Computer Worm Attack Using IDS and Trace Back Approaches

Size: px
Start display at page:

Download "Computer Worm Attack Using IDS and Trace Back Approaches"

Transcription

1 Computer Worm Attack Using IDS and Trace Back Approaches Sanjay Misra and Akuboh Victor Uneojo Abstract Computer worms pose a great threat to business enterprise, large/small organization, government agencies and the internet at large. This is because of the sensitiveness of information that flow over their network. Computer worms possess characteristics that make them evade traditional network security methods unnoticed. Detecting such network attacks becomes an issue and even after detecting them, timely and effective trace back is another challenge. This paper reviews characteristics of computer worms, the technique of using intrusion detection system (IDS) behind firewalls in detecting worms, explaining the two basic schemes it employs in attack detection. This paper also reviews a survey and analysis of various reactive attack trace back approaches, suggesting the most effective approach in tracing back worm attacks. Index Terms Computer Worm, Intrusion Detection System, IP Trace Back, Network Security W I. INTRODUCTION E live in the information age and it is very useful for us to share and store information conveniently for the purpose of education, research, increase in productivity and quality of service, electronic storage and easy retrieval etc.; one efficient and cost effective way of ensuring these is through the use of computer networks. A network is a connected collection of devices and end systems such as computers, servers, printers which can communicate with each other and share resources [6]. Networks are implemented and in use in homes, small offices, large enterprise and in governmental organizations. Their components include personal computers, interconnections, switches, router, firewalls, etc. [6]. Each of these devices perform distinct functions to enable information storage or access information in a faster, reliable, secured, cost effective and convenient manner. The internet, which is a network of networks, has been growing rapidly because it directly affects business, education, governmental activities and social interaction [18]. Because of the benefits of using the internet, a lot of valuable and sensitive information travel through the network and these data transfer attracts attackers to steal, intercept or destroy valuable information and to disrupt normal network connection for fun, fame or money [18]. One way of deploying such attacks is through the deployment of computer worms. A computer worm is malicious software (malware) designed to attack a network with the aim of either stealing information on the network, destroying network resources or to deny legitimate network users of needed resources- this type of denial attack is called denial of service (DoS). It is a self-replicating special type of virus program that propagates itself via network connections, taking advantage of security flaws in computers on the network [14]. Worms do not need human intervention to propagate. Worms pose a big threat to network because they evade network security measures stealthy, that is, unnoticed. A computer worm, after it is released, includes the following phases: target finding, worm transferring, worm activation, and worm infection. During the first two phases, the worm is active over the internet thus making it possible to be detected by network-based intrusion detection systems (NIDS). The other two phases are hard to detect by NIDS [14]. The first step of a worm s life is to find targets. A worm may find its target or next victim using many different strategies. These strategies include: blind scan- the blind scan method includes sequential, random and permutation scanning, though they are probabilistic because of high failure connection rate and because the worm has no prior knowledge about the targets [21]. The second target finding strategy is using a hit-list. The hit-list is a list of pre-scanned vulnerable addresses; by this the worm knows exactly where the targets are. The variation for this type of target finding strategy is that the larger the size of the hit-list, the more accurate and the more damage it can cause. Thirdly, the use of network topology can enable a worm to find its target because many hosts on the internet store information about other hosts on the network revealing their vulnerabilities [20]. Fourthly, a passive strategy is another approach worms employ in finding targets by patiently waiting for victims to communicate with where the worm is resident. Lastly, web searching is another strategy used by worms to find their targets because web searches avoid being detected by traditional detection techniques [12]. The second phase of a worm s life cycle is its transferring or propagation. It does this by employing three different schemes, namely: self-carried- this method allows the worm code to be transferred in a packet by itself. Second channelthis method allows the worm, after finding its target, to go into the target and download the worms code through a backdoor that has been installed by some applications. Embedded- this method allows the worm to attach its code to legitimate traffic for example an in order to hide itself [20]. This method is very deceitful and often unnoticed. The third phase of a worm s life cycle is worm activation, that is, how the worm is transmitted over the network. There ASIA & SKM 12-42

