Intruders (And How to Keep Them Out) - Intruders(and How to Keep Them Out Miracle Max Have fun stormin da castle Valerie Think it'll work Miracle Max

Intruders (And How to Keep Them Out) - Intruders(and How to...

This preview shows page 1 - 14 out of 69 pages.

Miracle Max: Have fun stormin' da castle!Valerie:Think it'll work?
Track events and characteristics of the systemNetwork packets (source, size, number, protocol, port)Program behaviorWhich programs are run whenWhat arguments are given to programUser behaviorLogin patternFiles accessedLook for “unusual” patternsNeed a background “level” of normal activityMust account for “normal anomalies”Example: user decides to try a new programExample: user works late to finish a projectStatistical anomaly detection9
Common denial of service (DoS) atttack: SYN floodNormal TCP: SYN, SYN/ACK, ACKDoS: SYN, SYN/ACK, ignoredSYN/ACK packets queue up on victimNumber of queued SYN/ACK packets is limited!No new connections once limit is exceededCan this be detected?Anomaly detection example10AttackerVictim
Common denial of service (DoS) atttack: SYN floodNormal TCP: SYN, SYN/ACK, ACKDoS: SYN, SYN/ACK, ignoredSYN/ACK packets queue up on victimNumber of queued SYN/ACK packets is limited!No new connections once limit is exceededCan this be detected?Anomaly detection example10SYNAttackerVictim

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture