Brief summaries of computer security system Multi-layer defense: First layer is static access mechanisms, such as passwords and file permissions. Disadvantages: Limited to provide comprehensive security; Overly restrictive for legitimate users of computer system;
Brief summaries of computer security system Multi-layer defense: ⚫ First layer is static access mechanisms, such as passwords and file permissions. Disadvantages: — Limited to provide comprehensive security; — Overly restrictive for legitimate users of computer system;
Brief summaries of computer security system Multi-layer defense: second layer is cryptography,which is used for providing secure channels and host authentication Another layer is firewall,which filters out undesirable network traffic in a network system
Brief summaries of computer security system Multi-layer defense: ⚫ second layer is cryptography, which is used for providing secure channels and host authentication ⚫ Another layer is firewall, which filters out undesirable network traffic in a network system
Brief summaries of computer security system Multi-layer defense: The latest layer of defense is provided by dynamic protection systems that can detect and prevent intrusion,namely,is known as Intrusion Detection System(IDS)
Brief summaries of computer security system Multi-layer defense: ⚫ The latest layer of defense is provided by dynamic protection systems that can detect and prevent intrusion, namely, is known as Intrusion Detection System(IDS)
What is IDS? Mathematical description for IDS: U:universe set, S:normal/legitimate/acceptable pattern set (self set ) N:anomalous/illegitimate/unacceptable pattern set(nonself set), SUN=U,S∩N=Φ False IDS=(f,M),f is a nonlinear classification function,M is positives detection range of detection system, U f:U*×U→{normal,anomalous? Nonself normal,S∈M Self f(M,s)= False anomalous,otherwise negatives
What is IDS? Mathematical description for IDS: U:universe set, S: normal/legitimate/acceptable pattern set (self set ), N: anomalous/illegitimate/unacceptable pattern set (nonself set), S∪N=U, S∩N=Ф IDS=(f, M), f is a nonlinear classification function, M is detection range of detection system, f: U*×U→{normal, anomalous} = anomalous otherwise normal s M f M s , , ( , ) Nonself Self False positives False negatives M U
IDS'Architecture and Classification for IDS ●Architecture of IDS Analysis console 个 Alert Sensor Analyzer Response/control Knowledge base Policy/control info
IDS’ Architecture and Classification for IDS ⚫ Architecture of IDS Sensor Analyzer Knowledge base Response/control Policy/control info Alert Analysis console