Types of idss and detection methods, Computer Network Security

Types of IDSs and Detection Methods

IDSs operate as network based, host based, or application based systems and focused on protecting network information assets. All the IDSs use one of 2 detection methods signature based, statistical anomaly-based.

Signature-Based IDS/ knowledge –based IDS


Signature Based IDS examines data traffic in search of patterns that match known as signatures. It is extensively used because many attacks have very clear and distinct signatures. Problem with this approach is that as new attack strategies are identified, the IDS’s database of signatures should be updated continually.

Statistical Anomaly-Based IDS


The statistical anomaly based IDS or behavior based IDS sample network activity to compare to traffic that is normal. When measured activity is outside baseline parameters or clipping level, IDS will trigger an alert to the administrator. It can also detect new types of attacks. Requires more overhead and processing capacity than signature based. It may generate several false positives and thus is less commonly used than the signature based type.

Posted Date: 10/9/2012 3:42:53 AM | Location : United States







Related Discussions:- Types of idss and detection methods, Assignment Help, Ask Question on Types of idss and detection methods, Get Answer, Expert's Help, Types of idss and detection methods Discussions

Write discussion on Types of idss and detection methods
Your posts are moderated
Related Questions
Attacker's Motives behind the Cyber Attack Before adapting the necessary measures to deal with the problem, understanding and evaluating the blogger's psyche and his motivation

Question (a) A CRC is constructed to generate a 4-bit FCS for an 11-bit message. The divisor polynomial is X 4 + X 3 + 1 (i) Encode the data bit sequence 00111011001 using po

a) determine the RTT (round trip time) between a client requesting a web page of 1024 bytes in size from an internal web server on a 100 Base-T Ethernet. Assume a one-way propagati

FRAGMENTATION AND PATH MTU IPv6 source is responsible for fragmentation. Routers simply drop datagrams bigger than network MTU. So source have to fragment datagram to arrive d

Deploying Host-Based IDSs -Proper implementation of HIDSs can be painstaking and time-consuming task .The process of deployment begins with implementing most critical systems fi

how to access tomcat by internet

QUESTION (a) Consider the following authentication options A. Using password B. Using pin and fingerprint Which option A or B provides stronger security and why? (b

FRAGMENT IDENTIFICATION: IDENT field in every fragment matches IDENT field in real datagram. Fragments from different datagrams may arrive out of order and still be saved out.

ACCESS CONTROL DEVICES Successful access control system includes number of components, which depends on system’s requirements for authentication and authorization. Powerful auth

IDS Intrusion is a attack on information assets in which instigator attempts to gain entry into or disrupt normal system with harmful intent Incident response is an identificatio