Premium Essay

Intrusion Detection

In:

Submitted By singhmanish3001
Words 3561
Pages 15
RESEARCH REPORT – CP5603

INTRUSION DETECTION

ASHWIN DHANVANTRI

JAMES COOK UNIVERSITY AUSTRILIA

SINGAPORE CAMPUS

STUDENT ID 12878531

Table Of Contents

Title Page No

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Types of Intrusion Detection System . . . . . . . . . . . . . . . . . . . . . . . 2

Working Of Intrusion Detection System. . . . . . . . . . . . . . . . . . . . . 3

System Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Outline Technical Needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Functional Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Literature Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Module Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Class Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Use case Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Sequence Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Technology Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

INTRODUCTION

Intrusion detection is a system or a software application that detects an attack caused by the intruder. It is installed in the network or system to monitor the malicious activities or policy violations and submit the report to the network administration department. The

Similar Documents

Free Essay

Intrusion Detection

...Term paper cyber security awareness -Topic- Network intrusion detection methods INTRODUCTION Intrusions are the activities that violate the security policy of the system, and intrusion detection is the process used to identify intrusions. Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent. Intrusion Detection Systems (IDSs) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second line of defense that protects information systems. Intrusion detection provides a way to identify and thus allow responses to, attacks against these systems. Second, due to the limitations of information security and software engineering practice, computer systems and applications may have design flaws or bugs that could be used by an intruder to attack the systems or applications. As a result, certain preventive mechanisms (e.g., firewalls) may not be as effective as expected. Intrusion detection complements these protective mechanisms to improve the system security. Moreover, even if the preventive security mechanisms can protect information systems successfully, it is still desirable to know what intrusions have happened or are happening, so that we can understand the security threats and risks and thus be better prepared for future attacks. IDSs may be classified into Host-Based IDSs, Distributed IDSs, and Network-Based IDSs according...

Words: 1083 - Pages: 5

Free Essay

Intrusion Detection

...Intrusion detection Intrusion detection is a means of supervising the events that occur in a computer system or network. This includes examining them for traces of possible incidents that are in violations or threats of violation of computer security policies, acceptable use policies, or standard security practices (Ogunleye & Ogunde, 2011). Intrusion detection is become more than ever an important focus of many organization. This focus is driven by the availability of more information systems and globalization through the use of the internet. The market place is no longer the residents of a small town going to the local mall, but services online available to anyone with a web browser. With all this access vastly multiplies the possibilities of one masked robber in a year to thousands of wrong dowers at a desktop or laptop that has discovered vulnerability in the system and decides to take the chance to exploit it. There are various approaches an organization can use to deal with many of the problems that exist with securing an information system. Jain’s (2008) article from the ICFAI Journal of Information Technology depicts a scenario of a network intrusion detection team and how situation can be averted: …The hackers started with slating down the objectives of their ‘Limited Knowledge Penetration Testing’, also referred to as ‘White Box Approach’, and gathered sufficient information to ensure that the testing did not affect the normal business operations. They emulated a...

Words: 1808 - Pages: 8

Free Essay

Intrusion Detection Systems

...Intrusion Detection Systems CMIT368 August 12, 2006 Introduction As technology has advanced, information systems have become an integral part of every day life. In fact, there are not too many public or private actions that can take part in today’s society that do not include some type of information system at some level or another. While information systems make our lives easier in most respects, our dependency upon them has become increasingly capitalized upon by persons with malicious intent. Therefore, security within the information systems realm has introduced a number of new devices and software to help combat the unfortunate results of unauthorized network access, identity theft, and the like – one of which is the intrusion detection system, or IDS. Intrusion detection systems are primarily used to detect unauthorized or unconventional accesses to systems and typically consist of a sensor, monitoring agent (console), and the core engine. The sensor is used to detect and generate the security events, the console is used to control the sensor and monitor the events/alarms it produces, and the engine compares rules against the events database generated by the sensors to determine which events have the potential to be an attack or not (Wikipedia, 2006, para. 1-3). IDS generally consist of two types – signature-based and anomaly-based. Signature-based IDS operate by comparing network traffic against a known database of attack categories. In fact...

