csce201-lect10

csce201-lect10 - CSCE201 CSCE201 IntrusionDetection...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
CSCE 201 CSCE 201 Intrusion Detection  Intrusion Detection  Fall 2010 Fall 2010
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 201 - Farkas 2 Historical Research - Prevention Historical Research - Prevention It is better to prevent something than to plan for loss.
Background image of page 2
CSCE 201 - Farkas 3 Misuse Prevention Misuse Prevention Prevention techniques : first line of defense Secure local and network resources Techniques: cryptography, identification, authentication, authorization, access control, security filters, etc. Problem: Losses occur !
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 201 - Farkas 4 Contributing Factors for Misuse Contributing Factors for Misuse Many security flaws in systems Secure systems are expensive Secure systems are not user-friendly “Secure systems” still have flaws Insider Threat Hackers’ skills and tools improve
Background image of page 4
CSCE 201 - Farkas 5 Need: Need: Intrusion Prevention : protect system resources Intrusion Detection : (second line of defense) discriminate intrusion attempts from normal system usage Intrusion Recovery : cost effective recovery models
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 201 - Farkas 6 Why Intrusion Detection? Why Intrusion Detection? Second line of defense Deter intruders Catch intruders Prevent threats to occur (real-time IDS) Improve prevention/detection techniques
Background image of page 6
CSCE 201 - Farkas 7 Intrusion Detection - Milestones Intrusion Detection - Milestones 1980 : Deviation from historical system usage (Anderson) 1987 : framework for general-purpose intrusion detection system (Denning) 1988 : intrusion detection research splits Attack signatures based detection (MIDAS) Anomaly detection based detection (IDES)
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 201 - Farkas 8 Intrusion Detection - Milestones Intrusion Detection - Milestones Early 1990s : Commercial installations IDES, NIDES (SRI) Haystack, Stalker (Haystack Laboratory Inc.) Distributed Intrusion Detection System (Air Force) Late 1990s - today : Integration of audit sources Network based intrusion detection Hybrid models Immune system based IDS
Background image of page 8
CSCE 201 - Farkas 9 Terminology Terminology Audit : activity of looking at user/system behavior, its effects, or the collected data Profiling : looking at users or systems to determine
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 33

csce201-lect10 - CSCE201 CSCE201 IntrusionDetection...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online