Scribd Logo
Upload

Welcome to Scribd!

  • Conference

    Uploaded by

    Basil Xavier Simon
    50 views11 pages
    Intrusion Detection Systems (IDS) - monitors network and / or system activities for malicious activities or policy violations and produces reports to a Management Station. Classification on the basis of detection approaches anomaly detection misuse detection - based on the knowledge of system vulnerabilities - known attack patterns - compares recent activity to known intrusion scenarios.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Intrusion Detection Systems (IDS) - monitors network and / or system activities for malicious activities or policy violations and produces reports to a Management Station. Classification on the basis of detection approaches anomaly detection misuse detection - based on the knowledge of system vulnerabilities - known attack patterns - compares recent activity to known intrusion scenarios.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    50 views11 pages

    Conference

    Uploaded by

    Basil Xavier Simon
    Intrusion Detection Systems (IDS) - monitors network and / or system activities for malicious activities or policy violations and produces reports to a Management Station. Classification on the basis of detection approaches anomaly detection misuse detection - based on the knowledge of system vulnerabilities - known attack patterns - compares recent activity to known intrusion scenarios.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    LITERATURE SURVEY(cont)

    Intrusion Detection Systems (IDS)

    monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station
    Classification on the basis of detection approaches[12]
    anomaly detection misuse detection

    Oct 28,2011

    Project Review

    LITERATURE SURVEY(cont)
    Anomaly detection[13] To capture any deviation from the profiles of normal behavior pattern unknown or novel attacks well-known attacks may not be detected

    Misuse detection

    based on the knowledge of system vulnerabilities known attack patterns compares recent activity to known intrusion scenarios Oct 28,2011trained to detect Project Review

    LITERATURE SURVEY(cont)
    Classification on the basis of Placement of IDS[14]
    Host-based intrusion detection Network-based intrusion detection
    Host-based intrusion detection single host monitors the activities of a single host

    Network-based intrusion detection In Network monitors the network for malicious traffic
    Oct 28,2011 Project Review 4

    LITERATURE SURVEY(cont)
    Classification on the basis of functional characterization of detection
    Statistical based techniques Knowledge based techniques Machine learning based techniques

    Statistical based techniques[16]


    Define normal or expected behavior by collecting data search for unusual behavior detect new attacks and vulnerabilities in the system high false alarm is drawback
    Project Review 5

    Oct 28,2011

    LITERATURE SURVEY(cont)
    Knowledge based techniques[15] knowledge accumulated from various known attacks and system vulnerabilities detect intrusions which are defined previously in the knowledge base difficult to update the IDS Machine learning based techniques
    uses the hypothesis model that enables the pattern analyzed to be categorized to improve the performance of search and data analysis data reduction and classification resource expensive nature
    Project Review 6

    Oct 28,2011

    LITERATURE SURVEY(cont)
    Classification of Machine learning based IDS

    Bayesian networks [18]


    encodes probabilistic relationships combination with statistical schemes highly dependent on the assumptions similar to threshold-based systems deviation in these hypotheses

    Oct 28,2011

    Project Review

    LITERATURE SURVEY(cont)
    Markov models[20][19]
    a set of states that are interconnected probabilities associated to the transitions are estimated comparing the anomaly score obtained for the observed sequences with a fixed threshold. context of host IDS

    Oct 28,2011

    Project Review

    LITERATURE SURVEY(cont)
    Neural networks[32]
    field of anomaly intrusion detection employed to create user profiles, flexibility and adaptability to environmental changes

    Genetic algorithms[25][27]
    global search heuristics classification rules and selecting appropriate features or optimal parameters use of a flexible and robust global search method high resource consumption

    Oct 28,2011

    Project Review

    LITERATURE SURVEY(cont)
    Clustering and outlier detection
    grouping the observed . each new data point is classified Some points may not belong to any cluster raw audit data

    Oct 28,2011

    Project Review

    10

    COMPARSION
    Technique Behavioral based Pros Prior knowledge about normal activity not required. Accurate notification of malicious activities. Cons Susceptible to be trained by attackers. Difficult setting for parameters and metrics. Unrealistic quasi-stationary process assumption. Knowledge based Robustness. scalability Flexibility and Difficult and time-consuming availability for high-quality knowledge/data. Machine learning based Flexibility and adaptability. Capture of interdependencies High dependency on the assumption about the behavior accepted for the system. High resource consuming.

    Oct 28,2011

    Project Review

    11

    You might also like