DETECT SECURITY PREVENT ATTACKS

THREATS
It can block or
IDPS helps identify
prevent certain
and alert
types of attacks
administrators about
from harming
suspicious activity
systems.
or intrusions.
DS PS
(INTRUSION
ETECTION SYSTEM)
(INTRUSION
REVENTION
SYSTEM)
KEY FUNCTIONS OF IDPS
1.TRAFFIC MONITORING: CONTINUOUSLY MONITORS INCOMING AND
OUTGOING NETWORK TRAFFIC.
2. PATTERN RECOGNITION: IDENTIFIES KNOWN ATTACK PATTERNS OR
•SUSPICIOUS BEHAVIOR.
3. ALERTING: SENDS NOTIFICATIONS TO ADMINISTRATORS
WHEN
•SUSPICIOUS ACTIVITY IS DETECTED.
4. BLOCKING: STOPS OR MITIGATES ATTACKS IN REAL-TIME (IN IPS).
5.LOGGING: KEEPS RECORDS OF DETECTED INCIDENTS FOR ANALYSIS AND
REVIEW.
TYPES OF
IDPS
 HOST-BASE IDPS(HIDPS)

Host-based Intrusion Detection and Prevention

Systems (HIDPS) is a type of intrusion
detection and prevention system that
monitors and analyzes the activity of
individual hosts (computers, servers, etc.) on
a network. HIDPS is designed to detect and
prevent unauthorized access, malicious
activity, and other security threats at the host
level.
 APPLICATION
1. ENDPOINT PROTECTION: HIDPS IS COMMONLY USED FOR ENDPOINT
PROTECTION, PARTICULARLY IN ENVIRONMENTS WITH HIGH-SECURITY
• REQUIREMENTS.
2. SERVER PROTECTION: HIDPS IS ALSO USED TO PROTECT SERVERS,
PARTICULARLY THOSE HOSTING SENSITIVE DATA OR APPLICATIONS.
3. CLOUD SECURITY: HIDPS IS USED IN CLOUD SECURITY TO PROTECT
• CLOUD-BASED INFRASTRUCTURE AND APPLICATIONS.
4. IOT SECURITY: HIDPS IS USED IN IOT SECURITY TO PROTECT IOT
DEVICES AND NETWORKS FROM SECURITY THREATS.
 NETWORK-BASE IDPS(NIDPS)

Network-based Intrusion Detection and Prevention Systems

(NIDPS) is a type of intrusion detection and prevention system
that monitors and analyzes network traffic to detect and prevent
unauthorized
access, malicious activity, and other security threats.
ADVANTAGE Disadvantage
1.Real time deletion
1. complicity
and prevention
2.False
2.scability
positive
3.prevention Capability
3.Performance
impact
 WIRELESS IDPS

Wireless Intrusion Detection and Prevention Systems (WIDPS)

is a type of intrusion detection and prevention system that
monitors and analyzes wireless network traffic to detect and
prevent
unauthorized access, malicious activity, and other security
threats.
 KEY
CHARACTERISTICE
1.Wireless Network Monitoring:
WIDPS monitors
wireless network traffic,
including Wi-Fi, Bluetooth, and
other wireless protocols.
2.Real-time Detection and
Prevention: WIDPS detects and
prevents security threats in real-
time, reducing the risk
of security breaches.

3.Wireless-specific Threat Detection: WIDPS detects wireless-specific

threats, such as rogue access points, wireless malware, and wireless
denial-of-service (DoS) attacks.
 HYBRIDE IDPS

Hybrid IDPS is a type of intrusion detection and prevention

system that combines multiple detection technologies, such as
signature-
based detection, anomaly-based detection, and behavioral
analysis, to provide comprehensive security monitoring and
protection.
 HYBRIDE IDPS WORKS

1.Traffic Capture: Hybrid IDPS captures network traffic,

including packets, flows, and sessions.
2.Traffic Analysis: Hybrid IDPS analyzes the captured traffic
using multiple detection technologies, such as signature-based
detection,
anomaly-based detection, and behavioral analysis.
3. Threat Detection: Hybrid IDPS detects security threats,
including known and unknown threats, and vulnerabilities.
4. Prevention: Hybrid IDPS prevents malicious activity by blocking
or dropping suspicious traffic
DETECTION METHOD
IN IDPS
SIGNATURE BASE DETECTION
Signature-based detection is a method
used in ìDPS to identify and detect
known security threats by comparing
network traffic against a database of
known attack signatures. These
signatures are typically based on the
characteristics of known malware,
viruses, and other type of security
threats.
 ADVANTAGE DISADVANTAGE
- Effective against - Ineffective against
known security unknown or zero-day
threats attacks
” - Fast and - Requires regular
detection
efficient updates to the
- Low false :gnature database
positive
rate
 Anomaly based Detection

threats by monitoring network traffic for

unusual patterns or behaviors. This method
uses statistical models and machine y
algorithms to establish a baseline of
learning
normal network behavior and then
identifies deviations from this baseline as
potential security threats.
 HOW IT
WORKS
• - A BASELINE OF NORMAL NETWORK BEHAVIOR IS
ESTABLISHED USING STATISTICAL MODELS AND MACHINE
LEARNING ALGORITHMS.
•- NETWORK TRAFFIC IS MONITORED AND
ANALYZED FOR UNUSUAL PATTERNS OR
BEHAVIORS THAT DEVIATE FROM THE
ESTABLISHED BASELINE.
•- IF AN ANOMALY IS DETECTED, THE IDPS SYSTEM
ALERTS THE SECURITY ADMINISTRATOR AND
TAKES ACTION TO PREVENT THE ATTACK.
 HYBRIDE BASE DETECTION
Hybrid detection is a method used in
IDPS that combines the strengths of
signature-based detection and anomaly-
based detection. This method
uses '
combination of signature-based
and anomaly-based detection
comprehensive security threat
detection
 ADVANTAGE DISADVANTAGE
- Provides comprehensive
security monitoring and - Can be complex
threat detection to implement
- Combines the strengths of andmanag
signature-based detection e require
- May
and anomaly-based significant resources
detection and
- Can detect both - Can generate false
expertise
and unknown security
known positives if not
hreats properly tuned.
3. D D oS Att ack Miti gati on for E-Commerce Sites

4. Protecti ng Government Agencies from Espionage

5. IoT Security in Smart Manufacturing

6. Cloud Security for Hybrid Enterprises

7. Preventi ng Insider Threats in Corporate Environments

THANK
YOU