Types of IDSs and Detection Methods

IDSs operate as network based, host based, or application based systems and focused on protecting network information assets. All the IDSs use one of 2 detection methods signature based, statistical anomaly-based.

Signature-Based IDS/ knowledge –based IDS

Signature Based IDS examines data traffic in search of patterns that match known as signatures. It is extensively used because many attacks have very clear and distinct signatures. Problem with this approach is that as new attack strategies are identified, the IDS’s database of signatures should be updated continually.

Statistical Anomaly-Based IDS

The statistical anomaly based IDS or behavior based IDS sample network activity to compare to traffic that is normal. When measured activity is outside baseline parameters or clipping level, IDS will trigger an alert to the administrator. It can also detect new types of attacks. Requires more overhead and processing capacity than signature based. It may generate several false positives and thus is less commonly used than the signature based type.

Posted Date: 10/9/2012 3:42:53 AM | Location : United States

Ask an Expert

Related Discussions:- Types of idss and detection methods, Assignment Help, Ask Question on Types of idss and detection methods, Get Answer, Expert's Help, Types of idss and detection methods Discussions

Write discussion on Types of idss and detection methods
Your posts are moderated

Write your message here..

Related Questions

Symmetric encryption-cryptography, Symmetric Encryption This encryption ... Symmetric Encryption This encryption method makes use of same “secret key” to encipher and decipher the message and it is termed as private key encryption. This type of encrypti

Explain belady''s anomaly, Belady's Anomaly Also known FIFO anomaly. G... Belady's Anomaly Also known FIFO anomaly. Generally, on raising the number of frames given to a process' virtual storage, the program execution is faster, because lesser page

Calculate the false rejection, Divide the user data into 6 equal sets. Use ... Divide the user data into 6 equal sets. Use the first set for the enrollment phase of your system, and the rest for the verification phase. Use the following formula to calculate t

TCP Congestion Control ., Explain TCP congestion control. Explain TCP congestion control.

routing information exchange and bellman-ford algorithm, You are free to d... You are free to design the format and structure of the routing table kept locally by each node and exchanged among neighboring nodes. 1. Upon the activation of the program, each

Datagram reassembly, DATAGRAM REASSEMBLY Recreation of original datagr... DATAGRAM REASSEMBLY Recreation of original datagram is known as reassembly. Ultimate receiver acts reassembly as given below.Fragments can reach out of order. Header bit check

Negative cycle algorithm in minimum cost flows, QUESTION: (a) Show the... QUESTION: (a) Show the Negative Cycle Algorithm in Minimum Cost Flows. (b) List the steps added in finding a Negative Cycle. (c) Apply Dijkstra's algorithm on the subs

Ip datagrams, on LAN,where are IP datagrams transported? on LAN,where are IP datagrams transported?

Information systems security, nstissc secuiryt model nstissc secuiryt model

Application-based ids, Application-Based IDS Application-based IDS (AppI... Application-Based IDS Application-based IDS (AppIDS) is an advanced version of HIDS. It examines application for abnormal events. The ability to view encrypted data is the uniqu