Premium Essay

Intrusion Detection

In: Other Topics

Submitted By singhmanish3001
Words 3561
Pages 15
RESEARCH REPORT – CP5603

INTRUSION DETECTION

ASHWIN DHANVANTRI

JAMES COOK UNIVERSITY AUSTRILIA

SINGAPORE CAMPUS

STUDENT ID 12878531

Table Of Contents

Title Page No

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Types of Intrusion Detection System . . . . . . . . . . . . . . . . . . . . . . . 2

Working Of Intrusion Detection System. . . . . . . . . . . . . . . . . . . . . 3

System Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Outline Technical Needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Functional Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Literature Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Module Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Class Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Use case Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Sequence Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Technology Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

INTRODUCTION

Intrusion detection is a system or a software application that detects an attack caused by the intruder. It is installed in the network or system to monitor the malicious activities or policy violations and submit the report to the network administration department. The…...

Similar Documents

Premium Essay

Real-Time Fraud Detection

...severely affected by fraud over the past few years. Indeed, despite all the research and systems available, fraudsters have been able to outsmart and deceive the banks and their customers. With this in mind, we intend to introduce a novel and multi-purpose technology known as Stream Computing, as the basis for a Fraud Detection solution. Indeed, we believe that this architecture will stimulate research, and more importantly organizations, to invest in Analytics and Statistical Fraud-Scoring to be used in conjunction with the already in-place preventive techniques. Therefore, in this research we explore different strategies to build a Streambased Fraud Detection solution, using advanced Data Mining Algorithms and Statistical Analysis, and show how they lead to increased accuracy in the detection of fraud by at least 78% in our reference dataset. We also discuss how a combination of these strategies can be embedded in a Stream-based application to detect fraud in real-time. From this perspective, our experiments lead to an average processing time of 111,702ms per transaction, while strategies to further improve the performance are discussed. Keywords: Fraud Detection, Stream Computing, Real-Time Analysis, Fraud, Data Mining, Retail Banking Industry, Data Preprocessing, Data Classification, Behavior-based Models, Supervised Analysis, Semi-supervised Analysis Sammanfattning Privatbankerna har drabbats hårt av bedrägerier de senaste åren. Bedragare har lyckats kringgå......

Words: 56858 - Pages: 228

Free Essay

Change Detection

...Different Change Detection Techniques Table of Contents Introduction...................................................3 Digital Change Detection Process...............................4 Description of the most commonly used change detection methods.5 I. Post-Classification Comparison..........................5 II. Direct Classification...................................6 III. Principal Component Analysis (PCA)......................6 IV. Image Differencing......................................8 V. Change Vector Analysis (CVA)............................9 Relative accuracy of the most commonly used change detection methods........................................................9 I. Post-Classification Comparison.........................10 II. Direct Classification..................................11 III. Principal Component Analysis (PCA).....................11 IV. Image Differencing.....................................12 V. Change Vector Analysis (CVA) Conclusion....................................................14 References....................................................15 Introduction Remote sensing change detection has been defined as the process of identifying change in the state of an object or phenomena through the detection of differences between two or more sets of images taken of the same area on different dates (Wang, 1993). The underlying assumption is that changes on the ground cause significant......

Words: 3616 - Pages: 15

Free Essay

Intrusion Detection Systems

...Intrusion Detection Systems CMIT368 August 12, 2006 Introduction As technology has advanced, information systems have become an integral part of every day life. In fact, there are not too many public or private actions that can take part in today’s society that do not include some type of information system at some level or another. While information systems make our lives easier in most respects, our dependency upon them has become increasingly capitalized upon by persons with malicious intent. Therefore, security within the information systems realm has introduced a number of new devices and software to help combat the unfortunate results of unauthorized network access, identity theft, and the like – one of which is the intrusion detection system, or IDS. Intrusion detection systems are primarily used to detect unauthorized or unconventional accesses to systems and typically consist of a sensor, monitoring agent (console), and the core engine. The sensor is used to detect and generate the security events, the console is used to control the sensor and monitor the events/alarms it produces, and the engine compares rules against the events database generated by the sensors to determine which events have the potential to be an attack or not (Wikipedia, 2006, para. 1-3). IDS generally consist of two types – signature-based and anomaly-based. Signature-based IDS operate by comparing network traffic against a known database of attack categories. In......

