Intrusion Detection Systems
Introduction into Intrusion Detection Systems (IDS)
This article presents a model Intrusion Detection System which can monitor output from programs such as Ethereal, to identify unauthorised attempts to access a network from the Internet.
A miniature IDS was developed in C. The sample will read a network traffic output text file, to identify certain patterns that may indicate intrusion and to alert the systems administrator by providing a report on suspicious traffic. The paper suggests system administration policies to minimise an organisation's chances of falling victim to malicious intrusions.
The program is not intended as a comprehensive IDS but as a skeleton to which modules can be easily added. The report output to the systems administrator provides enough information to alert the administrator to examine network traffic in detail. An IDS cannot guard against all forms of malicious intrusion, which become more sophisticated every time a threat iscountered. However, anIDS provides a basic level of security to help administrators to evade and counter threats.
Intrusion Detection Systems (IDS)
An IDS is a system for detecting network intrusions. A Network IDS monitors packets on the network media. Its role is to discover if a network intrusion is in progress or has taken place and, if so, to determine its root cause. The basic types of IDS, are signature-based and anomaly-based. A signature-based IDS carries out simple pattern matching and reports situations that correspond to the pattern associated with a known attack. Heuristic, or anomaly-based, IDSs build models of acceptable behaviour and flag exceptions to that model.
Page 1 - Page 2 - Page 3 - Page 4 - Page 5 - Page 6 - Page 7
