***Welcome to ashrafedu.blogspot.com * * * This website is maintained by ASHRAF***

Posts

    Latest Updates

    Wednesday, May 11, 2022

    Intrusion detection system (IDS)

    An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered. It is a software application that scans a network or a system for the harmful activity or policy breaching. 

    Intrusion prevention systems monitor network packets inbound the system to check the malicious activities involved in it and at once send the warning notifications.

    While anomaly detection and reporting are the primary functions of an IDS, some intrusion detection systems are capable of taking actions when malicious activity or anomalous traffic is detected, including blocking traffic sent from suspicious Internet Protocol (IP) addresses.

    Different types of intrusion detection systems: 

    Network intrusion detection system (NIDS) 

    A network intrusion detection system (NIDS) is deployed at a strategic point or points within the network, where it can monitor inbound and outbound traffic to and from all the devices on the network.

    Host intrusion detection system (HIDS)

    A host intrusion detection system (HIDSruns on all computers or devices in the network with direct access to both the internet and the enterprise's internal network. A HIDS has an advantage over an NIDS in that it may be able to detect anomalous network packets that originate from inside the organization or malicious traffic that an NIDS has failed to detect.

    A HIDS may also be able to identify malicious traffic that originates from the host itself, such as when the host has been infected with malware and is attempting to spread to other systems.

    Protocol-based Intrusion Detection System (PIDS)

    Organizations set up a Protocol-based Intrusion Detection System at the front end of the server. It interprets the protocols between the server and the user. PIDS monitors the HTTPS server regularly to secure the web. Similarly, it allows the HTTP server which is related to the protocol.

    Application Protocol-based IDS (APIDS)

    APIDS is set up within a group of servers. It interprets communication with the applications within the server to detect the intrusion. It identifies the intrusions by monitoring and interpreting the communication on application-specific protocols.

    Hybrid Intrusion Detection System

    Hybrid Intrusion Detection system is a mixture of two different IDS. Hybrid System develops a network system by combining host agents with network information. In conclusion, Hybrid System is more responsive and effective as compared to other IDS.


    Types of Intrusion Detection Systems Methods

    There are two main Intrusion Detection methods to identify malicious attacks or intrusion.

    1. Signature-based Intrusion Detection Method

    The IDS developed the Signature-based intrusion detection method to examine the network traffic and to detect attack patterns.

    Signature-based IDS detects the attacks on the basis of the specific patterns such as number of bytes or number of 1’s or number of 0’s in the network traffic. It also detects on the basis of the already known malicious instruction sequence that is used by the malware. The detected patterns in the IDS are known as signatures.

    Signature-based IDS can easily detect the attacks whose pattern (signature) already exists in system but it is quite difficult to detect the new malware attacks as their pattern (signature) is not known.

    2. Anomaly-based Intrusion Detection Method

    Organizations use the anomaly-based intrusion detection method to identify new and unknown suspicious attacks and policy breaching which the Signature-based detection method cannot identify easily.

    In anomaly-based IDS there is use of machine learning to create a trustful activity model and anything coming is compared with that model and it is declared suspicious if it is not found in model.

    3. Hybrid Detection Method

    A Hybrid method uses both Signature and Anomaly-based intrusion detection methods together. However, the main reason behind the development of a hybrid detection system is to identify more potential attacks with fewer errors


    Benefits of intrusion detection systems

    Intrusion detection systems offer organizations several benefits, starting with the ability to identify security incidents.

    An IDS can be used to help analyze the quantity and types of attacks. Organizations can use this information to change their security systems or implement more effective controls.

    An intrusion detection system can also help companies identify bugs or problems with their network device configurations. These metrics can then be used to assess future risks.

    No comments:

    Post a Comment

    Network session analysis

    Network session analysis Network session analysis is a method of monitoring network activity and availability to identify issues, such as ...