The Science of Intrusion Detection System: Attack Identification
Source: Cisco Systems
Among the many vendors of intrusion detection systems (IDS), there is marked variation on what constitutes a network intrusion. This has led to many confusing claims by vendors in the IDS market about the best methodologies and solutions. This paper discusses the pros and cons of the various intrusion detection methodologies and explains the Cisco approach for IDS products. The detection methodologies discussed in this paper include simple pattern matching, stateful pattern matching, protocol decode-based signatures, heuristic-based signatures, and anomaly detection. Although addressing each of these analysis methodologies in detail is beyond the scope of this paper, it covers the basic concepts and differences between the approaches.