Professional Documents
Culture Documents
SYSTEM
Content
What is Intrusion
What are Intruders and their types
What is IDS
Principle of IDS
Components
Functions of IDS
Classification of IDS
Types of IDS
Conclusion
What is an intrusion?
• Any set of actions that attempt to compromise
the confidentiality, integrity, or availability of a
computer resource
Intruders and their types
Many computer security incidents are caused by Unauthorized users
which are called as Intruders who could not be blocked by firewalls. So
as a next level of defense we are using Intrusion detection system.
IDS
Signature Anomaly
based based
Signature based
• Signature based IDS analyses content of each packet at layer
7 and compares it with a set of predefined signatures.
• Works similar to Antivirus.
• Highly effective towards well known attack.
• Can be bypassed by changing the signature of attack.
Anomaly based
• Monitors network traffic and compares it against an
established baseline for normal use and classifying it
as either normal or anomalous.
• Based on rules, rather than patterns or signatures.
• Can be accomplished using Artificial intelligence.
Types of IDS
Network
IDS
IDS
Host IDS
Network IDS
• Connected to network segments to monitor,
analyze and respond to network traffic.
• A single IDS sensor can monitor many hosts.
• Example : Snort
Host IDS
• A software or Agent installed on computers to
monitor input and output packets from device
• It performs log analysis, file integrity checking, policy
monitoring, real-time alerting and active response.
• Examples : Cisco Security Agent (CSA)
Conclusion
Future research trends seem to be converging
towards a model that is hybrid of the anomaly
and misuse detection models.
It is slowly acknowledged that neither of the
models can detect all intrusion attempts on
their own.
THANK YOU