Words: 1749 - Pages: 7

Free Essay

Distributed Intrusion Detection Using Mobile Agent in Distributed System

...Emerging Trends in Computer Science and Information Technology -2012(ETCSIT2012) Proceedings published in International Journal of Computer Applications® (IJCA) Distributed Intrusion Detection using Mobile Agent in Distributed System Kuldeep Jachak University of Pune, P.R.E.C Loni, Pune, India Ashish Barua University of Pune, P.R.E.C Loni, Delhi, India ABSTRACT Due to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. There is tremendous rise in attacks on wired and wireless LAN. Therefore security of Distributed System (DS) is become serious challenge. One such serious challenge in DS security domain is detection of rogue points in network. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. This paper gives the new idea for detecting rouge point using Mobile agent. Mobile agent technology is best suited for audit information retrieval which is useful for the detection of rogue points. Using Mobile agent we can find the intruder in DS as well as controller can take corrective action. This paper presents DIDS based on Mobile agents and band width consumed by the Mobile Agent for intrusion detection. information it receives from each of the monitors. Some of the issues with the existing centralized ID models are:  Additions of new hosts cause the load on the centralized...

Words: 2840 - Pages: 12

Free Essay

Lab #10 Securing the Network with an Intrusion Detection System (Ids)

...Lab #10 Securing the Network with an Intrusion Detection System (IDS) Introduction Nearly every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection. Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage. A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS provides...

Words: 3209 - Pages: 13

Premium Essay

Intrusion Detection System

...Intrusion Detection System ABSTRACT: An Intrusion Detection System (IDS) is a program that analyzes the computer during the execution, tries to find and indications that the computer has been misused. One of the main concept in (IDS) is distributed Intrusion Detection System (DIDS). It consists of several IDS over a large network of all of which communicate with each other. The DIDS mainly evaluate with fuzzy rule based classifiers. It deals with both wired and wireless network by Ad-Hoc network. It explores the use of conversation exchange dynamics (CED) to integrate and display sensor information from multiple nodes. It examines the problem of distributed intrusion detection in Mobile Ad-Hoc Networks (MANETs). Intrusion Detection System...

Words: 1585 - Pages: 7

Free Essay

Ntc 411 Week 5 Individual Security Solutions

...Class through Our Product Categories or From Our Search Bar (http://hwguiders.com/ ) Resources: SkillSoft (2012). CompTIA Network+ 2012: Network Security Part 3. Complete the Security Solutions Model module in Skillport. Attach a copy (screen shot) of the final test page to your assignment below. Scenario: Your boss wants to know how to detect an intrusion into or an attack on the ecommerce network. Your boss also wants to know what hardware or software should be procured for intrusion detection. Write a 2- to 3-page business report describing the hardware and/or software you believe should be considered for implementation. Include your reasoning for why the described hardware and/or software should be procured and implemented. Address the following questions raised by your boss: Does a properly installed and maintained firewall provide adequate defense against intrusion? What is an IPS and do we need one in an ecommerce network? Do we need a group of network personnel to monitor the ecommerce network for intrusions 24/7? Will any of this hardware or software facilitate a real-time response to an intrusion? Format your business report consistent with APA guidelines. NTC 411 Week 5 Individual Security Solutions Get Tutorial by Clicking on the link below or Copy Paste Link in Your Browser https://hwguiders.com/downloads/ntc-411-week-5-individual-security-solutions/ For More Courses and Exams use this form ( http://hwguiders.com/contact-us/ ) Feel...

