn
nnfffnffnfnffnf
f f f f n f n f f
ffn
fn
f n f f f f- f
f ffff
n f f f f fnf ffn ff
nfnfnf
fff
@fffnffnfnff
fnf
ffnffnffnfnfffff
nfnnfnfffffnn
nf nnfnff
fff
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
8/26
ffnfffffffffffn
nffnfnfffnf
@f,
@ fn fn ff f f
nf n @ f nn n n f
ffnfnnfnn
nfnfnfffnf f
ff f @ f nf
nfffnnfnfnff
fff $nnf
f9
@ n f n f ffn f n nf
fn f nn f f fffffnffnffnf
nnff ff nn fnfffn
f@fffffffnfnf
ffnnnffnfnff
nnfn
fn%n
nnfnfnffnnfff n
ffnffnnffnff@ nff
fffffn nfffnfnn
ffnn
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
9/26
@nffnn
@fnffnnnffff
ffff
f$9,9nf ffff@ nffffn
n fffffnffffn
@fn ffffnfnffnfnnfffffff
f f fn @fffnfffn f fn
ffn f n f f fn f fn fn n f
fff
f$9
fnffffnfffnfnfn
n f fn ff fnf n
fn - f fn f n ffn n f
fnfnnffnffnnffn
ffffnnffnffn
9fnn
9fnnfnnfffn
fnf ff f fn fn f f f n
nfn ffff n fff@ ffn
nnf nf nfffn nfff
ff fnfnnfff
fffnnfffnn
ffnfnfn nfnnffnff
n n ff ff n f f
nf@fnfffff
ffnfff@ffnf
f nfnf ffff fn
fff
9 ffn nf ffffn%
, f f f fff ffn %9 f
f
9 n nf n ff ffn f n %ffn
nf fffnffffn
nffffn
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
10/26
ff9
n%nffnfnfff
f nf fn n f f ff
nfn
9%9ffffnfffn
fn fDf9 fnf
fn f ffnf# nfffn
fnnfffnnfnn
f fnn 9f f fnf f ffn
nffnnfnfnf
f f9nf fn f f nfn
nnnfffnfffn9nnff
fn f fnf f f 9 nf fnnfffn f fn f f n ffn f
fff
n fnf nf f n
$ % $ 9 f -f n $
%-$-9
@,ffnnff9fn
n
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
11/26
f n f % $
9fffnffnnff n
9 f n f
n
O nnfnO fffffnfnfnO nfffnn fffO ffnfnfnf
fnfn
,
nfffffnnnnf
nn f f nffnn @
ff f n nf f nf
fnf@f
O 9ffnfn
O $fnnfn
O f
O nfnnO ,f n nn nf %f
nff %ffnn f n%f
nnffn
O n@ fnnfnnfnfnf@ nn f fn f n % f
nff#nfnf@n
ff%fnfff%-@ff
O @ fffnfnnff n
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
12/26
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
13/26
nff
nff fn nnn
nff nn n
f-fn
nffnfnff
O Df @9fD9 nn n f nn @9fD9
O 9 nf n n nf f ffn ff
f fnf nff f fnfff
f fn ff f n nffn
f%9
fnfff
O nffnnfO ffffffffn
nfffffff@fnffn
ffnn
O DnO fffn9#O fnnf
fnnff fnnf
nnffff
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
14/26
f
fffffffn
nfnffn
O fnff#fO fnnfO fnnfnO fnfnfnO nfffO nfO fnnffO fnO nfffnfO
9nnnffO nffnffO 9ffO 9f$
n n nf fn ff nf
nf#f
fffnfffff f
ffff fffnff f
ffnfnf f f
ffnf f f f nf n f
f
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
15/26
-fnf%-$
-9
-f nfffffnfffnf@
fnfff@fnnnn
ffffnfnnf
fnnfnff@f
n - $ -9 f f f f f f
f-ffnffnff
-f n%- ff
f ffn ff nf nn f
ffffffnffn
ffffnfn
O Dffnn Jffnnf ffn fnf
ffnnf
O f $f n @ ffn nff@fnf f$nf ffnnf
nf
- f f fn nf f n
fnf
-$-9fnffffn
n f f fn f f
nn f f f nf f fn n f
fff@fffnnf
fnnfnnfI9-nffn
nI9-
nfnfffff
n
O 9fnfn%ffnO nn%fffnO f%fnO fnfffn
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
16/26
nn-f$9
@ffnfn n-f
@fffnn-nfnff
n nff f - nf #
f
ff-$-9fnfffn,
ffffnf,n9ffnnffnff
f
- fn fnn fnfnnffff
nf nfn ff nnf
fnfnnfnnff
nn-
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
17/26
@
f9ff-f
f9ff
@fffffffnff nf
