• Introduction of IDS • Application • Features • Supporting languages • Description • Conclusion • refrences Intrusion detection system
IDS is a device or software application that monitors
a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms. Principles of Intrusion Detection Systems
• An IDS must run unattended for extended periods of
• time • The IDS must stay active and secure • The IDS must be able to recognize unusual activity • The IDS must operate without unduly affecting the system’s activity • The IDS must be configurable Functions of IDS
• An IDS detects attacks as soon as possible and
takes • appropriate action. • An IDS does not usually take preventive measures when • an attack is detected. • It is a reactive rather than a pro-active agent. • It plays a role of informant rather than a police officer. Types of Intruders
• In an early study of intrusion, Anderson identified
• three classes of intruders: • Masqueraders: An individual who is not authorized to • use the computer and who penetrates a system’s • access controls to exploit a legitimate user’s account. • Misfeasor: A legitimate user who accesses • data, programs or resources for which such access is • not authorized, or who is authorized for such access • but misuses his or her privileges. • Clandestine user: An individual who seizes • supervisory control of the system and uses this • control to evade auditing and access controls or to • suppress audit actions. Supporting language • HTML • CSS • JAVA SCRIPT • SQL Detection • System file comparisons against malware signatures. • Scanning processes that detect signs of harmful patterns. • Monitoring user behavior to detect malicious intent. • Monitoring system settings and configurations. Prevention • An IPS complements an IDS configuration by proactively inspecting a system’s incoming traffic to weed out malicious requests. A typical IPS configuration uses web application firewalls and traffic filtering solutions to secure applications. • An IPS prevents attacks by dropping malicious packets, blocking offending IPs and alerting security personnel to potential threats. Such a system usually uses a preexisting database for signature recognition and can be programmed to recognize attacks based on traffic and behavioral anomalies. Consequences of Intrusion
Intruder attacks range from benign to
the serious. At the benign end of the scale, there are many people who simply wish to explore internet and what is out there. At the serious end, intruder may attempt following: • Read privileged data. • Perform unauthorized modification to data. • Disrupt the system settings. Conclusions
• Future research trends seem to be converging
• towards a model that is hybrid of the anomaly and • misuse detection models. • It is slowly acknowledged that neither of the models • can detect all intrusion attempts on their own.