Details, Explanation and Meaning About Intrusion-detection system

Intrusion-detection system Guide, Meaning , Facts, Information and Description

An Intrusion Detection System (IDS) is a tool used to detect attempted attacks or intrusions by crackerss or automated attack tools, by identifying security breaches such as incoming shellcode, viruses, malware or trojan horses transmitted via computer system or network.

This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system which terminates connections is called an intrusion-prevention system, and is another form of an application layer firewall.

Three main types of Intrustion Detection Systems exist:

  • A Host-based Intrusion Detection System consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, and host activities.
  • A Network Intrusion Detection System is an independent platform which identifies intrusions by examining network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort.
  • A Hybrid Intrusion Detection System combines both approaches. Host agent data is combined with network information to form a comprehensive view of the network. An example of a Hybrid IDS is Prelude.

Intrusion Detection Systems make decisions using various methods:
  • A Signature-Based Intrusion Detection System identifies intrusions by watching for patterns of traffic or application data presumed to be malicious. These type of systems are presumed to be able to detect only 'known' attacks. However, depending on their rule set, signature-based IDSs can sometimes detect new attacks which share characteristics with old attacks, e.g., accessing 'cmd.exe' via a HTTP GET request.
  • An Anomaly-Based Intrusion Detection System identifies intrusions by notifying operators of traffic or application content presumed to be different from 'normal' activity on the network or host. Anomaly-based IDSs typically achieve this with self-learning.

See also


This is an Article on Intrusion-detection system. Page Contains Information, Facts Details or Explanation Guide About Intrusion-detection system


Google
 
Web www.E-paranoids.com

Search Anything

 


Google Tips | Indiamobiles.com | IndiaArts : The complete India Art
Coming Soon >> Seocountry | A2zsms | Sms resource | Desi Jokes
E-paranoids Homepage | E-paranoids In German | E-paranoids In French

This article is licensed under the GNU Free Documentation License. It uses material from the "Wikipedia