Words: 1749 - Pages: 7

Premium Essay

Detection of Ovulation

...Preventive Powers of Ovulation and Progesterone Detection of Ovulation by Dr. Jerilynn C. Prior, Scientific Director, Centre for Menstrual Cycle and Ovulation Research. I believe that ovulation with a normal luteal phase length – and normal amounts of progesterone to counterbalance and complement estrogen – is of key importance for women’s bone, breast and heart health (see Ovulatory Disturbances - They Do Matter [PDF]). In the last issue we discussed how you, personally, can tell that you are ovulating using the Molimina Question, recording and analyzing your basal temperature using quantitative methods (called QBT), and possibly using the over-the counter fertility test detecting the mid-cycle luteinizing hormone (LH) peak. We will now look at the medical methods for diagnosis of ovulation. How can a doctor tell if I am ovulating? For some physicians, especially those who specialize in fertility management, all methods for detecting ovulation (short of doing an operation and observing the egg actually squirting out of the ovary-see figure) are indirect and therefore considered inferior. There are three different, indirect medical methods that are commonly used to diagnose ovulation and normal progesterone action: 1) a series of ultrasounds of the ovary across the mid-cycle; 2) a biopsy of the uterine lining about a week after expected ovulation to see if the cells show evidence for progesterone action; and 3) taking one or several measurements of estrogen and progesterone...

Words: 2015 - Pages: 9

Free Essay

Distributed Intrusion Detection Using Mobile Agent in Distributed System

...Emerging Trends in Computer Science and Information Technology -2012(ETCSIT2012) Proceedings published in International Journal of Computer Applications® (IJCA) Distributed Intrusion Detection using Mobile Agent in Distributed System Kuldeep Jachak University of Pune, P.R.E.C Loni, Pune, India Ashish Barua University of Pune, P.R.E.C Loni, Delhi, India ABSTRACT Due to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. There is tremendous rise in attacks on wired and wireless LAN. Therefore security of Distributed System (DS) is become serious challenge. One such serious challenge in DS security domain is detection of rogue points in network. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. This paper gives the new idea for detecting rouge point using Mobile agent. Mobile agent technology is best suited for audit information retrieval which is useful for the detection of rogue points. Using Mobile agent we can find the intruder in DS as well as controller can take corrective action. This paper presents DIDS based on Mobile agents and band width consumed by the Mobile Agent for intrusion detection. information it receives from each of the monitors. Some of the issues with the existing centralized ID models are:  Additions of new hosts cause the load on the......

Words: 2840 - Pages: 12

Free Essay

Intrusion Detection

...Term paper cyber security awareness -Topic- Network intrusion detection methods INTRODUCTION Intrusions are the activities that violate the security policy of the system, and intrusion detection is the process used to identify intrusions. Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent. Intrusion Detection Systems (IDSs) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second line of defense that protects information systems. Intrusion detection provides a way to identify and thus allow responses to, attacks against these systems. Second, due to the limitations of information security and software engineering practice, computer systems and applications may have design flaws or bugs that could be used by an intruder to attack the systems or applications. As a result, certain preventive mechanisms (e.g., firewalls) may not be as effective as expected. Intrusion detection complements these protective mechanisms to improve the system security. Moreover, even if the preventive security mechanisms can protect information systems successfully, it is still desirable to know what intrusions have happened or are happening, so that we can understand the security threats and risks and thus be better prepared for future attacks. IDSs may be classified into Host-Based IDSs, Distributed IDSs, and Network-Based IDSs......

Words: 1083 - Pages: 5

Free Essay

Intrusion Prevention System

...small IT company. IT is very important to keep each and every information and transactions secured for company’s growth. Any compromise with any data could lead the company to the court. 2. The Protection System: Being said it is a small business, the company is applying an Intrusion Protection System (IPS). Only detecting the intrusion will not be enough for this business as it will be too late until we know about it. Real time protection is must for this kind of business. IPS generally detects, logs, and then blocks known intrusions or anomalous network activity. False- positives are an issue and will result in a self-inflicted denial of service condition. The company is also applying honeypot where they re-route the suspicions network activity where they collect and analyze data about the attacks and gather more details about the potential attacks. This is called ‘Research Honeypot’. This is very important to further avoid such suspicious activities. 3. The Body of the Management Briefing Document: Following are the possible measures and their overview that will be taken against the intrusion on company’s network. I. Intrusion detection system (IDS) II. Intrusion protection system (IPS) III. Research honeypots IV. Active honeypots V. Offensive honeypots Out...

