| Intrution
Detection System |
Definition
It is very important that the security mechanisms of a system are designed
so as to prevent unauthorized access to system resources and data. However, completely
preventing breaches of security appear, at present, unrealistic. We can, however,
try to detect these intrusion attempts so that action may be taken to repair the
damage later. This field of research is called Intrusion Detection.
Anderson,
while introducing the concept of intrusion detection in 1980, defined an intrusion
attempt or a threat to be the potential possibility of a deliberate unauthorized
attempt to:-
a.access
information,
b.manipulate information, or
c.render a system unreliable
or unusable.
Since
then, several techniques for detecting intrusions have been studied. This paper
discusses why intrusion detection systems are needed, the main techniques, present
research in the field, and possible future directions of research. There
are two ways to handle subversion attempts. One way is to prevent subversion itself
by building a completely secure system. We could, for example, require all users
to identify and authenticate themselves; we could protect data by various cryptographic
methods and very tight access control mechanisms. However this is not really feasible
because:-
1.
In practice, it is not possible to build a completely secure system because bug
free software is still a dream, & no-one seems to want to make the effort
to try to develop such software.Apart from the fact that we do not seem to be
getting our money's worth when we buy software, there are also security implications
when our E-mail software, for example, can be attacked. Designing and implementing
a totally secure system is thus an extremely difficult task.
2.
The vast installed base of systems worldwide guarantees that any transition to
a secure system, (if it is ever developed) will be long in coming.
3.
Cryptographic methods have their own problems. Passwords can be cracked, users
can lose their passwords, and entire crypto-systems can be broken.
4.
Even a truly secure system is vulnerable to abuse by insiders who abuse their
privileges.
5.
It has been seen that that the relationship between the level of access control
and user efficiency is an inverse one, which means that the stricter the mechanisms,
the lower the efficiency becomes.
If
there are attacks on a system, we would like to detect them as soon as possible
(preferably in real-time) and take appropriate action. This is essentially what
an Intrusion Detection System (IDS) does. An IDS does not usually take preventive
measures when an attack is detected; it is a reactive rather than pro-active agent.
It plays the role of an informant rather than a police officer.
The
most popular way to detect intrusions has been by using the audit data generated
by the operating system.
You may also like this : Crusoe Processor, Human Computer Interface , HPJava, Gaming Consoles, Fluorescent Multi-layer Disc, Futex, Extreme Programming (XP), Earth Simulator, Compact peripheral component interconnect, corDECT Wireless in Local Loop System, Param 10000, Elastic Quotas, Refactoring, On-line Analytical Processing (OLAP), Pivot Vector Space Approach in Audio-Video Mixing, QoS in Cellular Networks Based on MPT, Wireless Fidelity, Voice morphing, Radio Frequency Light Sources, Speed Detection of moving vehicle using speed cameras, Optical Packet Switching Network, Storage Area Networks, Smart Note Taker, MPEG-7, Motes, Modular Computing, MiniDisc system, Migration From GSM Network To GPRS, M-Commerce, C# , IP Telephony, RPR, Broad Band Over Power Line, Rapid Prototyping , Dashboard , Optical Satellite Communication, Optical packet switch architectures, Layer 3 Switching , Intrution Detection System, Multiterabit Networks, InfiniBand, Light Tree , Multicast, Inverse Multiplexing, Neural Networks And Their Applications, Parallel Computing In India, Quadrics Interconnection Network, Structured Cabling, Virtual LAN Technology, RTOS/RTSI,IT Seminar Reports, PPT and PDF.
|
<<back |
