Intrusion detection system

related topics
{system, computer, user}
{law, state, case}
{math, number, function}
{war, force, army}
{rate, high, increase}
{theory, work, human}
{water, park, boat}
{day, year, event}
{car, race, vehicle}
{specie, animal, plant}

An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.[1] Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents.[1] Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators.[1] In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies.[1] IDPSs have become a necessary addition to the security infrastructure of nearly every organization.[1]

IDPSs typically record information related to observed events, notify security administrators of important observed events, and produce reports.[1] Many IDPSs can also respond to a detected threat by attempting to prevent it from succeeding.[1] They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attackā€™s content.[1]

Contents

IDS Terminology

  • Alert/Alarm: A signal suggesting that a system has been or is being attacked.[2]
  • True Positive: A legitimate attack which triggers an IDS to produce an alarm.[2]
  • False Positive: An event signaling an IDS to produce an alarm when no attack has taken place.[2]
  • False Negative: A failure of an IDS to detect an actual attack.[2]
  • True Negative: When no attack has taken place and no alarm is raised.
  • Noise: Data or interference that can trigger a false positive.[2]
  • Site policy: Guidelines within an organization that control the rules and configurations of an IDS.[2]
  • Site policy awareness: The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity.[2]
  • Confidence value: A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack.[2]
  • Alarm filtering: The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks.[2]
  • Attacker or Intruder: An entity who tries to find a way to gain unauthorized access to information, inflict harm or engage in other malicious activities.
  • Masquerader: A user who does not have the authority to a system, but tries to access the information as an authorized user. They are generally outside users.
  • Misfeasor: They are commonly internal users and can be of two types:
    1. An authorized user with limited permissions.
    2. A user with full permissions and who misuses their powers.
  • Clandestine user: A user who acts as a supervisor and tries to use his privileges so as to avoid being captured.

Full article ▸

related documents
Adaptive Transform Acoustic Coding
KIM-1
Enhanced Data Rates for GSM Evolution
PC Card
Packet (information technology)
InfiniBand
Routing
Sinclair QL
Point-to-Point Protocol
DIMM
Xerox Alto
Progressive scan
E-carrier
Acorn Archimedes
QuickRing
Infrared Data Association
Shift register
JPEG File Interchange Format
SuperH
Secure Shell
Transport Layer
Wake-on-LAN
Sega Master System
Static random access memory
Drive letter assignment
VAX
Circuit switching
ColecoVision
QNX
Telephone switchboard