2 are two basic ways in which worms are transmitted over the network; they are transmission control protocol (TCP) and user datagram protocol (UDP). The main difference is that TCP worms are connection oriented because they require a connection to be established before infection can begin, unlike UDP worms that are connectionless and requires no connection to infect targets, this makes them spread very rapidly [9]. The last phase of a worm s life cycle is worm infection. This phase of the worm is associated with the actual worm code format. Worms usually send their code in a direct manner which causes detection systems to identify them quickly. Worms can be monomorphic in format; filling the code with irrelevant data but maintaining a single signature. They can also be polymorphic in format; that is, their code changes dynamically by scrambling them so that the worm takes different forms from different views though maintaining the same function. This type of worm format is very hard to be detected by signature-based detection. Another worm format is metamorphic worms. It changes not just appearance but also behavior [7]. Worm structures may have features that enable them to locate targets, propagate infections, a remote control that enables the author to control the worm remotely, an update interface that enables author to update the worm s code. Some examples of worms are Stuxnet, Morris Worm, Code Red, Nimda, Slammer, Sasser, Witty, etc. Detecting worm attacks has become a thing of concern because of the kind of havoc they can cause on networks. This research focuses on analyzing how intrusion detection systems (IDS) detect worm attacks. An intrusion detection system is hardware or software that is installed on the network or host computers that monitor data traffic on the network in order to discover illegitimate or malicious traffic that disobeys the security policy of a particular network [19]. IDS can be network-based or host-based. Network-based intrusion detection systems (NIDS) analyze network traffic at all layers of the open system interconnection (OSI) model and check for anomalous packet behavior or unwanted packet signatures, and when these are detected, it raises an alarm, calling for the attention of a security administrator. They are easy to deploy and can monitor traffic from many systems at once. Host-based intrusion detection systems (HIDS) are usually software installed on host systems and they generally analyze network traffic and system specific settings such as local security policy, local log audits, and so on [19]. Although both NIDS and HIDS have their strengths and limitations, a use of both at different points in the same network improve the effectiveness of threat detection. IDSs uses two schemes in detecting illegitimate traffic, these schemes are signature-based and anomaly-based detection methods. It is not just enough to detect worms. The next thing that should be done is to contain them and trace them back to the source. This research will only analyze the approaches of tracing back attacks. Attack trace back just as the name implies, is merely the tracing of attacks back to their origin. This can be seen as a sort of network forensics, which is the capture, recording and analysis of network events in order to discover the source of security attacks or other problem incidents. It is a reactive measure of attack trace back. There are many reactive approaches for attack trace back, they include; link testing, logging, ICMP (internet control message protocol) trace back and packet marking. II. MOTIVATION, OBJECTIVES, AND LIMITATIONS A. Motivation A lot of hacking activities have been taking place on the internet and one method employed is the use of computer worms. These attacks disrupt a lot of business activities destroying their resources and causing huge financial damages. Data recovery procedures are more expensive than the cost of implementing a network. Our motive is to make sure that the network is secured using the appropriate measure and attack trace back should be effective to bring these attackers to book. B. Objectives The main aim of this research is to survey and analyze the different worm detection schemes used by intrusion detection systems (IDS) in order to come up with reasonable justification for the use of any of the schemes. The second aim is to survey and analyze the various approaches in reactive attack trace back in order to see the most effective approaches or a combination of approaches that will aid in improving the effectiveness of attack trace back. C. Limitations Attack trace back is largely dependent on detecting these attacks. A major challenge in attack detection is the use of steganography, which is the principle of hiding information behind objects, image, sound and even ordinary text files. The second limitation is the technique of IP spoofing. This technique allows an attacker to impersonate an IP address and pretends to be the sender of packets even while he is somewhere else. This makes attack trace back fruitless because the wrong host will be traced. III. LITERATURE SURVEY A lot of businesses and organizations depend on computer networks for efficient and effective operations. One of the biggest threats to such businesses and organizations is computer worms. Computer worms are malicious pieces of code that propagate themselves via network connections, exploiting the security lapses in computers on the network. They propagate without human intervention [14]. In 1988, Robert Tappar Morris launched the first computer worm at Cornell University. The worm was later called the Morris Worm. It caused expensive and wide spread damage on all kinds of computer. It takes advantage of buffer overflow vulnerability [16]. Its original intention was to discover the number of hosts on the internet, but flaws in the program caused the code to copy itself multiple times to already ASIA & SKM 12-43

