Chapter 11 Intrusion Detection System

More documents

Recommendations

Info

Firewall¡ Active filtering¡ Fail-closeFirewall Versus IDS (network) Network IDS– Passive monitoring¡ Passive monitoring¡ Fail-openFirewall Versus Network IDS• Firewall– Active filtering– Fail-close• Network IDS– Fail-openIDSSecurity Spring 2013FW
Elements of Intrusion Detectionents of Intrusion Detectionary assumptions: Primary assumptions:stem activities are observable¡ system activities are observableormal and intrusive activities have distinct¡ Normal and intrusive activities have distinct evidenceidence Components of intrusion detection systems:ponents of intrusion detection systems:¡ From an algorithmic perspective:om an algorithmic perspective:÷ Features – capture intrusion evidencesFeatures ÷ Models - capture – piece evidences intrusion together evidencesModels - piece evidences together¡ From a system architecture perspectiveom a system architecture perspective:÷ Audit data processor, knowledge base, decision engine, alarm generation andresponsesAudit data processor, knowledge base, decisionengine, alarm generation and responsesSecurity Spring 2013
Page 3 and 4: Security Spring 2013Basic IDS conce
Page 5: Why Is Intrusion DetectionWhy is In
Page 9 and 10: Intrusion Detection Approaches Mode
Page 11 and 12: Measuring (Cont’d) True positive
Page 13 and 14: Example 70,000 events, 300 intrusio
Page 15 and 16: Bayesian Detection RateBayesian Det
Page 17 and 18: Misuse DetetionMisuse Detectionpatt
Page 19 and 20: Anomaly DetectionAnomaly Detectiona
Page 21 and 22: Ex. : Misuse vs. Anomaly Detection
Page 23 and 24: Signature Generation Research chall
Page 25 and 26: Examples of Metrics Count of number
Page 27 and 28: Where Is the IDS Deployedere Is the
Page 29 and 30: Host-Based IDS (Cont’d) Drawbacks
Page 31 and 32: File Integrity Checking Tripwire¡
Page 33 and 34: Some detailsSome Details• Anomaly
Page 35 and 36: Network-based IDS (Cont’d) Drawba
Page 37 and 38: Popular NIDS Snort¡ http://www.sno
Page 39 and 40: Snort Rule Syntax Each snort rule h
Page 41: Detecting Attack Strings Scanning f

Chapter 11 Intrusion Detection System

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?