logging in or signing up Distributed Intrusion Detection System Based On Clustering ajaymuthappa Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 117 Category: Science & Tech.. License: All Rights Reserved Like it (1) Dislike it (0) Added: July 19, 2011 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Distributed Intrusion Detection System Based On Clustering: By Ajay Muthappa 091902 MS AIMIT,Mangalore D istributed I ntrusion Detection System B ased On C lusteringSlide 2: Overview • Introduction • Architecture of IDS • Architecture of DIDS • Inline Network Based System • Conclusion • ReferencesSlide 3: Introduction What is actually Intrusion Detection System(IDS)? • A component of computer and network infrastructure which is aimed at detecting attacks against computer systems and networks , or information system. IDS implementation: • As a hardware installed on the network • Or as an agent on an existing piece of hardware that is connected to the network.Slide 4: AAFID (Autonomous Agents For Intrusion detection)is a distributed anomaly detection system that employs autonomous agents at the lowest level for data collection and analysis. At the higher levels of the hierarchy transceivers. Distributed Intrusion Detection S ystem (DIDS) Autonomous Agents For Intrusion detection Clustering technique groups a set of data that exhibit similar characteristics into meaningful subclasses according to some pre- defined metrics so that the member is quite similar to one another within the same cluster, and the members from different clusters are quite dissimilar from each other. Clustering A DIDS can be defined as: “consists of multiple Intrusion Detection Systems (IDS) over a large network, all of which communicate with each other, or with a central server that facilitates advanced network monitoring, incident analysis, an instant attack data”.Slide 5: Architecture of IDSExplanation: Explanation The first level is based on rules and safety procedures. This approach allows to shape the rules that describe the unintended uses, is relying on past intrusions or known weaknesses . To block intrusions complex unknown by the system or represent low threat. The level 2 of this device identifies these events and automatically determines whether action is needed due to cognitive abilities of its staff.Cont….: Cont…. Agents responsible for collecting sensor data exchanged on the network or those who arrive at a sensitive position and will be transmitted to comparators. Comparators agents, with the reactive capacity, responsible to compare the flow of events with the rules and procedures describing the unintended uses. Cognitive agents with adaptive and learning function, their role is to check whether the event may represent a low threat and react quickly when an intrusion to block traffic and prevent the agent generator warning. Agents generating alerts their role is to generate an alert message to the appropriate administrator and store information about the event in a log file.Description of the method of detection: Description of the method of detection Gather the event flow passing through the agent sensor Analyze the agent compare the data collected and compare them to a database of rules and procedures to determine the degree of threat represented by the intrusion Check the level of intrusion is acceptable or not and determine the direction of traffic, it will continue its path towards cognitive agent or close the connection Make the cognitive agent further investigation of the flow of event and determine its condition and decide to let the traffic continued its path toward the target or block Storing information on the event at risk in a file log and generate a notification message intrusion by generating agent alert. Fuelling basic rules and procedures by the security administrator.Architecture of DIDS: Architecture of DIDSExplanation of DIDS: Explanation of DIDS The central IDS node and agent IDS may physically reside on the same computer, they are logically independent and communicate bi-directionally each other. There can be several central IDSs resided on several hosts but only one is running. If the central IDS in running lose communication with Agent ID, another central IDS will take the task, so that there is without the problem of a single point failure . All agents are primarily responsible for collecting network data from data sources, normalizing them, analyzing and choosing candidate anomalies from the analysis .Inline Network Based IDPS: Inline Network Based IDPS An inline sensor is deployed so that the network traffic it is monitoring must pass through it, much like the traffic flow associated with a firewall. The primary motivation for deploying IDPS sensors inline is to enable them to stop attacks by blocking network traffic . Inline sensors are typically placed where network firewalls and other network security devices would be placed—at the divisions between networksConclusions: Conclusions The future of IDS lies on data correlation Alarm correlation mechanism aims at acquiring intrusion detection alerts and relating them together to expose more condensed view of the security issues . Artificial Intelligence plays an important role in improving the performance of IDS technology . Adaptability (vs. specific rules)Reference: Reference An Introduction To Distributed Intrusion Detection Systems"[M]. Security Focus. Jan 2001. [2] William Stallings: Cryptography and Network Security, Third Edition (Digital Signatures)Question & Answers: Question & Answers