Intrusion detection system

related topics
{system, computer, user}
{law, state, case}
{math, number, function}
{war, force, army}
{rate, high, increase}
{theory, work, human}
{water, park, boat}
{day, year, event}
{car, race, vehicle}
{specie, animal, plant}

An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.[1] Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents.[1] Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators.[1] In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies.[1] IDPSs have become a necessary addition to the security infrastructure of nearly every organization.[1]

IDPSs typically record information related to observed events, notify security administrators of important observed events, and produce reports.[1] Many IDPSs can also respond to a detected threat by attempting to prevent it from succeeding.[1] They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attackā€™s content.[1]


IDS Terminology

  • Alert/Alarm: A signal suggesting that a system has been or is being attacked.[2]
  • True Positive: A legitimate attack which triggers an IDS to produce an alarm.[2]
  • False Positive: An event signaling an IDS to produce an alarm when no attack has taken place.[2]
  • False Negative: A failure of an IDS to detect an actual attack.[2]
  • True Negative: When no attack has taken place and no alarm is raised.
  • Noise: Data or interference that can trigger a false positive.[2]
  • Site policy: Guidelines within an organization that control the rules and configurations of an IDS.[2]
  • Site policy awareness: The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity.[2]
  • Confidence value: A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack.[2]
  • Alarm filtering: The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks.[2]
  • Attacker or Intruder: An entity who tries to find a way to gain unauthorized access to information, inflict harm or engage in other malicious activities.
  • Masquerader: A user who does not have the authority to a system, but tries to access the information as an authorized user. They are generally outside users.
  • Misfeasor: They are commonly internal users and can be of two types:
    1. An authorized user with limited permissions.
    2. A user with full permissions and who misuses their powers.
  • Clandestine user: A user who acts as a supervisor and tries to use his privileges so as to avoid being captured.

Full article ▸

related documents
Adaptive Transform Acoustic Coding
Enhanced Data Rates for GSM Evolution
PC Card
Packet (information technology)
Sinclair QL
Point-to-Point Protocol
Xerox Alto
Progressive scan
Acorn Archimedes
Infrared Data Association
Shift register
JPEG File Interchange Format
Secure Shell
Transport Layer
Sega Master System
Static random access memory
Drive letter assignment
Circuit switching
Telephone switchboard