CONTENTS

• Introduction of IDS
• Application
• Features
• Supporting languages
• Description
• Conclusion
• refrences
 Intrusion detection system

IDS is a device or software application that monitors

a network or systems for malicious activity or
policy violations. Any intrusion activity or violation
is typically reported either to an administrator or
collected centrally using a security information and
event management system. A SIEM system
combines outputs from multiple sources and
uses alarm filtering techniques to distinguish
malicious activity from false alarms.
 Principles of Intrusion Detection
Systems

• An IDS must run unattended for extended periods of

• time
• The IDS must stay active and secure
• The IDS must be able to recognize unusual activity
• The IDS must operate without unduly affecting the
system’s activity
• The IDS must be configurable
 Functions of IDS

• An IDS detects attacks as soon as possible and

takes
• appropriate action.
• An IDS does not usually take preventive
measures when
• an attack is detected.
• It is a reactive rather than a pro-active agent.
• It plays a role of informant rather than a police
officer.
 Types of Intruders

• In an early study of intrusion, Anderson identified

• three classes of intruders:
• Masqueraders: An individual who is not authorized to
• use the computer and who penetrates a system’s
• access controls to exploit a legitimate user’s account.
• Misfeasor: A legitimate user who accesses
• data, programs or resources for which such access is
• not authorized, or who is authorized for such access
• but misuses his or her privileges.
• Clandestine user: An individual who seizes
• supervisory control of the system and uses this
• control to evade auditing and access controls or to
• suppress audit actions.
 Supporting language
• HTML
• CSS
• JAVA SCRIPT
• SQL
 Detection
• System file comparisons against malware
signatures.
• Scanning processes that detect signs of
harmful patterns.
• Monitoring user behavior to detect malicious
intent.
• Monitoring system settings and
configurations.
 Prevention
• An IPS complements an IDS configuration by
proactively inspecting a system’s incoming traffic to
weed out malicious requests. A typical IPS
configuration uses web application firewalls and traffic
filtering solutions to secure applications.
• An IPS prevents attacks by dropping malicious packets,
blocking offending IPs and alerting security personnel
to potential threats. Such a system usually uses a
preexisting database for signature recognition and can
be programmed to recognize attacks based on traffic
and behavioral anomalies.
 Consequences of Intrusion

Intruder attacks range from benign to

the serious. At the benign end of the scale, there
are many people who simply wish to explore
internet and what is out there. At the serious
end, intruder may attempt following:
• Read privileged data.
• Perform unauthorized modification to data.
• Disrupt the system settings.
 Conclusions

• Future research trends seem to be converging

• towards a model that is hybrid of the anomaly
and
• misuse detection models.
• It is slowly acknowledged that neither of the
models
• can detect all intrusion attempts on their own.