intrusion detection/ prevention

12
RESEARCH ON : INTRUSION DETECTION / PREVENTION Deris Stiawan, Prof. Dr. Hanan, Dr. Yazid 2012

Upload: deris-stiawan

Post on 23-Jan-2017

105 views

Category:

Internet


0 download

TRANSCRIPT

Page 1: Intrusion Detection/ Prevention

RESEARCH ON :

INTRUSION DETECTION / PREVENTION

Deris Stiawan, Prof. Dr. Hanan, Dr. Yazid

2012

Page 2: Intrusion Detection/ Prevention
Page 3: Intrusion Detection/ Prevention

Introduction

• According to CSI/FBI (2010) : Security technology uses

Page 4: Intrusion Detection/ Prevention

• Satisfaction With Security Technology, (deployed July 2009 - June 2010

Page 5: Intrusion Detection/ Prevention

Intrusion Detection was developed to identify and report the attack in the late 1990s, as hackers’ attacks and network worms began to affect the internet, it detects hostile traffic, passive and sends alert but does nothing to stop the attacks.

According to; (Dacier & Wespi 1999), ( Zhang et al, 2003), (Fuchsberger 2005), (Weinsberg et al. 2006),

(Shaikh et al. 2009), (Anuar et al. 2010),

Page 6: Intrusion Detection/ Prevention

Intrusion detection and intrusion response has the fundamental and part of intrusion prevention mechanism in recent network security challenge

(Stakhanova et al. 2007), (K. Salah & Kahtani 2010), (Anuar et al. 2010),(Elshoush & Osman 2011)

early detection, protection and response system as an elementary of IPS. Intrusion Response have function similar with IDS and part of it, by maintaining detection, alerting and response to security operator.

Performed work by ; (Manikopoulos 2003), (Zou & Towsley 2005), (Debar et al. 2008), (Anuar et al. 2010), (Apel et al. 2010), (Mu et al. 2010) and (Stakhanova et al. 2007)

Page 7: Intrusion Detection/ Prevention

(E. E. Schultz & Ray 2007) ; Predicted the future of IPS technology, they prediction concerns on IPS technology are very positive in market, as following ; (i) better underlying intrusion detection, (ii) advancement in application-level analysis, (iii)more sophisticated response capabilities, and (iv)integration of intrusion prevention into other security devices.

According to (E. Schultz 2004), has predicted IPSs have a bright future, this technology will continue to be used by a growing number of organisations to the point that it will become as a commonplace as intrusion detection technology

(Shouman et al. 2010), describes superior characteristic of host based IPS and use the term detection approach to show how IPS work.

Page 8: Intrusion Detection/ Prevention

Early Detections

Intrusion Protection

Intrusion Response

Intrusion Prevention

System

Fuchsberger, A., 2005. Intrusion Detection Systems and Intrusion Prevention Systems. Information Security Technical Report, 10, pp.134-139.

Shouman. et al., 2010. Surviving cyber warfare with a hybrid multiagent-based intrusion prevention system. IEEE Potentials, pp.32-40.

Xinyou Zhang, Chengzhong Li, W.Z., 2004. Intrusion Prevention System Design. Computer and Information Technology, pp.386-390.

Schultz, E. & Ray, E., 2007. Future of Intrusion Prevention. Computer Fraud & Security, pp.11-13.

Schultz, E., 2004. Intrusion prevention. Computers & Security, 23, pp.265-266.

Shaikh, S.A., et al., 2009. Towards scalable intrusion. Network Security, June(6), pp.12-16

Ollmann, G., 2003. Intrusion Prevention Systems ( IPS ) destined to replace legacy routers. Network Security, 11, pp.18-19.

Page 9: Intrusion Detection/ Prevention

IDS design just only identify and examined to produce alarm

IPS design is to enhance data processing ability, intelligent, accurate of it self.

- Simple pattern matching - Stateful pattern matching -Protocol decode-based analysis - Heuristic-based analysis

- Recognize attack pattern - Blocking action - Stateful pattern matching - Protocol decode-based analysis - Heuristic-based analysis

- A passive security solution - Detect attack only after they have entered the network, and do nothing to stop attacks only just attacks traffic and send alert to trigger.

- Reactive response security solution - Early Detection, proactive technique, early prevent the attack, when an attack is identified then blocks the offending data

- Commonly collected in source sensors - Multisensory architectures

- Enable to integrated with other platform - Have the ability to integrate with heterogeneous sensor

Usefulness

Signatures Action

Activity

Sensor

I D S I P S

Page 10: Intrusion Detection/ Prevention
Page 11: Intrusion Detection/ Prevention

ISSUES & CHALLENGES

There are some significant gaps , challenges and preliminary result for future direction in IPS to improving, mining and reducing false alarm.

Data sets

Alert Management

Heterogeneous Data

Features Extraction

Minimizing False Positives

Real-time Analyzer

Data Visualization

Unified Integration Solution

Signatures

Traffic Volume

Design Topology

Logging

Defense IPS Devices

Sensor Management

Collaboration

Page 12: Intrusion Detection/ Prevention