Types of IDSs and Detection Methods

IDSs operate as network based, host based, or application based systems and focused on protecting network information assets. All the IDSs use one of 2 detection methods signature based, statistical anomaly-based.

Signature-Based IDS/ knowledge –based IDS

Signature Based IDS examines data traffic in search of patterns that match known as signatures. It is extensively used because many attacks have very clear and distinct signatures. Problem with this approach is that as new attack strategies are identified, the IDS’s database of signatures should be updated continually.

Statistical Anomaly-Based IDS

The statistical anomaly based IDS or behavior based IDS sample network activity to compare to traffic that is normal. When measured activity is outside baseline parameters or clipping level, IDS will trigger an alert to the administrator. It can also detect new types of attacks. Requires more overhead and processing capacity than signature based. It may generate several false positives and thus is less commonly used than the signature based type.

Posted Date: 10/9/2012 3:42:53 AM | Location : United States

Ask an Expert

Related Discussions:- Types of idss and detection methods, Assignment Help, Ask Question on Types of idss and detection methods, Get Answer, Expert's Help, Types of idss and detection methods Discussions

Write discussion on Types of idss and detection methods
Your posts are moderated

Write your message here..

Related Questions

What standards are to be applied, Government funding has been given to a un... Government funding has been given to a university consortium establishing a repository of resources for school teachers. They have engaged you to develop a search facility for teac

Calculate euler totient function value, (a) Explain the importance of the ... (a) Explain the importance of the Euler Totient function in Cryptography. Calculate Euler Totient function value, φ(1280). (b) Explain the role of the Authentication Server (

Packets and frames, PACKETS: Packet is a generic word that define to sma... PACKETS: Packet is a generic word that define to small code of data. Packet have different format. Each hardware needs different packet format.  FRAME: A hardware frame or

What type of rfid tag is more appropriate for ws-pass, Consider the followi... Consider the following case study: In order to avoid criticisms of their existing manned road-toll payment system on its private road, WS-Pass has decided to adopt an automated

Explain the schemes for distribution of public keys, (a) What is a pseudora... (a) What is a pseudorandom generator? Give an example describing how it works. (b) Explain the key components of a wireless network and their purpose. (c) Describe the authen

Programming, SDES encryption and decryption SDES encryption and decryption

Mastering the complexity of network system, To master the complexity one mu... To master the complexity one must apply the given points. CONCENTRATE IN UNDERSTANDING THE CONCEPTS: Instead of details of wires used to connect computers to a specif

CS, Discuss how developers should apply the following countermeasures to im... Discuss how developers should apply the following countermeasures to improve the security of their code:

Perimeter network security system, Title: Perimeter Network Security System... Title: Perimeter Network Security System Outline Requirements The University is based in Glasgow, and provides higher education services to its students and staff. It is loc

Placeholders for the plaintext characters, Encode the following plaintext, ... Encode the following plaintext, using the Caesar cipher:             LORD OF THE RINGS b) The following ciphertext              jw njbh lxmn cx kanjt has been encoded usi