Upload
deris-stiawan
View
97
Download
0
Embed Size (px)
Citation preview
RESEARCH ON :
INTRUSION DETECTION / PREVENTION
Deris Stiawan, Prof. Dr. Hanan, Dr. Yazid
2012
Introduction
• According to CSI/FBI (2010) : Security technology uses
• Satisfaction With Security Technology, (deployed July 2009 - June 2010
Intrusion Detection was developed to identify and report the attack in the late 1990s, as hackers’ attacks and network worms began to affect the internet, it detects hostile traffic, passive and sends alert but does nothing to stop the attacks.
According to; (Dacier & Wespi 1999), ( Zhang et al, 2003), (Fuchsberger 2005), (Weinsberg et al. 2006),
(Shaikh et al. 2009), (Anuar et al. 2010),
Intrusion detection and intrusion response has the fundamental and part of intrusion prevention mechanism in recent network security challenge
(Stakhanova et al. 2007), (K. Salah & Kahtani 2010), (Anuar et al. 2010),(Elshoush & Osman 2011)
early detection, protection and response system as an elementary of IPS. Intrusion Response have function similar with IDS and part of it, by maintaining detection, alerting and response to security operator.
Performed work by ; (Manikopoulos 2003), (Zou & Towsley 2005), (Debar et al. 2008), (Anuar et al. 2010), (Apel et al. 2010), (Mu et al. 2010) and (Stakhanova et al. 2007)
(E. E. Schultz & Ray 2007) ; Predicted the future of IPS technology, they prediction concerns on IPS technology are very positive in market, as following ; (i) better underlying intrusion detection, (ii) advancement in application-level analysis, (iii)more sophisticated response capabilities, and (iv)integration of intrusion prevention into other security devices.
According to (E. Schultz 2004), has predicted IPSs have a bright future, this technology will continue to be used by a growing number of organisations to the point that it will become as a commonplace as intrusion detection technology
(Shouman et al. 2010), describes superior characteristic of host based IPS and use the term detection approach to show how IPS work.
Early Detections
Intrusion Protection
Intrusion Response
Intrusion Prevention
System
Fuchsberger, A., 2005. Intrusion Detection Systems and Intrusion Prevention Systems. Information Security Technical Report, 10, pp.134-139.
Shouman. et al., 2010. Surviving cyber warfare with a hybrid multiagent-based intrusion prevention system. IEEE Potentials, pp.32-40.
Xinyou Zhang, Chengzhong Li, W.Z., 2004. Intrusion Prevention System Design. Computer and Information Technology, pp.386-390.
Schultz, E. & Ray, E., 2007. Future of Intrusion Prevention. Computer Fraud & Security, pp.11-13.
Schultz, E., 2004. Intrusion prevention. Computers & Security, 23, pp.265-266.
Shaikh, S.A., et al., 2009. Towards scalable intrusion. Network Security, June(6), pp.12-16
Ollmann, G., 2003. Intrusion Prevention Systems ( IPS ) destined to replace legacy routers. Network Security, 11, pp.18-19.
IDS design just only identify and examined to produce alarm
IPS design is to enhance data processing ability, intelligent, accurate of it self.
- Simple pattern matching - Stateful pattern matching -Protocol decode-based analysis - Heuristic-based analysis
- Recognize attack pattern - Blocking action - Stateful pattern matching - Protocol decode-based analysis - Heuristic-based analysis
- A passive security solution - Detect attack only after they have entered the network, and do nothing to stop attacks only just attacks traffic and send alert to trigger.
- Reactive response security solution - Early Detection, proactive technique, early prevent the attack, when an attack is identified then blocks the offending data
- Commonly collected in source sensors - Multisensory architectures
- Enable to integrated with other platform - Have the ability to integrate with heterogeneous sensor
Usefulness
Signatures Action
Activity
Sensor
I D S I P S
ISSUES & CHALLENGES
There are some significant gaps , challenges and preliminary result for future direction in IPS to improving, mining and reducing false alarm.
Data sets
Alert Management
Heterogeneous Data
Features Extraction
Minimizing False Positives
Real-time Analyzer
Data Visualization
Unified Integration Solution
Signatures
Traffic Volume
Design Topology
Logging
Defense IPS Devices
Sensor Management
Collaboration