nfff ffnfnffnnnn
nnffffffffnf
f f f nn nf nf n
fffnfn
O fnf@fnff@fnfnfffnf f- n f ,9ff f
fffnffnnffn
O f ff fn f f f n fnfnffffnff
O 9n If f f nf n fn nf nf
O @f 9 f fff f fff@fnff
O -,fnffffnnnffnffff
fnfffff
n fff fffnffn@f
ffnnfnfJffffnfnf
fnnfnffffnn%nf
ffffff fnffff
ffffnf
f-f
f f n f n f n
nnf nnfnfnfnnf
ff f fn f nf f n nfn ff
nnff
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
18/26
nffff
O --fnf f nffnnffnn
n - n nf f n f
fn
O nfn f@fnf ff
nfn9fn-I9- fffnnf
ff-fffn
O fn nf n ,f f f n f nf f fn nnfffnf,
nfffn nfnf
f n f f f fnf
nfn
O fffnfffnfnffnf ffnnf f
O Dn ffn @ ffn n f ff
O 9-nfffff-nfnfnn
4 nfnffffff4 @nnffnfnfff4 fnf4 @ ffff f fff
fnfnnffn
O - f @- n nfn ffn ff
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
19/26
@nf9@n$9 n$9nff n
@nffnfff
D@f,ff@ffD@, ffnnf f
nfnf fnfffffn@
nf f nf f n n nf f
nnfnfnfnf
ff fnnnfnnff
fffff
D@,f
D@,nff
O fnffnnO fffffffO n$nf
D@,fnfffnf
O JnnfffnO Iff%I9-nfnnfnfnn
D@,fff fnfnfJ-fnnf ff
n f ff f f nf
Df fnf f fnf n f
nfnD@, fffff
D@, f nf f f n f nf f
ffffI9-nf
D@f,ff
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
20/26
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
21/26
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
22/26
Jnnf n%Jf
fnnfnnfJnf
ffn
fn f nf @f ff fnf
ffffffff
n
Jnf
O 9 nff f f f ffn f nnfJ-fffn @fnnf
nffffnffffnfnfffff9nnf
f f f n f
f
O fnff,%,, f f n ffn f f
ff f n f f f ,f
J-ffnffnff
fffff
O ff n 9 ff ff fn f f f ff9nnfff
ffnnfffn
O nfnfn fffnfnf f ff
nf f n f f
f nf nffnnf
nfffnfnfnf nf
Jf n,f@nff
nnf-n--J
Jfn,nfIf,O
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
23/26
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
24/26
@fn
fn%
ffnfffnfnfffnf
fnnfnnfn%@9ffnffnffnn9fnfffnnnn@
ffn f nf ffn f f f n f f
@nffffnnfnn
O nffn nfnnffnffnffnn nffnffnffn
nffnnfffn nnf-
n
O ,fn fn ffn n f f fn f nf n nf nn f n f
ffffnnfnnfnff fnnfnf
fnnfffnf,n@9-@
,9n
fnffff nfn ffn
ff f nf n f f f fnff fn
ffn @ ffn f fff nn nf
fDn;nn
@fffnf
fffnff@ffffnnfffnnf
fffnnffnfnfff
f f ffn f nf f f fn f
ffnfnfffffnf
f nn f @f f f f
fffnfn@fnfff
fnf@f ffnn @f nf
fn@f nnfff
nf f n fJnfnff fn ffn @ff
fnfffff@9D9ffn
ffnfnff@fff@9D9-ffnnn
,fnn
fnf ffffnnfnf
f@nffnnff$nf
nfffnfnnfn
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
25/26
f
n
-f@fff$$f$$$nn$fnn$$
@nfnn$$fnn$nn$f n$n
nn$$
ff$$n$nf$$f$fff
nn$$
f@nff$$$f$
nn$$
Jfn",f@nn$$fnfnnfn$$n
nn$$
fn9,f9$$fnnf$ff$$$
nn$$
$9ffnfD$$$$n$f$$$$@n
nn$$
n9ff
$$fnn$nn$f n$n
nn$$
Jfn%f$$fn$fn$n
nn$$
fffnf$$fnnnfn$$n
nn$$
f-ff fn$$fn$ffn nn$$
-fnn$$n$f$
nn$$
-
8/8/2019 Intrusion Detection & Intrusion Prevention
Systems
26/26
f9fnn $$nn$n$$9fn
nn$$
f9fnnf$$fnn$nn$f n$ffnnnn$$
fnffffnf$ff$f$
nn$$
@99fnn@f9$$fnn$nn$f n$fnn
nn$$
-fn%,n-9n $$nfn$$nfn$ f$f
nn$$
-@n -JJ$$f$nf$9f$JJ
nn$$
ff-nf@f$$nf$f$f$$-
nn$$
Dfff@ff$$fnnnfnfn$n$nf
nn$$
,fffffnf",f$$fnnnfnfn$$n
nn$$
nD@f,ff-nnn$$nn$$fffn $
nn$$
9fnn$$nn$ $n$$
nn$$
fnf9ff-f-@$$fnn$nn$f n$fnffffnn$$
nf9$$fn nfn$$n"fn
nn$$