Words: 5062 - Pages: 21

Premium Essay

The Hacker in All of Us

...vulnerable. 2. What is the magnitude of the risk? That is, if security is compromised, what is the potential cost to the victim? Again this will depend on the user. Your average home users will run the risk of viruses, loss of data due to system crash and identity theft if they are not careful. With the Business or Corporate users the magnitude of the risk is much greater. If it is a financial institute, we could be talking millions of dollars at risk if security is compromised. 3. What policies and procedures can you suggest to counter the types of threats illustrated in this case study? * Intrusion Detection: A security service that monitors and analyzes system events for the purpose of finding and providing real-time or near-real-time warning of, attempts to access system resources in an unauthorized manner. * If an intrusion is detected quickly enough, the intruder can be identified and ejected from the system before any damage is done or any data compromised. * An effective IDS can serve as...

Words: 530 - Pages: 3

Premium Essay

Nt1310 Unit 1 Exercise 1

...III .IDS SYSTEM Nodes in MANETs assume that other nodes always cooperate with each other to relay data. This assumption leaves the attackers with the opportunities to achieve significant impact on the network with just one or two compromised nodes. To address this problem, the IDS should be added to enhance the security level of MANETs. If MANETs can detect the attackers as soon as they enter the network to completely eliminate the potential damages caused by compromised nodes at the first time. IDS is usually act as the second layer in MANETs. a.Watchdog The watchdog that aims to improve the throughput of network with the presence of malicious nodes [10]. Watchdog serves as IDS for MANETs. It is responsible for detecting malicious node misbehavior's in the network. Watchdog detects malicious misbehavior's by promiscuously listening to its next hop’s transmission. If a Watchdog node overhears that its next node fails to forward the packet within a certain period of time, it increases its failure counter. Whenever a node’s failure counter exceeds a predefined threshold, the Watchdog node reports it as misbehaving. The watchdog is capable of detecting malicious nodes rather than links. These advantages have made the Watchdog scheme a popular choice in the field. Many MANET IDSs are either based on or developed as an improvement to the Watchdog scheme the Watchdog scheme fails to detect malicious misbehavior's with the presence of the following: 1) ambiguous collisions; 2)...

Words: 581 - Pages: 3

Premium Essay

Attack Prevention Paprer

...Attack Prevention Paper Introduction Cyber-attacks which are exclusively performed for the only objective of information collecting vary from monitoring the activities which a user makes to copying vital documents included in a hard drive. While those which do harm generally involve monetary thievery and interruption of services. Cyber-attacks are a slowly growing situation which is based on technology. The secret to avoiding this kind of attack is in the applications and programs which one uses for protection which identifies and informs the user that an attack is certain generally known as Cyber Warfare. As stated in the 1st explanation. However dependence and reliance aren't the only items which technology provides. Or an effort to monitor the online moves of people without their permission as the sophistication of cyber criminals continues to increase; their methods and targets have also evolved. Instead of building the large Internet worms that have become so familiar, these criminals are now spending more time concentrating on wealth gathering crimes, including fraud and data theft. An online article from Cyber Media India Online Ltd., suggests that because home users often have the poorest security measures in place, they have become the most widely targeted group. Cyber Media states that 86% of all attacks are aimed at home users (2006). As attacks on home users increase, new techniques are surfacing, including the use...

Words: 951 - Pages: 4

Premium Essay

Cyber Terror

...developing and implementing security policies and procedures, and promoting security awareness. (Nextgov, 2009) In January 2008, President Bush introduced the Comprehensive National Cybersecurity initiative ( CNCI). The CNCI included a number of reinforcing methods that included 1.) Managing the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections. This is headed by the Office of Management and Budget and the Department of Homeland Security, it covers the consolidation of the Federal Government’s external access points (including those to the Internet) 2.) Deploy an intrusion detection system of sensors across the Federal enterprise. Intrusion Detection Systems using passive sensors form a vital part of U.S. Government network defenses by identifying when unauthorized users attempt to gain access to those networks. 3.) Pursue deployment of intrusion prevention systems across the Federal enterprise. This Initiative represents the next evolution of protection for civilian Project 8:...

