• Home

  • Documents

  • Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission...
6
Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion Detection 1

Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion

Embed Size (px)

Citation preview

Page 1: Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion

Coming up: Intrusion Detection

Intrusion DetectionDan FleckCS 469: Security Engineering

These slides are modified with permission from Bill Young (Univ of Texas)

1

Page 2: Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion

Coming up: Intrusion Detection Errors

Intrusion Detection

• An intrusion detection system (IDS) can analyze traffic patterns and react to anomalous patterns. However, often there is nothing apparently wrong but the volume of requests.

• Note that an IDS is inherently reactive; the attack has already begun when the IDS acts.

2

Page 3: Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion

Coming up: Intrusion Detection Errors

Intrusion Detection Errors

There are two types of errors when considering any intrusion detection system.

False negatives: a genuine attack is not detected. False positives: harmless behavior is misclassified as an attack.

Which do think is a bigger problem?

An intrusion detection system is:accurate: if it detects all genuine attacks;precise: if it never reports legitimate behavior as an attack.

It is easy to make an IDS that is either accurate or precise! Why? It’s hard to do both simultaneously.

3

Page 4: Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion

Coming up: Base-Rate Fallacy

Intrusion Detection Errors

An undetected attack might lead to severe problems. But frequent false alarms can lead to the system being disabled or ignored. A perfect IDS would be both accurate and precise.

• Statistically, attacks are fairly rare events.

• Most intrusion detection systems suffer from the base-rate fallacy.

4

Page 5: Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion

Coming up: Lessons

Base-Rate Fallacy

Suppose that only 1% of traffic are actually attacks and the detection accuracy of your IDS is 90%. What does that mean?

• the IDS classifies an attack as an attack with probability 90%• the IDS classifies a valid connection as attack with probability

10%

What is the probability that a connection flagged as an attack is not really an attack, i.e., a false positive?

There is approximately 92% chance that a raised alarm is false.5

Page 6: Intrusion Detection Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Intrusion

End of presentation

Lessons

• False negatives and false positives are both bad for an IDS.

• An IDS must be very accurate or suffer from the base rate fallacy.

• An IDS with too many errors becomes useless.

6


Fleck Fiberglass Softeners - eciwater.com

Fleck Fiberglass Softeners - eciwater.com

Documents
Agile and XP Development Dan Fleck 2008 Dan Fleck 2008

Agile and XP Development Dan Fleck 2008 Dan Fleck 2008

Documents
INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION

INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION

Documents
Fleck 2500

Fleck 2500

Documents
FLECK® 2750 DOWNFLOW

FLECK® 2750 DOWNFLOW

Documents
Fleck 5800SXT Manual - Pentair

Fleck 5800SXT Manual - Pentair

Documents
Covert Channels Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Is BLP Secure?

Covert Channels Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Is BLP Secure?

Documents
Fleck Masters Thesis final

Fleck Masters Thesis final

Documents
FLECK 9100 SXT - Peterson Saltpetersonsalt.com/wp-content/uploads/2015/06/Fleck... · Installer Manual Fleck 9100 - SXT - Generalities Ref. MKT-IM-004 / A - 27.10.2016 7 / 94 1. Generalities

FLECK 9100 SXT - Peterson Saltpetersonsalt.com/wp-content/uploads/2015/06/Fleck... · Installer Manual Fleck 9100 - SXT - Generalities Ref. MKT-IM-004 / A - 27.10.2016 7 / 94 1. Generalities

Documents
Installer manual, valve Fleck 3900- NXT - ewaterfilters.co.uk · FLECK 3900 NXT INSTALLER MANUAL WATER PURIFICATION. Installer Manual Fleck 3900 - NXT - Table of contents 2 / 126

Installer manual, valve Fleck 3900- NXT - ewaterfilters.co.uk · FLECK 3900 NXT INSTALLER MANUAL WATER PURIFICATION. Installer Manual Fleck 3900 - NXT - Table of contents 2 / 126

Documents
LUDWIK FLECK EXTRACTING MEANING FROM THE PAST AND … · LUDWIK FLECK ZENTRUM COLLEGIUM FLECK LECTURE 2015 EXTRACTING MEANING FROM THE PAST AND THE FUTURE: THE PHILOSOPHY OF SCIENCE