3 infected hosts, slowing them down until they became unusable. Another known computer worm is the Code Red I; it was first discovered running on Microsoft s internet information server (IIS) web service in It uses a blind scan which scans port 80 on random IP addresses in order to find vulnerable hosts and then launches a denial-of-service (DoS) attack. Later Code Red II was discovered which, unlike Code Red I, installs a backdoor on infected systems. Because of the havoc caused by computer worms on businesses and organizations, a need for detecting computer worms on networks arises. Security threats mainly come from intruders who are classified as either external intruders who are unauthorized users of machines they attack or internal intruders, who have restricted permission to the machines. Usually, traditional techniques such as authentication, encryption, and firewalls are used as a first line of security, but because of weak passwords, and vulnerabilities in firewalls these methods are unable to protect against malicious code. In 1987, Dorothy Denning proposed the concept of intrusion detection as a solution to the problem of providing a sense of security in computer systems. The concept involves abnormal usage of the system. Although many other techniques were later used, these techniques included using a statistical approach, predictive pattern generation, expert systems, key stroke monitoring, state transition analysis, pattern matching and data mining techniques [10]. An ideal intrusion detection system should function in the following manner: It should be able to detect known and unknown worms Minimal processing overhead during detection Very low level of administrator involvement Correctly detect worms that change signature Design should not be complex Require minimum memory In recent times, the modern scheme being employed in detecting worm attacks is the use of intrusion detection systems. They are a piece of hardware or software placed usually behind firewalls to detect illegitimate traffic, they can be network-based called NIDS or host-based called HIDS. There are many proposed algorithms for these detection methods but the two most common schemes used are signature-based detection and anomaly-based detection [14]. Signature-based detection is a regular method used by IDSs to detect attacks that are known, this is because an IDS analyzes incoming packets and matches the signature to the signature of known malicious attacks that are in its database; if the signature is matched, it raises an alert. It does not need any knowledge of normal traffic; it just needs a signature database. It does not care how a worm finds its target, propagates itself, or what transmission scheme it uses. One major challenge of signature-based IDSs are that because they needs to register a large number of known attacks, it consumes resources and takes time to search for known worm signatures. Another challenge is that, every day, worms are developed and so updating the database of signatures can be tasking and worms of unknown signatures can pass through the IDS. ASIA & SKM The second scheme is anomaly-based detection. Unlike signature-based detection, it does not care about the worms code or their content; rather they are interested in the packet headers in order to identify the type of connection the packet used [4]. They monitor and analyze network traffic to check for network behavior that disobeys normal or legitimate network activities and trigger an alarm. These detection schemes require the definition of legitimate or normal network behavior in which the anomaly-based detection IDS will be trained based on firing rule as in some artificial neural network. This training helps it generate a pattern for legitimate traffic and triggers an alarm when a pattern generated does not correspond to the network traffic pattern it dims to legitimate. This training can be supervised or unsupervised. The greatest challenge of anomaly-based detection is that, its whole activity is dependent on what was defined to it as normal network behavior. This means its training determines its performance [14]. Attack trace back is very important as it enables networks under attack, especially those of businesses and organizations, to hold attackers accountable for their malicious acts. Trace back methods can either be preventive or reactive [11]. Preventive methods are proactive in nature as they try to stop worm attacks before they even occur. Reactive measures focus on tracing attacks back to their source after they have occurred. A major challenge of reactive trace back is that it requires a large degree of cooperation from internet service providers (ISPs) which lead to legal and policy issues. This reactive trace back method is more effective if ISP cooperation is less needed and can be very effective in controlled networks like an enterprise network [1]. The characteristics of an ideal trace back system are: Should be able to trace an attack with a single packet Minimal processing during trace back Very low level of ISP involvement Should not require additional memory for routers and other network devices High level of protection should be offered during trace back Correctly trace back attacks consisting of packets that undergo any number of transformations of any type [8] The earliest reactive attack trace back approach is link testing. As the name implies, it traces packets from link to link, that is, hop-by-hop in order to determine the source of attack traffic. Starting from the router closest to the victim, it uses two testing schemes namely input debugging and controlled flooding [8]. Input debugging is a feature included in most routers. It involves the generating of attack signatures that match regular signatures contained in attack packets. It requires significant ISP cooperation in terms of time, personnel, and finance that may not be provided by some ISPs. In 2000, Burch and Cheswich developed a link-testing trace back technique that does not require much of ISP cooperation [5]. This technique was called controlled flooding, this is because it tests links by flooding them with large bursts of traffic from the attacker. Sager and Stone, in 1998 and 2000 respectively, suggested the use of log packets at key routers and then used data mining

