Professional Documents
Culture Documents
Internal assessment
Presentation
Name : Nishant Kumar Kaushal
Roll no : 215/UCC/001
Program : Btech CSE - Cyber Security
Faculty : Dr. Aarti Gautam Dinker
Course : Cryptography and data privacy
Intruders
Intruder is a unauthorized person or entity that tries to access the system without the
permission with the intent of doing harm, stealing data, or interfering with regular
operations.
The intrusive party might be a hacker, a hostile insider, or someone seeking to take
advantage of a system weakness.
After the hacker has access to the network or system, they could try to steal important
data, put malware on the system, or seize control of it.
Types of Intruders
Intruders are divided into three categories:
1. Masquerader
2. Misfeasor
3. Clandestine user
Types of Intruders
1.Masquerader :
The category of individuals that are not authorized to use the system but still exploit
users’ privacy and confidential information by possessing techniques that give them
control over the system, such category of intruders is referred to as Masquerader.
Masqueraders are outsiders and hence they don’t have direct access to the system,
their aim is to attack unethically to steal data/ information.
2.Misfeasor :
The category of individuals that are authorized to use the system, These are
individuals that take undue advantage of the permissions and access given to them,
such category of intruders is referred to as Misfeasor.
Misfeasors are insiders and they have direct access to the system, which they aim to
attack unethically for stealing data/ information.
3.Clandestine User :
The category of individuals who have supervision/administrative control over
the system and misuse the authoritative power given to them. The misconduct
of power is often done by superlative authorities for financial gains, such a
category of intruders is referred to as Clandestine Users.
A Clandestine User can be any of the two, insiders or outsiders, and
accordingly, they can have direct/ indirect access to the system, which they
aim to attack unethically by stealing data/ information.
Components of IDS:
An IDS is composed of several components:
• Sensors which generate security events
• A Console to monitor events and alerts and control the sensors
• A central Engine that records events logged by the sensors in a database
and uses a system of rules to generate alerts from security events received
Internal Network
External network
How it works
1 An IDS (Intrusion Detection System) monitors the traffic on a computer network to detect any suspicious activity.
2 It analyzes the data flowing through the network to look for patterns and signs of abnormal behavior.
3 The IDS compares the network activity to a set of predefined rules and patterns to identify any activity that might indicate
an attack or intrusion.
4 If the IDS detects something that matches one of these rules or patterns, it sends an alert to the system administrator.
5 The system administrator can then investigate the alert and take action to prevent any damage or further intrusion.
Classification of Intrusion Detection System (IDS)
IDS are classified into 5 types:
1. Network Intrusion Detection System (NIDS)
2. Host Intrusion Detection System (HIDS)
3. Protocol-based Intrusion Detection System (PIDS)
4. Application Protocol-based Intrusion Detection System (APIDS)
5. Hybrid Intrusion Detection System
Example:
Snort : Snort is a open source network intrusion detection and prevention system
capable of performing packet logging and real-time traffic analysis, on IP networks
Technologies used in NIDS are:
1.Signature-based Detection: This method involves comparing network traffic against a
database of known attack patterns or signatures. If a match is found, it triggers an alert.
However, it might miss newer or unknown threats.
3.Heuristic-based Detection: Heuristic analysis identifies patterns that are not explicitly
defined as malicious but exhibit suspicious behavior. It uses rules and algorithms to
identify potential threats based on behaviors that resemble known attack methods.
2.File Integrity Monitoring (FIM): FIM tracks changes to critical system files,
directories, and configurations. It creates hashes or checksums of files and
compares them to detect any unauthorized modifications.
2.Protocol Analysis: Focusing on specific network protocols (e.g., HTTP, FTP, SMTP) to
detect irregularities or malicious actions that deviate from the expected behavior of these
protocols
4.Application Protocol-based Intrusion Detection System (APIDS):
An application protocol-based intrusion detection system (APIDS) is an intrusion
detection system that focuses its monitoring on communications that occur
between applications and the server.
Example : Secerno : The Secerno is a database activity monitoring, database policy
enforcement and database compliance auditing solutions but does not directly
block potential threats.
Technology used in Application protocol based IDS:
1.Machine Learning and AI: Implementing algorithms that can learn from network
traffic patterns and detect anomalies. They can adapt and improve detection
capabilities over time.
Types of IPS:
There are four types of IPS:
1. Network-based intrusion prevention system (NIPS)
2. Wireless intrusion prevention system (WIPS)
3. Host-based intrusion prevention system (HIPS)
4. Network behavioral analysis (NBA)
1. Network-based intrusion prevention system (NIPS):
A NIPS monitors and protects an entire network from anomalous or
suspicious behavior.
This is a broad-based system that can be integrated with additional
monitoring tools to help provide a comprehensive view of an organization’s
network.
1. Signature-based:
Signature-based detection is a detection method based on a
dictionary of uniquely identifiable patterns (or signatures) in the code
of each exploit.
As an exploit is discovered, its signature is recorded and stored in a
continuously growing dictionary of signatures.
2.Anomaly based detection:
Anomaly-based detection takes samples of network traffic at random and
compares them to a pre-calculated baseline performance level.
When the traffic activity is outside the parameters of baseline performance, the
IPS takes action.