LUDWIK FLECK EXTRACTING MEANING FROM THE PAST AND … · LUDWIK FLECK ZENTRUM COLLEGIUM FLECK LECTURE 2015 EXTRACTING MEANING FROM THE PAST AND THE FUTURE: THE PHILOSOPHY OF SCIENCE

Documents
Fleck 2815 Manual

Fleck 2815 Manual

Documents
MV PUBLIC CONSCIENCE Fleck

MV PUBLIC CONSCIENCE Fleck

Documents
Secure Engineering Dan Fleck CS 469: Security Engineering Sources: Coming up: Secure Web Applications

Secure Engineering Dan Fleck CS 469: Security Engineering Sources: Coming up: Secure Web Applications

Documents
Charges against Michael Fleck

Charges against Michael Fleck

Documents
Cyclomatic Complexity Dan Fleck Fall 2009 Dan Fleck Fall 2009

Cyclomatic Complexity Dan Fleck Fall 2009 Dan Fleck Fall 2009

Documents
Valvula Fleck

Valvula Fleck

Documents
FLECK 4600 6 FOR HOWATER APPLICAS - Micron · FLECK 4600 6 FOR HOWATER APPLICAS ... 0301563094 TH Fleck 5600/1600 - Filter - SXT Timer The price of the KIT Fleck # 1 is no longer

FLECK 4600 6 FOR HOWATER APPLICAS - Micron · FLECK 4600 6 FOR HOWATER APPLICAS ... 0301563094 TH Fleck 5600/1600 - Filter - SXT Timer The price of the KIT Fleck # 1 is no longer

Documents
Fleck 5600SE Upflow

Fleck 5600SE Upflow

Documents
Public Key Encryption Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Public

Public Key Encryption Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Public

Documents
Fleck 7000SXT Manual - Pentair

Fleck 7000SXT Manual - Pentair

Documents
LUDWIK FLECK - Collegium Helveticum · PDF fileLUDWIK FLECK ZENTRUM COLLEGIUM FLECK LECTURE 2013 SLOWING DOWN THE SCIENCES? HELVETICUM Prof. Isabelle Stengers

LUDWIK FLECK - Collegium Helveticum · PDF fileLUDWIK FLECK ZENTRUM COLLEGIUM FLECK LECTURE 2013 SLOWING DOWN THE SCIENCES? HELVETICUM Prof. Isabelle Stengers

Documents
Fleck 2850s - Softener Parts ... 2 • MY10 Fleck 2850s. 3200 TIMER SETTING PROCEDURE ... 61502-3200 Rev A Figure 2 Fleck 2850s MY10 • 3

Fleck 2850s - Softener Parts ... 2 • MY10 Fleck 2850s. 3200 TIMER SETTING PROCEDURE ... 61502-3200 Rev A Figure 2 Fleck 2850s MY10 • 3

Documents
2510 Pentair Fleck

2510 Pentair Fleck

Documents
Fleck 7000SXT Control Valve - Eco Waterhouse Technologiesecowaterhouse.com/dev/wp-content/uploads/2015/08/Fleck-7000SXT... · Fleck ® 7000SXT Control Valve High Performance RESIDENTIAL

Fleck 7000SXT Control Valve - Eco Waterhouse Technologiesecowaterhouse.com/dev/wp-content/uploads/2015/08/Fleck-7000SXT... · Fleck ® 7000SXT Control Valve High Performance RESIDENTIAL

Documents
Fleck Model 7000 Service Manual

Fleck Model 7000 Service Manual

Documents
2 fleck cbm intro_may2010

2 fleck cbm intro_may2010

Documents
FLECK ELECTROMECHANICAL TIMERS - Pentair · fleck electromechanical timers fleck® electromechanical timers simple to adjust and easy to service 3200 timer time clock 3210 timer metered

FLECK ELECTROMECHANICAL TIMERS - Pentair · fleck electromechanical timers fleck® electromechanical timers simple to adjust and easy to service 3200 timer time clock 3210 timer metered

Documents
MLS Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Multi-Level Security 11

MLS Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Multi-Level Security 11

Documents
Fleck by Ilana Lowy

Fleck by Ilana Lowy

Documents