4 techniques to determine the path that the packets traversed. Its major challenge was that the logging of packets consumes router memory which in turn could affect the speed of transmission [15] [17]. Tatsuya Baba and Shigeyuki Matsuda, in 2002, proposed an alternate and innovative logging approach [2]. It involves logging packets only when malicious traffic is detected by sensors built on the network; this allows tracers to log packets upon request. And also in logging, only certain important characteristics will be logged not the entire packet. This requires less storage and thus increases in speed compared to traditional logging methods [1]. Another approach is the ICMP (internet control message protocol) trace back. This approach was introduced by Bellovin in The concept is to let every router to generate an ICMP trace back message or itrace directed to the same destination as the selected packet. This itrace message contains the next and previous hop information and the time stamp [3]. Another trace back approach proposed is the use of packet marking method. This approach allows a router to add a mark to packets before forwarding them to the next router. This mark is unique; to be traced to all the intermediate hops by monitoring each mark added to the packets. This technique involves two schemes, namely deterministic packet marking (DPM) and probabilistic packet marking (PPM) [13]. IV. ANALYSIS After a survey of worm detection schemes of an intrusion detection system (IDS), Table I shows a clear comparison between signature-based and anomaly-based detection schemes. TABLE I COMPARISON BETWEEN SIGNATURE-BASED AND ANOMALY-BASED DETECTION SCHEMES Categories Signature-based Anomaly-based Design Easy Difficult Implementation Difficult Easy Application Worms and others Worms and others Detection speed Depends High Memory Depends Low Classification Known worms Unknown worms Carefully observing Table I, the distinction between signature-based and anomaly-based detection schemes are clearly analyzed. The interpretation is that in comparing both in terms of design, signature-based detection schemes are easier because only the worm signatures need to be understood, generated and stored in their respective databases. An efficient look-up procedure is initiated but in the case of anomaly-based detection schemes, an effort has to be made to first understand normal network behavior, to know how a worm propagates, and what transmission scheme it uses; all this knowledge is incorporated in them by training as in an artificial neural network, which allows them to understand and decide when network traffic is abnormal. This training phase is very difficult, expensive and time consuming. It is more like developing a brain, which makes design and tasking difficult. In terms of implementation, signature-based detection schemes are difficult because, during the course of their normal operations, new worm will have been discovered and their corresponding signatures generated; updating signature databases can make the implementation clumsy, as ideally less administrator involvement is preferred, which makes IDSs more efficient. In the case of anomaly-based detection schemes, administrator involvement is almost 0% because they are more intelligent and need no database or database update to function, this feature makes their implementation easier and more reliable. Detection speed using signature-based detection scheme largely depends on the size of the database; it can be fast for small worm signature databases, but when the database gets larger then searching becomes a factor that affects speed. Detection speed is very high with anomaly-based detection schemes because they are intelligent enough to discover packets that disobey normal network traffic. This intelligence is analogous to traffic police or a traffic light that regulates traffic movement of cars on the road. Memory requirements in a signature-based detection scheme are largely dependent on the number of signatures they need to store. Whereas, anomaly-based detection schemes only require a little and invariably a smaller amount of memory; only required to store and recognize abnormal network traffic behavior. Signature-based detection schemes are usually effective only when the worm is known, which is a constraint because new worms are developed every day. Anomaly-based detection schemes are intelligent and can be used to detect unknown worms which is an advantage considering the increase in development of new worms. Although signature-based and anomaly-based detection schemes have their differences, strengths, and limitations, they can both be used to detect worm attacks as well as other sorts of attack. Considering a survey of reactive attack trace back approaches, Table II illustrates the comparison of the different reactive attack trace backs. TABLE II QUALITATIVE COMPARISON OF DIFFERENT REACTIVE TRACE BACK APPROACHES Categories Input debugging Controlled flooding logging ICMP trace back Packet marking Compatibility High Low High Low Low Application Easy Fair Fair Easy Easy Post mortem N/A capability DDoS N/A N/A Exellent Excellent Classification Reactive Reactive Reactive Reactive Reactive Application DDoS DDoS DDoS and others DDoS and others ASIA & SKM 12-45

