Академический Документы
Профессиональный Документы
Культура Документы
Detection
Systems
LECTURE # 32, # 33
THURSDAY 8:00 AM TO 10:00AM ROOM:CR2
Today Topics
Assignment # 2 Quiz
Intrusion Detection Systems
A Comparison Between Signature Based and Anomaly
Based Intrusion Detection Systems
Introduction
Define an Intrusion
Conclusion
Introduction
• Whenever the IDS software (an agent) collects the data it then
compares what it has observed against the rules that have been
defined and then has to decide whether it is a positive or a
negative attempt.
Advantages of Signature Based Detection
Session Disruption:
IDS may send a TCP reset packet if the attacker has opened a
TCP connection to the victim
IDS may send various UDP packets to disrupt a UDP
connection
Will not permanently remedy the situation only disconnect the
current connection
Rule Modification
IDS is linked to a firewall via an administrative link
IDS communicates with the firewall telling it to drop all packets
from the attackers IP Address