Network Intrusion Detection - A Case Study on the Effectiveness of Sax2 for Home Users
Included within this paper is an evaluation into the effectiveness of the Sax2 intrusion detection system for home use. This paper first explains the various methods of intrusion detection systems: host-based and network-based. This paper will then explain the various attacks that a typical network intrusion detection system must be able to identify: denial of-service, probe, user-to-root, and remote-to-local. A brief summary of Sax2's abilities will then be presented. Then, after this paper executes four different attacks against Sax2, the authors find that Sax2 was only able to correctly identify one of the attacks. Another attack was identified but mislabeled within the program, and the remaining two attacks were left unalerted by Sax2.