Using Active Intrusion Detection to Recover Network Trust
Most existing Intrusion Detection Systems (IDS) take a passive approach to observing attacks or noticing exploits. The authors suggest that Active Intrusion Detection (AID) techniques provide value, particularly in scenarios where an administrator attempts to recover a network infrastructure from a compromise. In such cases, an attacker may have corrupted fundamental services (e.g., ARP, DHCP, DNS, NTP), and existing IDS or auditing tools may lack the precision or pervasive deployment to observe symptoms of this corruption.
Provided by: USEnet Live! Topic: Security Date Added: Sep 2011 Format: PDF