Types of IDSs and Detection Methods

IDSs operate as network based, host based, or application based systems and focused on protecting network information assets. All the IDSs use one of 2 detection methods signature based, statistical anomaly-based.

Signature-Based IDS/ knowledge –based IDS

Signature Based IDS examines data traffic in search of patterns that match known as signatures. It is extensively used because many attacks have very clear and distinct signatures. Problem with this approach is that as new attack strategies are identified, the IDS’s database of signatures should be updated continually.

Statistical Anomaly-Based IDS

The statistical anomaly based IDS or behavior based IDS sample network activity to compare to traffic that is normal. When measured activity is outside baseline parameters or clipping level, IDS will trigger an alert to the administrator. It can also detect new types of attacks. Requires more overhead and processing capacity than signature based. It may generate several false positives and thus is less commonly used than the signature based type.

Posted Date: 10/9/2012 3:42:53 AM | Location : United States

Ask an Expert

Related Discussions:- Types of idss and detection methods, Assignment Help, Ask Question on Types of idss and detection methods, Get Answer, Expert's Help, Types of idss and detection methods Discussions

Write discussion on Types of idss and detection methods
Your posts are moderated

Write your message here..

Related Questions

Policy management-information security, POLICY MANAGEMENT Policies should... POLICY MANAGEMENT Policies should be managed as they constantly change. Good policy development and maintenance make a more resilient organization. All policies undergo tremendou

Analysis of the problem of cyber attack, Q. Analysis of the Problem of cybe... Q. Analysis of the Problem of cyber attack? According to the case, The EZ Company is a prominent organization specialized in information integration and visualization technolog

What is meant by certificate revocation, QUESTION (a) Which PKI (Public... QUESTION (a) Which PKI (Public Key Infrastructure) model is typically favored by business organization? (b) Give one possible use of the "extensions" field of an X.509 certi

Provide a suitable network infrastructure for the campus, QUESTION a) ... QUESTION a) Below is a capture of an Ethernet II frame which contains an IPv4 packet and a segment. Give the source MAC address in hexadecimal; the source IP address, the uppe

Characteristics of radial basis function neural networks, Problem : (a)... Problem : (a) Provide one possible classification of PCA, ART, RBF, and Fuzzy ARTMAP networks. (b) Describe in detail the characteristics of Radial Basis Function Neural Net

Security and basics steps in writing thesis, how can i start thesis? Please... how can i start thesis? Please mention so of examples?

Quote, How much would it cost to have a project completed by tomorrow night... How much would it cost to have a project completed by tomorrow night?

Architecture of www named world wide web, Write down short notes on the arc... Write down short notes on the architecture of WWW which is World Wide Web. WWW which means The World Wide web or the web is a repository of information spread worldwide and rel

Http protocol, Question (a) Name 3 popular electronic mail access prot... Question (a) Name 3 popular electronic mail access protocols? (b) i. What is DNS? ii. Briefly, describe what it does and how it works? iii. Why does DNS use a dist

Frame format and error detection, FRAME FORMAT AND ERROR DETECTION The... FRAME FORMAT AND ERROR DETECTION The changed frame format also adds CRC. If there is an error happened in frame, then it typically causes receiver to removed frame. The frame