An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered. It is a software application that scans a network or a system for the harmful activity or policy breaching.
Intrusion prevention systems monitor network packets inbound the system
to check the malicious activities involved in it and at once send the warning
notifications.
While anomaly
detection and reporting are the primary functions of an IDS, some intrusion
detection systems are capable of taking actions when malicious activity or
anomalous traffic is detected, including blocking traffic sent from suspicious
Internet Protocol (IP) addresses.
Different types of intrusion detection systems:
Network intrusion
detection system (NIDS)
A network intrusion detection system (NIDS) is deployed at a
strategic point or points within the network, where it can monitor inbound and
outbound traffic to and from all the devices on the network.
Host intrusion
detection system (HIDS)
A host intrusion detection system (HIDS) runs on all
computers or devices in the network with direct access to both the internet and
the enterprise's internal network. A HIDS has an advantage over an NIDS in that
it may be able to detect anomalous network packets that originate from inside
the organization or malicious traffic that an NIDS has failed to detect.
A HIDS may also be able to identify malicious traffic that originates
from the host itself, such as when the host has been infected with malware and
is attempting to spread to other systems.
Protocol-based
Intrusion Detection System (PIDS)
Organizations set up a Protocol-based Intrusion Detection System at the
front end of the server. It interprets the protocols between the server and the
user. PIDS monitors the HTTPS server regularly to secure the web. Similarly, it
allows the HTTP server which is related to the protocol.
Application
Protocol-based IDS (APIDS)
APIDS is set up within a group of servers. It interprets communication
with the applications within the server to detect the intrusion. It identifies
the intrusions by monitoring and interpreting the communication on
application-specific protocols.
Hybrid
Intrusion Detection System
Hybrid Intrusion Detection system is a mixture of two different IDS.
Hybrid System develops a network system by combining host agents with network
information. In conclusion, Hybrid System is more responsive and effective as
compared to other IDS.
Types of Intrusion
Detection Systems Methods
There are two main Intrusion Detection methods to identify malicious
attacks or intrusion.
1.
Signature-based Intrusion Detection Method
The IDS developed the Signature-based intrusion detection method to
examine the network traffic and to detect attack patterns.
Signature-based IDS detects the attacks on the basis of the specific
patterns such as number of bytes or number of 1’s or number of 0’s in the
network traffic. It also detects on the basis of the already known malicious
instruction sequence that is used by the malware. The detected patterns in the
IDS are known as signatures.
Signature-based IDS can easily detect the attacks whose pattern
(signature) already exists in system but it is quite difficult to detect the
new malware attacks as their pattern (signature) is not known.
2.
Anomaly-based Intrusion Detection Method
Organizations use the anomaly-based intrusion detection method to
identify new and unknown suspicious attacks and policy breaching which the
Signature-based detection method cannot identify easily.
In anomaly-based IDS there is use of machine learning to create a
trustful activity model and anything coming is compared with that model and it
is declared suspicious if it is not found in model.
3. Hybrid Detection
Method
A Hybrid method uses both Signature and Anomaly-based intrusion detection
methods together. However, the main reason behind the development of a hybrid
detection system is to identify more potential attacks with fewer errors
Benefits of intrusion
detection systems
Intrusion detection systems offer organizations several benefits,
starting with the ability to identify security incidents.
An IDS can be used to help analyze the quantity and types of attacks.
Organizations can use this information to change their security systems or
implement more effective controls.
An intrusion detection system can also help companies identify bugs or
problems with their network device configurations. These metrics can then be
used to assess future risks.
No comments:
Post a Comment