5 In Table II, the compatibility category shows the attack trace back approaches compatibility with existing protocol, routers and switches. The implementation category explains their support for increment; Post mortem capability explains the ability of trace back approaches to generate unique methods of simplifying attack trace back. Classification is in terms of these approaches basically being reactive and not preventive. Application explains how they can be used in tracing back distributed denial of service (DDoS) attacks which is basically caused by computer worms and other attacks. Looking at these attack trace back approaches from the perspective of an ideal trace back method, input debugging and packet flooding require a lot of ISP support which brings about legal and policy concerns even though they are highly compatible with existing protocol and routers. Logging is a lot better compared to the link testing approach mentioned above because it can be used for post attack analysis, but it also require ISP involvement which has already been described as a concerning issue; it also requires a lot of memory to store logs, these excessively large memory requirements can lead to slow processing speeds in routers. ICMP trace back and packet marking trace back can both be used for post-attack analysis and do not require ISP cooperation; but they do generate additional traffic, requiring modification to the protocol and in some cases, cannot be efficient in DDoS attacks. V. CONCLUSION It can be concluded that computer worms, as described in this research, poses some characteristics that enables them to evade traditional network security methods. In deploying the use of intrusion detection systems (IDS), considering the two basic intrusion detection schemes they use in terms of design, implementation, application, detection speed, memory requirement and classification, a careful analysis shows that anomaly-based detection schemes have more advantages. It can also be concluded that for worm attack trace backs, considering the reactive approaches in terms of compatibility, implementation, post-mortem capability, classification and application, also putting into account their corresponding advantages and disadvantages, that ICMP trace back and packet marking approaches are the most ideal. Computer worms can be stealth in attack, propagate quickly, change their form and infect computers on networks, causing great financial and operational losses to businesses and organizations, We recommend the use of distributed intrusion detection systems (DIDS) by installing NIDS behind the network firewall and HIDS on hosts on the major points of packet entrance in the network, that is, the servers. The IDSs should be given preference if they use anomaly-based detection schemes. An IDS with the incorporation of both signature-based and anomaly-based detection schemes is very possible. In the case of attack trace back, either ICMP or packet marking approaches will be ideal. Sometimes logging approaches are better because they can store attack detail information for a long time. But for real-time trace back, an approach that incorporates both logging and either ICMP trace back or packet marking can be very effective. REFERENCES [1] Aljifri H. (2003): IP trace back: A new denial-of-service deterrent. Published by the IEEE computer society. [2] Baba T and Matsuda S, (2002): Tracing Network Attacks to Their Sources, IEEE Internet Computing, vol. 6, no. 3, pp [3] Bellovin S, (2000): ICMP trace back messages, Internet Draft: draftbellovin-itrace-00.txt. [4] Bolzoni S and Hartel P, (2006): POSEIDON: A 2-Tier Anomaly- Based Network Intrusion Detection System, Proceeding 4th IEEE International Workshop Information Assurance. [5] Burch H and Cheswick B (2000): Tracing Anonymous Packets to Their Approximate Source, Proceedings 14th Conference of Systems Administration, Usenix Association, pp [6] Cisco learning product. (2009): Interconnecting Cisco networking devices. Part 1, Volume 1, Version 1.0. [7] Glazer D, (2005): Computer Worms, [8] John A and Sivakumar T. (2009): DDoS: Survey of trace back methods. [9] Moore V et al., (2003): Inside the Slammer Worm, IEEE Security & Privacy, vol. 1, pp [10] Mukkamala S, Sung A. and Abraham A. (2005): Intrusion Detection Using Ensemble of Soft Computing and Hard Computing Paradigms. Journal of Network and Computer Applications, Elsevier Science, Vol. 28, Issue 2, pp [11] Murali B, Natarajan A and Sivanandam N. (2007): New promising IP trace back approach and its comparison with existing approaches Information Technology Journal 6 (2): [12] Niels Provos J and Wang K, (2006): Search Worms, Proceeding ACM WORM 06. [13] Park K and Lee H. (2001): On the effectiveness of probabilistic packet marking for IP Trace back under a denial of service attack. In Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies. [14] Pele L.; Mehdi S. and Xiao S. (2008): A survey of internet worm detection and containment. IEEE communication surveys, first quarter, volume 10. No. 1. Pp [15] Sager G, (1998) Security Fun with OCxmon and cflowd, presented at the Internet 2 Working Group. [16] Spafford E, (1989): The Internet Worm Program: An Analysis, Computer Communication Review. [17] Stone R, (2000): CenterTrack: An IP Overlay Network for Tracking DoS Floods, Proceeding 9th Usenix Security Symposium, Usenix Association, pp [18] Tachibana T. (2010): Understanding the behaviour of worm through parallel worm simulator. A research work at the California State University, Monteray Bay. USA. [19] Tzeyoung W. (2009): Information Assurance Technology Analysis Center (IATAC), Information Assurance Tools Report Intrusion Detection system. Sixth edition. [20] Weaver V, Staniford S and Cunningham R, (2003): A Taxonomy of Computer Worms, Proceeding ACM WORM 03. [21] Zou T, Gong W and Cai S, (2005): Routing Worm: A Fast, Selective Attack Worm Based on IP Address Information, Proceedings 19 th ACM/IEEE/SCS Workshop Principles of Advanced and Distribution Simulation.. ASIA & SKM 12-46

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Review of Anomaly Detection Techniques in Network Intrusion Detection System A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In

More information

Flexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks

Flexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks Flexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks Prashil S. Waghmare PG student, Sinhgad College of Engineering, Vadgaon, Pune University, Maharashtra, India. prashil.waghmare14@gmail.com

More information

Network Based Intrusion Detection Using Honey pot Deception

Network Based Intrusion Detection Using Honey pot Deception Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.

