Types of IDSs and Detection Methods

IDSs operate as network based, host based, or application based systems and focused on protecting network information assets. All the IDSs use one of 2 detection methods signature based, statistical anomaly-based.

Signature-Based IDS/ knowledge –based IDS

Signature Based IDS examines data traffic in search of patterns that match known as signatures. It is extensively used because many attacks have very clear and distinct signatures. Problem with this approach is that as new attack strategies are identified, the IDS’s database of signatures should be updated continually.

Statistical Anomaly-Based IDS

The statistical anomaly based IDS or behavior based IDS sample network activity to compare to traffic that is normal. When measured activity is outside baseline parameters or clipping level, IDS will trigger an alert to the administrator. It can also detect new types of attacks. Requires more overhead and processing capacity than signature based. It may generate several false positives and thus is less commonly used than the signature based type.

Posted Date: 10/9/2012 3:42:53 AM | Location : United States

Ask an Expert

Related Discussions:- Types of idss and detection methods, Assignment Help, Ask Question on Types of idss and detection methods, Get Answer, Expert's Help, Types of idss and detection methods Discussions

Write discussion on Types of idss and detection methods
Your posts are moderated

Write your message here..

Related Questions

Access control list, Scenario: A network with individual hosts (really, vir... Scenario: A network with individual hosts (really, virtual machines) can run HTTP (web) servers that are available to the outside. (Here, available means the ability to read and wr

Major difference between a virus and a worm, Question: (a) State wheth... Question: (a) State whether the following statements are TRUE or FALSE. Justify your answer. i. A good site security policy will require that users use computer generated p

TCP/IP v OSI, What are the main differences between TCP/IP vs OSI? What are the main differences between TCP/IP vs OSI?

Locality of reference , LOCALITY OF REFERENCE PRINCIPLE:  Principle of... LOCALITY OF REFERENCE PRINCIPLE:  Principle of "Locality of Reference" use to predict computer interaction patterns. There are two patterns shown as follows: a) Spatial loca

X.509, Consider the details of the X.509 certificate shown below. a. Identi... Consider the details of the X.509 certificate shown below. a. Identify the key elements in this certificate, including the owner''s name and public key, its validity dates, the nam

Describe how ipsec provides data source authentication, Question: (a) ... Question: (a) Describe how IPSec provides data source authentication. (b) Which protocol can be used to provide limited traffic analysis confidentiality? Why is it "limite

Imap and pop functions, How does the POP functions? What are the advantages... How does the POP functions? What are the advantages/benefits of IMAP over POP? POP stands for Post Office Protocol, version 3 (POP3) is one of the easiest message access protoc

Does ssl protect against eavesdropping, QUESTION (a) Consider the follo... QUESTION (a) Consider the following authentication options A. Using password B. Using pin and fingerprint Which option A or B provides stronger security and why? (b

Intrusion detection and classification, i want to detec and classify networ... i want to detec and classify network anomaly detection based on KDD99 data set using swarm intelligence

Function of key secrecy and algorithm secrecy in security, What is the func... What is the function of key secrecy and algorithm secrecy in security?  Algorithm Secrecy is explained as follows: ‘Algorithm secrecy’ is a method of keeping an algorithm