Provided by: USEnet Live!
Date Added: Sep 2011
Most existing Intrusion Detection Systems (IDS) take a passive approach to observing attacks or noticing exploits. The authors suggest that Active Intrusion Detection (AID) techniques provide value, particularly in scenarios where an administrator attempts to recover a network infrastructure from a compromise. In such cases, an attacker may have corrupted fundamental services (e.g., ARP, DHCP, DNS, NTP), and existing IDS or auditing tools may lack the precision or pervasive deployment to observe symptoms of this corruption.