IFDS - Case Study

 


Problem Statement

      An Intrusion and Fraud Detection System- A security service that monitors and analyzes system events for the purpose of finding and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner. The system provides support for LAN and WAN simultaneously. An intruder is somebody attempting to break into or misuse your system. The word "misuse" is broad, and can reflect something severe as stealing confidential data to something minor such as misusing your email system for spam.
There is need of an automated system that provides the solution for the fraud detection as well as intrusion detection as employees within an organization can steal confidential data or misuse/gain unauthorized access to the resources available in the organization.

Solution

      The solution is to develop a Cyber Warning Alert Termination system that will help an organization to maintain a profile of each employee and keep a track on the resources utilized as well as assets used. The system consists of an OPDC (Operation Defense Controller) across a LAN and SDC (Segment Defense Controller) across a WAN.
When an illegal activity is detected across WAN an alert is sent to the OM (Organization Monitor) by the SDC while in LAN the same is done by the OPDC. The Organization Monitor is responsible for handling the alert that has been sent. A knowledgebase is maintained that consists of the company policies and employee profiles. This knowledgebase is referred to when the OM has to decide on the level of severity of the alert and the action to be taken in case am alert is present.

The software is divided into two main modules :

1. Intrusion detection system
      IDS monitors packets on the network wire and attempts to discover if a hacker/cracker is attempting to break into a system (or cause a denial of service attack). A typical example is a system that watches for large number of TCP connection requests to many different ports on a target machine, thus discovering if someone is attempting a TCP port scan. A IDS runs either on the target machine who watches its own traffic (usually integrated with the stack and services themselves), or on an independent machine promiscuously watching all network traffic (hub, router, probe). Note that a "network" IDS monitors many machines, whereas the others monitor only a single machine (the one they are installed on). It also detects when a normal user somehow acquires root/administrator level privileges.

2. Fraud Detection System
      FDS detects the possible frauds without straining the billing system. It identifies a fraudulent subscriber at an earlier stage using predefined fraudulent events. It also has the facility to check Roaming Subscription Fraud. This is done by call pattern matching and building a firewall to prevent re-entry of fraudulent subscriber. If any anomaly is detected then an alarm is generated. There is provision to integrate with CRMT (Credit Risk Management Team), prepaid billing system (Hot Billing), customer care & billing system.

Primary Goal:

For further queries contact info@zenwaves.com
L o g i n
1
Employee Login
a
N e w s
  • Zenwaves launches its network security

  • Another significant leap-Image processing domain

  • Initiative towards promoting Open-Source Software

    • Knowledge Center
    Case Studies
      Articles
      downloads
      Careers
      Japanese Version

    		 
      © 2008 Zenwaves STPL. All rights reserved.