Words: 257 - Pages: 2

Free Essay

External Intrusion of the Playstation Network

...External Intrusion of the PlayStation Network Lecola Pierce Strayer University Professor Curtis Bunch Feb 6, 2015 External Intrusion of the PlayStation Network Sony has had recently troubles with hackers intruding into their system and threating all Sony users with the capability of stealing all users’ information, but there was a case on April 20, 2011 that had all Sony employees in shock. One of Sony’s bestselling products, the PlayStation, was taken offline after their company discovered there was an intrusion in the PlayStation Network. For those who are not familiar with the PlayStation Network this is where most of the PlayStation business is done. In the PlayStation Network customers are all registered into this network and most have sensitive information uploaded onto the network including payment information. Hacking this interface would allow access to all users’ personal information which is considered to be a serious problem since one out of four homes either have a PlayStation 3 or PlayStation 4, which all must be registered onto the system before activation. The hackers were able to gain access to three separate gaming systems including PlayStation, Oriocity, and Sony online gaming. Before Sony was able to shut down their systems approximately over a million credit card numbers were reported stolen. It’s not certain exactly when the hackers gained access to the Sony Network but Sony first announced the system had been hacked on April 22, saying an......

Words: 794 - Pages: 4

Free Essay

Lab #10 Securing the Network with an Intrusion Detection System (Ids)

...Lab #10 Securing the Network with an Intrusion Detection System (IDS) Introduction Nearly every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection. Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage. A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS......

Words: 3209 - Pages: 13

Free Essay

Intrusion Detection

...Intrusion detection Intrusion detection is a means of supervising the events that occur in a computer system or network. This includes examining them for traces of possible incidents that are in violations or threats of violation of computer security policies, acceptable use policies, or standard security practices (Ogunleye & Ogunde, 2011). Intrusion detection is become more than ever an important focus of many organization. This focus is driven by the availability of more information systems and globalization through the use of the internet. The market place is no longer the residents of a small town going to the local mall, but services online available to anyone with a web browser. With all this access vastly multiplies the possibilities of one masked robber in a year to thousands of wrong dowers at a desktop or laptop that has discovered vulnerability in the system and decides to take the chance to exploit it. There are various approaches an organization can use to deal with many of the problems that exist with securing an information system. Jain’s (2008) article from the ICFAI Journal of Information Technology depicts a scenario of a network intrusion detection team and how situation can be averted: …The hackers started with slating down the objectives of their ‘Limited Knowledge Penetration Testing’, also referred to as ‘White Box Approach’, and gathered sufficient information to ensure that the testing did not affect the normal business operations. They emulated a...

Words: 1808 - Pages: 8

Free Essay

Botnet Analysis and Detection

...including, but not limited to botnet attacks. A Botnet can simply be seen as a network of compromised set of systems that can be controlled by an attacker. These systems are able to take malicious actions as needed by the attacker without the consent of the device owner and can cause havoc. This paper is the first part of a two-part report and discusses on several reportedly known botnets and describes how they work and their mode of infection. Several historic attacks and the reported damage have been given to give a good picture and raise the bar on the capabilities of botnets. Several existing tools have been considered and examined which are useful for detecting and terminating botnets. You would find that each tool has its own detection strategy, which may have an advantage on some end than others. iii Table of Contents Declaration ........................................................................................................................................... i Acknowledgements .......................................................................................................................... ii Abstract ............................................................................................................................................... iii Table of Contents ............................................................................................................................ iv List of Table......

