Study .

Uploaded on:
Category: Fashion / Beauty
Intended to test frameworks that perform
Slide 1

Marmagna Desai [ 592 Presentation] Survey – IDS Testing

Slide 2

Contents Introduction Paper I – A procedure for Testing IDS Paper II-Intrusion Detection Testing and Benchmarking Methodology Summary – Paper I Summary – Paper II Conclusion Reference

Slide 3

Introduction IDS advancement and The PROBLEMS. False Positives Misses Realistic Traffic Generation Need for Generalized Testing Methodology. Paper I – Individual endeavor to take care of above Problems. Paper II – A commentry on such past endeavors and future requirement for improvement. This Survey abridged both papers with indisputable comments.

Slide 4

Introduction... A Methodology for Testing IDS One of the numerous early endeavors made in 90\'s [1996] Can be seen as One Methodology for testing Network based IDS. In light of Software Engineering Test ideas. Recognizes set of general IDS execution Objectives. UNIX device: Expect utilized and improved for movement era Experimental IDS: NSM (Network Security Monitor)

Slide 5

Introduction ID testing and Benchmarking Methodologies Commentary on real endeavors to outline Evaluation Environment for ID Testing. Existing Tools and Methodologies. DARPA and LARIAT [Environments] TCPReplay, IDSWakeup, WebAvalanche, HPING2 and so on. [Tools] Issues in growing such environment Background Traffic Database for assaults Testing restricted by case-by-case situations. High Costs and Security issues.

Slide 6

Introduction... ID Testing and Benchmarking Methodologies Examples of Evaluation Environments Environment taking into account DARPA Custom Software [ Reference: Paper I ] Vendor Independent LAB Comments on the weaknesses on every single such endeavor and proposes a requirement for exceptionally broad way to deal with construct such environment.

Slide 7

Summary – Paper I Custom Software way to deal with fabricate assessment environment – w.r.t. Paper II Facts: One proving ground for one arrangement of related assaults. IDS influenced by framework conditions – Stress. NOT general environment – w.r.t. IDS execution Objectives. Reenactment of User-Behaviors Software Engineering approach.

Slide 8

Software Platform – Paper I Unix instrument EXPECT: Simulation of "typical" and "interloper" conduct. Stretches out TCL mediator to give recreation scripts. Creators have extended the Expect for to include: Concurrent scripts Synchronized and Communicative scripts Interleaving of execution charges by clients. Replaying

Slide 9

Performance Objectives – Paper I IDS Objectives – Necessary yet not adequate. Expansive Detection Range Economy in Resource Usage Resilience to Stress Test – Case Selection Based on "proportionality apportioning" of set of interruptions. [Software Engg approach] Based on Taxonomy of Vulnerabilities – IDS may or won\'t not recognize interruptions inside class. In view of Signatures – Very little classes.

Slide 10

Test-Case Selection Ideal experiment: Combine each of the three ways to deal with address the issue of specific site on which IDS is utilized!!

Slide 11

Testing Methodology - Paper I General Methodology: Create and select test scripts [normal/interruption scripts] Establish fancied conditions – perf. Destinations. Begin IDS Run Test Scripts Analyze the IDS\'s yield

Slide 12

Testing Methodology... (PI) Conditions Intrusion Identification – Basic IDS test Resource Usage – how much assets utilized by IDS. Stress Load – Testing IDS as low CPU need task.[nice] Intensity-Lot of exercises created in brief time. Foundation Noise Always made by "Typical" clients. e.g. Telnet Sessions connected with IDS host.

Slide 13

Limitations – Paper I Scripts can not mimic clients in GUI environment. Intended to test frameworks that perform "abuse recognition" - Anomaly discovery is not considered. Not summed up for every single conceivable assault [??] Limited in Performance Objectives Replaying can be more Realistic

Slide 14

Summary – Paper II DARPA approach Government undertaking – private and secure Generate foundation activity intertwined with interruptions. Movement can be produced by... Gather genuine information and assault real organization. Disinfect information and present assault in information itself Synthesize non-delicate movement starting with no outside help

Slide 15

DARPA ... This methodology had numerous deficiencies.. No push to distinguish false positives. Information rates and variety with time never considered. [stress] Attacks were uniformly disseminated. Size of preparing information might be deficient. However, DARPA was significant push to fabricate such summed up Evaluation Environment for IDS testing.

Slide 16

LARIAT Lincoln Adaptable Real-Time Information Assurance Test-Bed Emulates the Network Traffic from a little association associated with Internet. This was another endeavor to fabricate assessment approach. Highlights: High Throughput abilities. Different assault situations Windows Traffic into record. More Realistic and completely Automated

Slide 17

Tools TCPReplay: Provides foundation movement by replaying pre-recorded activity from system joins. IDSWakeup: Generates false assaults, with a specific end goal to figure out whether IDS produces alarms. WebAvalanche: Stress-Testing apparatus for web applications and servers. HPING2: Command line parcel constructing agent and analyser. Fragrouter: Routes system movement with the end goal that it evade generally NIDS.

Slide 18

Issues Traffic era Background Traffic: contains non-vindictive information. Assault activity: real testing information for IDSs. Databases Attacks force can fluctuate continuously Databases should be kept up and overhauled. High cost Effects of systems administration components – Security Issue Firewalls, intermediary server, ACLs and so on

Slide 19

Present Evaluation Environments DARPA – Environment Attack infusion programs used to place assaults. Activity era was like early exertion. Casualty PC was unknown FTP server. Environment concentrated on DOS assault.

Slide 20

Environments.... Custom Software.. Same as Paper I approach. Merchant Independent Testing Lab. Made by NSS bunch Build specific lab to perform assaults on IDS Provides reports talking vast scope of assaults. Concentrates on UI, legal sciences and log administration.

Slide 21

Conclusion Evaluation Environment – NOT only a Tool. No single procedure for testing IDS for each Attack. The BEST way: Evaluate IDS utilizing live or recorded genuine – site particular movement. DARPA examination was huge Provides practical assessment environment Require part of revamp and not summed up.

Slide 22

Survey Comments Development of IDS testing Methodology is in procedure. General, open-source and reasonable Evaluation Environment is required – NOT only a device. Unless general strategy created, IDS configuration and usage will confront issues.. False positive and Misses Failure in Stress Conditions. IDS – Only a Part of Security!!

Slide 23

References Pieta, Nicholas J.; Chung, Mandy;, Olsson, Ronald An and Mukherjee, Biswanath. "A procedure for testing Intrusion Detection Systems", IEEE Transactions on Software Engineering, 22, 1996, ppl. 719-720. Athanasiades, Nicholas;Abler, Randal;Levine, John; Owen, Henry;Riley, George. "Interruption Detection Testing and Benchmarking Methodologies", IEEE International Information Assurance Workshop, 2003

Slide 24

Thank You!! Questions ?

View more...