Types of idss and detection methods, Computer Network Security

Types of IDSs and Detection Methods

IDSs operate as network based, host based, or application based systems and focused on protecting network information assets. All the IDSs use one of 2 detection methods signature based, statistical anomaly-based.

Signature-Based IDS/ knowledge –based IDS


Signature Based IDS examines data traffic in search of patterns that match known as signatures. It is extensively used because many attacks have very clear and distinct signatures. Problem with this approach is that as new attack strategies are identified, the IDS’s database of signatures should be updated continually.

Statistical Anomaly-Based IDS


The statistical anomaly based IDS or behavior based IDS sample network activity to compare to traffic that is normal. When measured activity is outside baseline parameters or clipping level, IDS will trigger an alert to the administrator. It can also detect new types of attacks. Requires more overhead and processing capacity than signature based. It may generate several false positives and thus is less commonly used than the signature based type.

Posted Date: 10/9/2012 3:42:53 AM | Location : United States







Related Discussions:- Types of idss and detection methods, Assignment Help, Ask Question on Types of idss and detection methods, Get Answer, Expert's Help, Types of idss and detection methods Discussions

Write discussion on Types of idss and detection methods
Your posts are moderated
Related Questions
Size of Option field of an ip datagram is 20 bytes. What is the value of HLEN? What is the value in binary?

Discuss how developers should apply the following countermeasures to improve the security of their code:

FRAGMENT IDENTIFICATION: IDENT field in every fragment matches IDENT field in real datagram. Fragments from different datagrams may arrive out of order and still be saved out.

'Near Field Communication' (NFC) technologies are expected to become commonplace in the near future. Some relevant features are these: A suitable device (such as a mobile pho

CarALouer provides rental of cars to its customer on a regional basis i.e. a car is attached to a regional home-base which also houses a regional office of the company. Each regi

how to access tomcat by internet

Explain how can we achieved privacy in an e-mail system.  The full form of PEM is Privacy Enhanced Mail: PEM  is  the  internet  Privacy  Enhanced  Mail  standard  adopted

SDLC Systems development life cycle (SDLC) is process of developing information systems through analysis, design, investigation, implementation and maintenance. SDLC is called as

A Certificate presents an organization in an official digital form. This is same to an electronic identity card which serves the purpose of Identifying the owner of the certificate

Divide the user data into 6 equal sets. Use the first set for the enrollment phase of your system, and the rest for the verification phase. Use the following formula to calculate t