csce522-lect21

csce522-lect21 - Intrusion Control Readings Lecture Notes...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Intrusion Control
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 2 Readings Lecture Notes Pfleeger: Chapter 7.5
Background image of page 2
CSCE 522 - Farkas 3 Historical Research - Prevention It is better to prevent something than to plan for loss.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 4 Misuse Prevention Prevention techniques : first line of defense Secure local and network resources Techniques: cryptography, identification, authentication, authorization, access control, security filters, etc. Problem: Losses occur !
Background image of page 4
CSCE 522 - Farkas 5 Contributing Factors for Misuse Many security flaws in systems Secure systems are expensive Secure systems are not user-friendly “Secure systems” still have flaws Insider Threat Hackers’ skills and tools improve
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 6 Need: Intrusion Prevention : protect system resources Intrusion Detection : (second line of defense) discriminate intrusion attempts from normal system usage Intrusion Recovery : cost effective recovery models
Background image of page 6
CSCE 522 - Farkas 7 Why Intrusion Detection? Second line of defense Deter intruders Catch intruders Prevent threats to occur (real-time IDS) Improve prevention/detection techniques
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 8 Intrusion Detection - Milestones 1980 : Deviation from historical system usage (Anderson) 1987 : framework for general-purpose intrusion detection system (Denning) 1988 : intrusion detection research splits Attack signatures based detection (MIDAS) Anomaly detection based detection (IDES)
Background image of page 8
CSCE 522 - Farkas 9 Intrusion Detection - Milestones Early 1990s : Commercial installations IDES, NIDES (SRI) Haystack, Stalker (Haystack Laboratory Inc.) Distributed Intrusion Detection System (Air Force) Late 1990s - today : Integration of audit sources Network based intrusion detection Hybrid models Immune system based IDS
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 10 Terminology Audit : activity of looking at user/system behavior, its effects, or the collected data Profiling : looking at users or systems to determine what they usually do Anomaly
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 35

csce522-lect21 - Intrusion Control Readings Lecture Notes...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online