Using Active Intrusion Detection to Recover Network Trust

Provided by: USEnet Live!
Topic: Security
Format: PDF
Most existing Intrusion Detection Systems (IDS) take a passive approach to observing attacks or noticing exploits. The authors suggest that Active Intrusion Detection (AID) techniques provide value, particularly in scenarios where an administrator attempts to recover a network infrastructure from a compromise. In such cases, an attacker may have corrupted fundamental services (e.g., ARP, DHCP, DNS, NTP), and existing IDS or auditing tools may lack the precision or pervasive deployment to observe symptoms of this corruption.

Find By Topic