More information

Taxonomy of Intrusion Detection System

Taxonomy of Intrusion Detection System Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use

More information

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Role of Anomaly IDS in Network

Role of Anomaly IDS in Network Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,

More information

INTRUSION DETECTION SYSTEMS and Network Security

INTRUSION DETECTION SYSTEMS and Network Security INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

Intruders and viruses. 8: Network Security 8-1

Intruders and viruses. 8: Network Security 8-1 Intruders and viruses 8: Network Security 8-1 Intrusion Detection Systems Firewalls allow traffic only to legitimate hosts and services Traffic to the legitimate hosts/services can have attacks CodeReds

More information

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli WORMS : attacks, defense and models Presented by: Abhishek Sharma Vijay Erramilli What is a computer worm? Is it not the same as a computer virus? A computer worm is a program that selfpropagates across

More information

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection

More information

Intrusion Detection Systems

Intrusion Detection Systems Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics

More information

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended

More information

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

A Proposed Architecture of Intrusion Detection Systems for Internet Banking

A Proposed Architecture of Intrusion Detection Systems for Internet Banking A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION 21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless

More information

Packet-Marking Scheme for DDoS Attack Prevention

Packet-Marking Scheme for DDoS Attack Prevention Abstract Packet-Marking Scheme for DDoS Attack Prevention K. Stefanidis and D. N. Serpanos {stefanid, serpanos}@ee.upatras.gr Electrical and Computer Engineering Department University of Patras Patras,

More information

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software CEN 448 Security and Internet Protocols Chapter 19 Malicious Software Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

Intrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12

Intrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12 Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

IDS : Intrusion Detection System the Survey of Information Security

IDS : Intrusion Detection System the Survey of Information Security IDS : Intrusion Detection System the Survey of Information Security Sheetal Thakare 1, Pankaj Ingle 2, Dr. B.B. Meshram 3 1,2 Computer Technology Department, VJTI, Matunga,Mumbai 3 Head Of Computer TechnologyDepartment,

More information

The Internet provides a wealth of information,

The Internet provides a wealth of information, IP Traceback: A New Denial-of-Service Deterrent? The increasing frequency of malicious computer attacks on government agencies and Internet businesses has caused severe economic waste and unique social

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

Demystifying the Myth of Passive Network Discovery and Monitoring Systems

Demystifying the Myth of Passive Network Discovery and Monitoring Systems Demystifying the Myth of Passive Network Discovery and Monitoring Systems Ofir Arkin Chief Technology Officer Insightix Copyright 2012 - All Rights Reserved. This material is proprietary of Insightix.

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

Science Park Research Journal

Science Park Research Journal 2321-8045 Science Park Research Journal Original Article th INTRUSION DETECTION SYSTEM An Approach for Finding Attacks Ashutosh Kumar and Mayank Kumar Mittra ABSTRACT Traditionally firewalls are used to

More information

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs Security Engineering Part III Network Security Intruders, Malware, Firewalls, and IDSs Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer

More information

A SURVEY OF INTERNET WORM DETECTION

A SURVEY OF INTERNET WORM DETECTION 1ST QUARTER 2008, VOLUME 10, NO. 1 IEEE COMMUNICATIONS SURVEYS The Electronic Magazine of Original Peer-Reviewed Survey Articles www.comsoc.org/pubs/surveys A SURVEY OF INTERNET WORM DETECTION AND CONTAINMENT

More information

THE ROLE OF IDS & ADS IN NETWORK SECURITY

THE ROLE OF IDS & ADS IN NETWORK SECURITY THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker

More information

How To Protect Your Network From Attack From A Hacker On A University Server

How To Protect Your Network From Attack From A Hacker On A University Server Network Security: A New Perspective NIKSUN Inc. Security: State of the Industry Case Study: Hacker University Questions Dave Supinski VP of Regional Sales Supinski@niksun.com Cell Phone 215-292-4473 www.niksun.com

More information

Review Study on Techniques for Network worm Signatures Automation

Review Study on Techniques for Network worm Signatures Automation Review Study on Techniques for Network worm Signatures Automation 1 Mohammed Anbar, 2 Sureswaran Ramadass, 3 Selvakumar Manickam, 4 Syazwina Binti Alias, 5 Alhamza Alalousi, and 6 Mohammed Elhalabi 1,

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall

More information

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION

More information

Intrusion Detection for Mobile Ad Hoc Networks

Intrusion Detection for Mobile Ad Hoc Networks Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems

More information

Tracing Network Attacks to Their Sources

Tracing Network Attacks to Their Sources Tracing Network s to Their Sources Security An IP traceback architecture in which routers log data about packets and adjacent forwarding nodes lets us trace s to their sources, even when the source IP

More information

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor

More information

Application Security Backgrounder

Application Security Backgrounder Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International

More information

Second-generation (GenII) honeypots

Second-generation (GenII) honeypots Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they

More information

IDS / IPS. James E. Thiel S.W.A.T.

IDS / IPS. James E. Thiel S.W.A.T. IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods

More information

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline

More information

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose

More information

Comparing Two Models of Distributed Denial of Service (DDoS) Defences

Comparing Two Models of Distributed Denial of Service (DDoS) Defences Comparing Two Models of Distributed Denial of Service (DDoS) Defences Siriwat Karndacharuk Computer Science Department The University of Auckland Email: skar018@ec.auckland.ac.nz Abstract A Controller-Agent

More information

Security Toolsets for ISP Defense

Security Toolsets for ISP Defense Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.

