IDS - Intrusion Detection System, Part II

Free registration required

Executive Summary

The authors cover the methods of analysis and how an IDS determines if there was an attack or not, respectively if the attack was successful or not. Basically, the authors are differentiating between Misuse Detection and Anomaly Detection. Misuse Detection is utilizing specific defined patterns to unmask an attack. These patterns are called "Signatures". For now one need to know that one can define signatures which search the network traffic for certain strings, deny access requests to specific files and raise an alert. The advantage of Misuse Detection is the low probability of false alarms since the search criteria of signatures can be tightly defined. The disadvantages are also obvious, new attacks are frequently missed because they were not defined.

  • Format: PDF
  • Size: 97.8 KB