You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Distributed Intrusion Detection System Based On Clustering ajaymuthappa Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 117 Category: Science & Tech.. License: All Rights Reserved Like it (1) Dislike it (0) Added: July 19, 2011 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Distributed Intrusion Detection System Based On Clustering: By Ajay Muthappa 091902 MS AIMIT,Mangalore D istributed I ntrusion Detection System B ased On C lusteringSlide 2: Overview • Introduction • Architecture of IDS • Architecture of DIDS • Inline Network Based System • Conclusion • ReferencesSlide 3: Introduction What is actually Intrusion Detection System(IDS)? • A component of computer and network infrastructure which is aimed at detecting attacks against computer systems and networks , or information system. IDS implementation: • As a hardware installed on the network • Or as an agent on an existing piece of hardware that is connected to the network.Slide 4: AAFID (Autonomous Agents For Intrusion detection)is a distributed anomaly detection system that employs autonomous agents at the lowest level for data collection and analysis. At the higher levels of the hierarchy transceivers. Distributed Intrusion Detection S ystem (DIDS) Autonomous Agents For Intrusion detection Clustering technique groups a set of data that exhibit similar characteristics into meaningful subclasses according to some pre- defined metrics so that the member is quite similar to one another within the same cluster, and the members from different clusters are quite dissimilar from each other. Clustering A DIDS can be defined as: “consists of multiple Intrusion Detection Systems (IDS) over a large network, all of which communicate with each other, or with a central server that facilitates advanced network monitoring, incident analysis, an instant attack data”.Slide 5: Architecture of IDSExplanation: Explanation The first level is based on rules and safety procedures. This approach allows to shape the rules that describe the unintended uses, is relying on past intrusions or known weaknesses . To block intrusions complex unknown by the system or represent low threat. The level 2 of this device identifies these events and automatically determines whether action is needed due to cognitive abilities of its staff.Cont….: Cont…. Agents responsible for collecting sensor data exchanged on the network or those who arrive at a sensitive position and will be transmitted to comparators. Comparators agents, with the reactive capacity, responsible to compare the flow of events with the rules and procedures describing the unintended uses. Cognitive agents with adaptive and learning function, their role is to check whether the event may represent a low threat and react quickly when an intrusion to block traffic and prevent the agent generator warning. Agents generating alerts their role is to generate an alert message to the appropriate administrator and store information about the event in a log file.Description of the method of detection: Description of the method of detection Gather the event flow passing through the agent sensor Analyze the agent compare the data collected and compare them to a database of rules and procedures to determine the degree of threat represented by the intrusion Check the level of intrusion is acceptable or not and determine the direction of traffic, it will continue its path towards cognitive agent or close the connection Make the cognitive agent further investigation of the flow of event and determine its condition and decide to let the traffic continued its path toward the target or block Storing information on the event at risk in a file log and generate a notification message intrusion by generating agent alert. Fuelling basic rules and procedures by the security administrator.Architecture of DIDS: Architecture of DIDSExplanation of DIDS: Explanation of DIDS The central IDS node and agent IDS may physically reside on the same computer, they are logically independent and communicate bi-directionally each other. There can be several central IDSs resided on several hosts but only one is running. If the central IDS in running lose communication with Agent ID, another central IDS will take the task, so that there is without the problem of a single point failure . All agents are primarily responsible for collecting network data from data sources, normalizing them, analyzing and choosing candidate anomalies from the analysis .Inline Network Based IDPS: Inline Network Based IDPS An inline sensor is deployed so that the network traffic it is monitoring must pass through it, much like the traffic flow associated with a firewall. The primary motivation for deploying IDPS sensors inline is to enable them to stop attacks by blocking network traffic . Inline sensors are typically placed where network firewalls and other network security devices would be placed—at the divisions between networksConclusions: Conclusions The future of IDS lies on data correlation Alarm correlation mechanism aims at acquiring intrusion detection alerts and relating them together to expose more condensed view of the security issues . Artificial Intelligence plays an important role in improving the performance of IDS technology . Adaptability (vs. specific rules)Reference: Reference An Introduction To Distributed Intrusion Detection Systems"[M]. Security Focus. Jan 2001. [2] William Stallings: Cryptography and Network Security, Third Edition (Digital Signatures)Question & Answers: Question & Answers