More information

Name. Description. Rationale

Name. Description. Rationale Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.

More information

A Novel Packet Marketing Method in DDoS Attack Detection

A Novel Packet Marketing Method in DDoS Attack Detection SCI-PUBLICATIONS Author Manuscript American Journal of Applied Sciences 4 (10): 741-745, 2007 ISSN 1546-9239 2007 Science Publications A Novel Packet Marketing Method in DDoS Attack Detection 1 Changhyun

More information

Denial of Service. Tom Chen SMU tchen@engr.smu.edu

Denial of Service. Tom Chen SMU tchen@engr.smu.edu Denial of Service Tom Chen SMU tchen@engr.smu.edu Outline Introduction Basics of DoS Distributed DoS (DDoS) Defenses Tracing Attacks TC/BUPT/8704 SMU Engineering p. 2 Introduction What is DoS? 4 types

More information

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of

More information

TECHNICAL NOTE 10/03 DEPLOYMENT GUIDANCE FOR INTRUSION DETECTION SYSTEMS

TECHNICAL NOTE 10/03 DEPLOYMENT GUIDANCE FOR INTRUSION DETECTION SYSTEMS TECHNICAL NOTE 10/03 DEPLOYMENT GUIDANCE FOR INTRUSION DETECTION SYSTEMS 19 NOVEMBER 2003 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

STUDY OF IMPLEMENTATION OF INTRUSION DETECTION SYSTEM (IDS) VIA DIFFERENT APPROACHS

STUDY OF IMPLEMENTATION OF INTRUSION DETECTION SYSTEM (IDS) VIA DIFFERENT APPROACHS STUDY OF IMPLEMENTATION OF INTRUSION DETECTION SYSTEM (IDS) VIA DIFFERENT APPROACHS SACHIN MALVIYA Student, Department of Information Technology, Medicaps Institute of Science & Technology, INDORE (M.P.)

More information

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow IDS 4.0 Roadshow Module 1- IDS Technology Overview Agenda Network Security Network Security Policy Management Protocols The Security Wheel IDS Terminology IDS Technology HIDS and NIDS IDS Communication

More information

NETWORK INTRUSION DETECTION SYSTEM USING HYBRID CLASSIFICATION MODEL

NETWORK INTRUSION DETECTION SYSTEM USING HYBRID CLASSIFICATION MODEL NETWORK INTRUSION DETECTION SYSTEM USING HYBRID CLASSIFICATION MODEL Prof. Santosh T. Waghmode 1, Prof. Vinod S. Wadne 2 Department of Computer Engineering, 1, 2 JSPM s Imperial College of Engineering

More information

INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad

INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad OUTLINE Security incident Attack scenario Intrusion detection system Issues and challenges Conclusion

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

More information

SURVEY OF INTRUSION DETECTION SYSTEM

SURVEY OF INTRUSION DETECTION SYSTEM SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT

More information

Analysis of IP Spoofed DDoS Attack by Cryptography

Analysis of IP Spoofed DDoS Attack by Cryptography www..org 13 Analysis of IP Spoofed DDoS Attack by Cryptography Dalip Kumar Research Scholar, Deptt. of Computer Science Engineering, Institute of Engineering and Technology, Alwar, India. Abstract Today,

More information

Performance Evaluation of Intrusion Detection Systems

Performance Evaluation of Intrusion Detection Systems Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

DDoS Protection Technology White Paper

DDoS Protection Technology White Paper DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of

More information

co Characterizing and Tracing Packet Floods Using Cisco R

co Characterizing and Tracing Packet Floods Using Cisco R co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1

More information

Intelligent Worms: Searching for Preys

Intelligent Worms: Searching for Preys Intelligent Worms: Searching for Preys By Zesheng Chen and Chuanyi Ji ABOUT THE AUTHORS. Zesheng Chen is currently a Ph.D. Candidate in the Communication Networks and Machine Learning Group at the School

More information

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society

More information

Intrusion Detection Systems

Intrusion Detection Systems Intrusion Detection Systems Advanced Computer Networks 2007 Reinhard Wallner reinhard.wallner@student.tugraz.at Outline Introduction Types of IDS How works an IDS Attacks to IDS Intrusion Prevention Systems

More information

A Review on Network Intrusion Detection System Using Open Source Snort

A Review on Network Intrusion Detection System Using Open Source Snort , pp.61-70 http://dx.doi.org/10.14257/ijdta.2016.9.4.05 A Review on Network Intrusion Detection System Using Open Source Snort Sakshi Sharma and Manish Dixit Department of CSE& IT MITS Gwalior, India Sharmasakshi1009@gmail.com,

