Types of IDSs and Detection Methods

IDSs operate as network based, host based, or application based systems and focused on protecting network information assets. All the IDSs use one of 2 detection methods signature based, statistical anomaly-based.

Signature-Based IDS/ knowledge –based IDS

Signature Based IDS examines data traffic in search of patterns that match known as signatures. It is extensively used because many attacks have very clear and distinct signatures. Problem with this approach is that as new attack strategies are identified, the IDS’s database of signatures should be updated continually.

Statistical Anomaly-Based IDS

The statistical anomaly based IDS or behavior based IDS sample network activity to compare to traffic that is normal. When measured activity is outside baseline parameters or clipping level, IDS will trigger an alert to the administrator. It can also detect new types of attacks. Requires more overhead and processing capacity than signature based. It may generate several false positives and thus is less commonly used than the signature based type.

Posted Date: 10/9/2012 3:42:53 AM | Location : United States

Ask an Expert

Related Discussions:- Types of idss and detection methods, Assignment Help, Ask Question on Types of idss and detection methods, Get Answer, Expert's Help, Types of idss and detection methods Discussions

Write discussion on Types of idss and detection methods
Your posts are moderated

Write your message here..

Related Questions

Briefly explain the following security goals, (a) Briefly explain the fo... (a) Briefly explain the following security goals provided by cryptography: confidentiality, authentication, integrity and non-repudiation. (b) State Kerckhoff's Princip

Firewall architectures-screened subnet architecture, Screened Subnet Archit... Screened Subnet Architecture This setup provides an extra security layer to screened host architecture by creating a perimeter subnet which further isolates internal network f

Broadband Technology, In 10 or more pages, address the following topics (be... In 10 or more pages, address the following topics (be sure to use diagrams as well as references). 1) Define broadband and baseband transmission technology. 2) Describe broadban

Star topology, STAR TOPOLOGY In this topology, all devices are attache... STAR TOPOLOGY In this topology, all devices are attached to a central point, which is sometimes known as the "Hub" as given in the diagram below.   Figure: An ideal

Describe the terms prime number and prime factorisation, (a) An opponent is... (a) An opponent is using RSA with the public key {e=53, n=77}. You intercept the ciphertext C=10. (All values on this problem, including the ciphertext and the cleartext, are nume

Intercultural sensitivity: recognising differences, Intercultural sensitivi... Intercultural sensitivity: recognising differences You represent a Mauritian computer company which is negotiating to buy hardware from a manufacturer in Japan. In your first

Attackers motives behind the cyber attack, Attacker's Motives behind the Cy... Attacker's Motives behind the Cyber Attack Before adapting the necessary measures to deal with the problem, understanding and evaluating the blogger's psyche and his motivation

Tcp- reliable transport service, TCP-RELIABLE TRANSPORT SERVICE INTRO... TCP-RELIABLE TRANSPORT SERVICE INTRODUCTION:  TCP is the major transport protocol architecture in the TCP/IP suite. It uses unreliable datagram function offered by IP whe

Object tracking using wireless sensor networks, This project involves the d... This project involves the design and development of a simulation environment of many sensors tagging material/ machinery/equipment/etc in a warehouse site to help monitor and manag

Ip datagrams, on LAN,where are IP datagrams transported? on LAN,where are IP datagrams transported?