Академический Документы
Профессиональный Документы
Культура Документы
Though they both relate to network security, an IDS differs from a firewall
in that a firewall looks outwardly for intrusions in order to stop them from
happening. Firewalls limit access between networks to prevent intrusion
and do not signal an attack from inside the network. An IDS describes a
suspected intrusion once it has taken place and signals an alarm. An IDS
also watches for attacks that originate from within a system. This is
traditionally achieved by examining network communications, identifying
Intrusion detection
IDS can be classified by where detection takes place (network or host) and
the detection method that is employed.
Analyzed activity
Detection method
Signature-based
Anomaly-based
Intrusion prevention
Some systems may attempt to stop an intrusion attempt but this is neither
required nor expected of a monitoring system. Intrusion detection and
prevention systems (IDPS) are primarily focused on identifying possible
incidents, logging information about them, and reporting attempts. In
addition, organizations use IDPS for other purposes, such as identifying
problems with security policies, documenting existing threats and
deterring individuals from violating security policies. IDPS have become a
necessary addition to the security infrastructure of nearly every
organization.[6]
malicious activity, log information about this activity, report it and attempt
to block or stop it.[7].
Classification
Detection methods
Limitations
Evasion techniques
There are a number of techniques which attackers are using, the following
are considered 'simple' measures which can be taken to evade IDS:
Development
model used statistics for anomaly detection, and resulted in an early IDS at
SRI International named the Intrusion Detection Expert System (IDES),
which ran on Sun workstations and could consider both user and network
level data.[20] IDES had a dual approach with a rule-based Expert System
to detect known types of intrusions plus a statistical anomaly detection
component based on profiles of users, host systems, and target systems.
Lunt proposed adding an Artificial neural network as a third component.
She said all three components could then report to a resolver. SRI followed
IDES in 1993 with the Next-generation Intrusion Detection Expert System
(NIDES).[21]
The Audit Data Analysis and Mining (ADAM) IDS in 2001 used tcpdump to
build profiles of rules for classifications.[35] In 2003, Yongguang Zhang and
Wenke Lee argue for the importance of IDS in networks with mobile nodes.
[36]
ACARM-ng
AIDE
Bro NIDS
Fail2ban
OSSEC HIDS
Prelude Hybrid IDS
Sagan
Samhain
Snort
Suricata
See also
References
(PPT). www.iup.edu.
3. ^ "Gartner report: Market Guide for User and Entity Behavior
Analytics". September 2015.
4. ^ "Gartner: Hype Cycle for Infrastructure Protection, 2016".
5. ^ "Gartner: Defining Intrusion Detection and Prevention Systems".
Retrieved September 20, 2016.
6. ^ a b Scarfone, Karen; Mell, Peter (February 2007). "Guide to
Intrusion Detection and Prevention Systems (IDPS)" (PDF).
Computer Security Resource Center. National Institute of Standards
and Technology (800–94). Retrieved 1 January 2010.
7. ^ a b "NIST – Guide to Intrusion Detection and Prevention Systems
(IDPS)" (PDF). February 2007. Retrieved 2010-06-25.
8. ^ a b Robert C. Newman (19 February 2009). Computer Security:
Protecting Digital Resources. Jones & Bartlett Learning. ISBN 978-
0-7637-5994-0. Retrieved 25 June 2010.
9. ^ a b c Michael E. Whitman; Herbert J. Mattord (2009). Principles of
Information Security. Cengage Learning EMEA. ISBN 978-1-4239-
0177-8. Retrieved 25 June 2010.
10. ^ Tim Boyles (2010). CCNA Security Study Guide: Exam 640-553.
John Wiley and Sons. p. 249. ISBN 978-0-470-52767-2. Retrieved 29
June 2010.
11. ^ Harold F. Tipton; Micki Krause (2007). Information Security
Management Handbook. CRC Press. p. 1000. ISBN 978-1-4200-
1358-0. Retrieved 29 June 2010.
12. ^ John R. Vacca (2010). Managing Information Security. Syngress.
p. 137. ISBN 978-1-59749-533-2. Retrieved 29 June 2010.
13. ^ Engin Kirda; Somesh Jha; Davide Balzarotti (2009). Recent
Advances in Intrusion Detection: 12th International Symposium,
RAID 2009, Saint-Malo, France, September 23–25, 2009,
Proceedings. Springer. p. 162. ISBN 978-3-642-04341-3. Retrieved
29 June 2010.
14. ^ a b nitin.; Mattord, verma (2008). Principles of Information
Further reading
External links