Words: 538 - Pages: 3

Premium Essay

Homework 1

...IS4560 Hacker tools, techniques and incident handeling Unit 1 Homework 1 Attacks are defined as any malicious activity carried out over a network that has been detected by an intrusion detection system, intrusion prevention system, or firewall. Based on the geographical map the whitepaper lays out for us, the United States receives chart topping threats in malicious code, phishing hosts, bots, and attack origin. Web based threats are increasing by the day with the endless amount of client-side vulnerabilities, attackers can focus on websites to mount additional, client side attacks. The most common web based attack in 2009 was related to malicious PDF activity, which actually accounted for almost 50% of web-based attacks. The year before that number was only at 11%. This attack got so popular because exchanging PDF files was a common day to day activity. So it wasn’t rare when you saw one in your inbox and didn’t think twice before opening it. 34% of all web based attacks happen in the United States, China is second with 7%. Some of those extremely high U.S. numbers are actually on the decline from the previous year’s report. Most of the decrease is because of increases in other countries and the Federal Trade Commission shut down a ISP that was known to distribute malicious code, among other content. One of the botnets linked to the ISP was Pandex (aka Cutwall). This botnet was responsible for as much as 35% of spam observed globally. The most difficult...

Words: 456 - Pages: 2

Premium Essay

Information Systems Security

...Information Systems Security Strayer University CIS 333 June 18, 2014 David Bevin Information Systems Security The scope of our assignment as an information officer at Whale Pharmaceuticals is to safeguardour daily operations which require a combination of both physical and logical access controls to protect medication and funds maintained on the premises and personally identifiable information and protected health information of our customers. The immediate supervisor has tasked us with identifying inherent risks associated with this pharmacy and establishing physical and logical access control methods that will mitigate all risks identified. There are few basic things to be cognizant of as we carry out this task. Security is easiest to define by breaking it into pieces. An information system consists of the hardware, operating system, and application software that work together to collect, process, and store data for individuals and organizations. Information systems security is the collection of activities that protect the information system and the data stored in (Kim & Solomon 2012). We should also be aware of what we are up against. Cyberspace brings new threats to people and organizations. People need to protect their privacy. Businesses and organizations are responsible for protecting both their intellectual property and any personal or private data they handle. Various laws require organizations to use security controls to protect private and confidential...

Words: 3283 - Pages: 14

Premium Essay

Network Security Plan

...Computer and network security incidents have become a fact of life for most organizations that provide networked information technology resources including connectivity with the global Internet. Current methods of dealing with such incidents are at best piecemeal relying on luck, varying working practices, good will and unofficial support from a few individuals normally engaged in central network or systems support. This approach undoubtedly leads to inefficiencies and associated problems with respect to:   * ·        Duplicated effort * ·        Inappropriate actions * ·        Poor co-ordination * ·        Confusion - No obvious authority, identifiable responsibilities or overall management * ·        Tardy incident detections and resolution times * ·        Missed, unreported or ignored...

Words: 3365 - Pages: 14

Premium Essay

Owner

...System Administrator | ← Job Descriptions Main Page  | ESSENTIAL FUNCTIONS: The System Administrator (SA) is responsible for effective provisioning, installation/configuration, operation, and maintenance of systems hardware and software and related infrastructure. This individual participates in technical research and development to enable continuing innovation within the infrastructure. This individual ensures that system hardware, operating systems, software systems, and related procedures adhere to organizational values, enabling staff, volunteers, and Partners. This individual will assist project teams with technical issues in the Initiation and Planning phases of our standard Project Management Methodology. These activities include the definition of needs, benefits, and technical strategy; research & development within the project life-cycle; technical analysis and design; and support of operations staff in executing, testing and rolling-out the solutions. Participation on projects is focused on smoothing the transition of projects from development staff to production staff by performing operations activities within the project life-cycle. This individual is accountable for the following systems: Linux and Windows systems that support GIS infrastructure; Linux, Windows and Application systems that support Asset Management; Responsibilities on these systems include SA engineering and provisioning, operations and support, maintenance and research and development...

Words: 1105 - Pages: 5