Words: 13171 - Pages: 53

Free Essay

Saltwater Intrusion

...Saltwater intrusion and salinization are characterized by the increase of chloride ion concentrations in freshwater aquifers. This occurs predominantly along coastlines, though there are instances of inland salinization. Saltwater intrusion can have several causes, some of which are natural and some are induced by human activities. Once saltwater intrusion has occurred, it is almost impossible to reverse, making this a significant threat to freshwater resources. Mitigation strategies that are designed to slow or halt the rate of saltwater intrusion can be expensive but are necessary to protect the water resources from more damage. Among the natural causes of saltwater intrusion are storm surges caused by hurricanes and other tropical systems. This was seen in 2005 with Hurricanes Katrina and Rita along the Gulf Coast of the United States. In these cases, tidal flushing removed some of the introduced salinity in the freshwater marshes before substantial damage was done. In areas away from the influences of tidal flushing, and in areas where precipitation did not flush the salt water from the water table, there was considerable damage to the freshwater systems (Steyer, et al., 2007). Human induced saltwater intrusion can occur in a couple of different way. One way is by dredging canals in coastal zones that allow saltwater to migrate farther inland than it had been able to previously. This introduced saltwater can wreak havoc on freshwater systems. Areas in......

Words: 918 - Pages: 4

Free Essay

Review of Outlier Detection Methods

...Review of Outlier Detection Methods INTRODUCTION Outliers or anomalies can exist in all types of collected data. The presence of outliers may indicate something sinister such as unauthorised system access or fraudulent activity, or may be a new and previously unidentified occurrence. Whatever the cause of these outliers, it is important they are detected so appropriate action can be taken to minimise their harm if malignant or to exploit a newly discovered opportunity. Chandola, Banerjee and Kumar (2007) conducted a comprehensive survey of outlier detection techniques, which highlighted the importance of detection across a wide variety of domains. Their survey described the categories of outlier detection, applications of detection and detection techniques. Chandola et al. identified three main categories of outlier detection - supervised, semi-supervised and unsupervised detection. Each category utilises different detection techniques such as classification, clustering, nearest neighbour and statistical. Each category and technique has several strengths and weaknesses compared with other outlier detection methods. This review provides initial information on data labelling and classification before examining some of the existing outlier detection techniques within each of the three categories. It then looks at the use of combining detection techniques before comparing and discussing the advantages and disadvantages of each method. Finally, a new classification......

Words: 2395 - Pages: 10

Premium Essay

Advertisement Detection

...boxes or software that detect and discard the commercials on the broadcast TV signal. Study in the field of the advertisement identification is segmented into various manners. It can be dependent on the audio or video information or an amalgamation of both. There are some works by A. G. Hauptmann and M. J. Witbrock (2006) that use the verbatim data achieved from the text streams, or the optical character recognition or speech identification for segmentation. In work proposed by L.-Y. Duan et al (2007) it has been given that using usual features of advertisement blocks like frames and silence amid commercials to identify cuts and categorize commercials dependent on OCR. In this work there have been two varied use cases for the commercial detection 1. Identify broadcast of recognized commercials with large precision something like the use of fingerprinting 2. Identify earlier not known commercials. Next segmentation is to differentiate amid the methodologies on online instantaneous or offline processing. A few approaches require investigating the entire video to identify the maximums and to calculate attributes with progressive requirements, while the rest depend on the fly identification of the advertisements. Also there are variations amidst the advertisement identification in the compressed and uncompressed realm. Identification in a compact domain is quick also it is quite a perplexing task and the identification rates are less as compared to the......

Words: 3635 - Pages: 15

Free Essay

Computer Intrusion Forensics

...Computer Intrusion Forensics Research Paper Nathan Balon Ronald Stovall Thomas Scaria CIS 544 Abstract The need for computer intrusion forensics arises from the alarming increase in the number of computer crimes that are committed annually. After a computer system has been breached and an intrusion has been detected, there is a need for a computer forensics investigation to follow. Computer forensics is used to bring to justice, those responsible for conducting attacks on computer systems throughout the world. Because of this the law must be follow precisely when conducting a forensics investigation. It is not enough to simple know an attacker is responsible for the crime, the forensics investigation must be carried out in a precise manner that will produce evidence that is amicable in a court room. For computer intrusion forensics many methodologies have been designed to be used when conducting an investigation. A computer forensics investigator also needs certain skills to conduct the investigation. Along with this, the computer forensics investigator must be equipped with an array of software tools. With the birth of the Internet and networks, the computer intrusion has never been as significant as it is now. There are different preventive measures available, such as access control and authentication, to attempt to prevent intruders. Intrusion detection systems (IDS) are developed to detect an intrusion as it occurs, and to execute countermeasures when......

Words: 9608 - Pages: 39