| More

Intrusion Detection Systems

On network level, intrusion detection systems (IDS) control the network traffic and its attributes. The IDS systems try to detect possible intrusion attempts and to act according to previously defined instructions in order to avoid damages to happen.

If the intrusion is detected early enough, the attacker may be identified and removed from the system immediately. In general, the sooner the attack is detected, the lesser damage it will cause. A well-designed intrusion detection system can also work as a deterrent - as an intrusion prevention system (like a firewall). IDS systems enable data collection of attack techniques. This data can be used when more efficient intrusion prevention methods are developed.

Intrusion detection is based on the assumption that an intruder's behaviour is different from that of a normal user. However, it cannot be assumed that there would be a big difference in behaviour between a normal user, administrator and intruder. In case of wide interpretation, more intruders will get caught but more false alerts will also occur. Narrow interpretation means fewer false alerts but more undetected intruders.

Two most common intrusion detection methods are statistic and rule-based detection. The statistic detection requires a database with a sample of a normal user's behaviour. A visitor's behaviour is compared to this database with statistic tests and this way it can be found out whether the visitor is an intruder or a normal user. The rule-based detection is based on pre-defined rules trying to find out whether or not the visitor behaves like an intruder.

permalink [Permalink] - Updated: Tuesday, March 28, 2006

| More

(c) Capitalhead Pty Ltd
Contact Capitalhead About Us Articles & Publications Partners Solutions & Services Products Valid XHTML Valid CSS