Академический Документы
Профессиональный Документы
Культура Документы
The word:
means a wrongful entry or the act of seizing or taking possession of the property of another
The difficulty results from the fact that defender must be ready to prevent all possible attacks, whereas attacker is free to find weakest link in the defense chain and attack it
combination of software and hardware that attempts to perform intrusion detection raises the alarm when possible intrusion happens
If
a firewall is like having a security guard at your office door, checking the credentials of everyone coming and going, then an intrusion-detection system (IDS) is like having a network of sensors that tells you when someone has broken in, where they are and what they're doing.
There are 5 million attacks in the DOD (Department of Defense) every day
Host-based IDSs
analyze host-bound audit sources such as operating syste audit trails, system logs, or application logs Detect attacks against a single host
Network-Based IDSs
Use network traffic as the audit data source, relieving the burden on the hosts that usually provide normal computing services Detect attacks from network. network-based IDS are like neighborhood police patrols
10
11
12
Training Set
Tid SrcIP Start time Dest IP Dest Port 139 139 139 139 139 139 139 139 139 139 Number Attack of bytes 192 195 180 199 19 177 172 285 195 163 No 1 206.135.38.95 11:07:20 160.94.179.223 2 206.163.37.95 11:13:56 160.94.179.219 3 206.163.37.95 11:14:29 160.94.179.217 4 206.163.37.95 11:14:30 160.94.179.255 5 206.163.37.95 11:14:32 160.94.179.254 6 206.163.37.95 11:14:35 160.94.179.253 7 206.163.37.95 11:14:36 160.94.179.252 8 206.163.37.95 11:14:38 160.94.179.251 9 206.163.37.95 11:14:41 160.94.179.250 10 206.163.37.95 11:14:44 160.94.179.249
10
Tid
No No No Yes No No Yes No Yes
SrcIP
Start time
Dest Port
1 206.163.37.81 11:17:51 160.94.179.208 2 206.163.37.99 11:18:10 160.94.179.235 3 206.163.37.55 11:34:35 160.94.179.221 4 206.163.37.37 11:41:37 160.94.179.253 5 206.163.37.41 11:55:19 160.94.179.244
Test Set
Learn Classifier
Model
Rules Discovered:
{Src IP = 206.163.37.95, Dest Port = 139, Bytes [150, 200]} --> {ATTACK}
13
Paul Dokas, Levent Ertoz, Vipin Kumar, Aleksandar Lazarevic, Jaideep ZSrivastava, PangNing Tan , Data Mining for Network Intrusion Detection
Vipin Kumar , Data Mining Based Network Intrusion Detection System Stalling, Cryptography and Network Security Principles and Practices, Fourth Edition, Prentice Hall,2005.
14
Thank you