More information

Banking Security using Honeypot

Banking Security using Honeypot Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information

More information

Development of a Network Intrusion Detection System

Development of a Network Intrusion Detection System Development of a Network Intrusion Detection System (I): Agent-based Design (FLC1) (ii): Detection Algorithm (FLC2) Supervisor: Dr. Korris Chung Please visit my personal homepage www.comp.polyu.edu.hk/~cskchung/fyp04-05/

More information

Intrusion Detection Systems

Intrusion Detection Systems Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Contents Motivation and basics (Why and what?) IDS types and detection principles Key Data Problems

More information

Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)

Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS) ISCA Journal of Engineering Sciences ISCA J. Engineering Sci. Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS) Abstract Tiwari Nitin, Solanki Rajdeep

More information

CSE331: Introduction to Networks and Security. Lecture 15 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 15 Fall 2006 CSE331: Introduction to Networks and Security Lecture 15 Fall 2006 Worm Research Sources "Inside the Slammer Worm" Moore, Paxson, Savage, Shannon, Staniford, and Weaver "How to 0wn the Internet in Your

More information

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates

More information

Complete Protection against Evolving DDoS Threats

Complete Protection against Evolving DDoS Threats Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

IP Tracing and Active Network Response

IP Tracing and Active Network Response IP Tracing and Active Network Response Tarek S. Sobh Egyptian Armed Forces, Cairo, Egypt tarekbox2000@arabia.com Awad H. Khalil Department of Computer Science, The American University in Cairo, Egypt akhalil@aucegypt.edu

More information

Computer Security DD2395

Computer Security DD2395 Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare

More information

Network Incident Report

Network Incident Report To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850

More information

Intrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of

Intrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of Intrusion Detection Tianen Liu May 22, 2003 I. Abstract Computers are vulnerable to many threats. Hackers and unauthorized users can compromise systems. Viruses, worms, and other kinds of harmful code

More information

IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order

More information

International Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849

International Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849 WINDOWS-BASED APPLICATION AWARE NETWORK INTERCEPTOR Ms. Shalvi Dave [1], Mr. Jimit Mahadevia [2], Prof. Bhushan Trivedi [3] [1] Asst.Prof., MCA Department, IITE, Ahmedabad, INDIA [2] Chief Architect, Elitecore

More information

Voice Over IP (VoIP) Denial of Service (DoS)

Voice Over IP (VoIP) Denial of Service (DoS) Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based

More information

Intrusion Detection System (IDS)

Intrusion Detection System (IDS) Intrusion Detection System (IDS) Characteristics Systems User, Process predictable actions describing process under that actions what pattern subvert actions attack of correspond the systems processes

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

ΕΠΛ 674: Εργαστήριο 5 Firewalls

ΕΠΛ 674: Εργαστήριο 5 Firewalls ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized

More information

NEW TECHNIQUES FOR THE DETECTION AND TRACKING OF THE DDOS ATTACKS

NEW TECHNIQUES FOR THE DETECTION AND TRACKING OF THE DDOS ATTACKS NEW TECHNIQUES FOR THE DETECTION AND TRACKING OF THE DDOS ATTACKS Iustin PRIESCU, PhD Titu Maiorescu University, Bucharest Sebastian NICOLAESCU, PhD Verizon Business, New York, USA Rodica NEAGU, MBA Outpost24,

More information

Contents. Intrusion Detection Systems (IDS) Intrusion Detection. Why Intrusion Detection? What is Intrusion Detection?

Contents. Intrusion Detection Systems (IDS) Intrusion Detection. Why Intrusion Detection? What is Intrusion Detection? Contents Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Motivation and basics (Why and what?) IDS types and principles Key Data Problems with

More information

Volume 3, Issue 3, March 2015 International Journal of Advance Research in Computer Science and Management Studies

Volume 3, Issue 3, March 2015 International Journal of Advance Research in Computer Science and Management Studies Volume 3, Issue 3, March 2015 International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online at: www.ijarcsms.com A Review

More information

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc. TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...

More information

CS 356 Lecture 16 Denial of Service. Spring 2013

CS 356 Lecture 16 Denial of Service. Spring 2013 CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

Two State Intrusion Detection System Against DDos Attack in Wireless Network

Two State Intrusion Detection System Against DDos Attack in Wireless Network Two State Intrusion Detection System Against DDos Attack in Wireless Network 1 Pintu Vasani, 2 Parikh Dhaval 1 M.E Student, 2 Head of Department (LDCE-CSE) L.D. College of Engineering, Ahmedabad, India.

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Distributed Denial of Service (DDoS)

Distributed Denial of Service (DDoS) Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information