Intrusion Detection Systems
Specific requirements of this IDS
Software can provide regular (daily) intrusion detection reports that summarize the results of traffic captured and analyze the traffic for evidence of intrusion. Regular examination can allow administrators to identify if there was an intrusion, which system was the target, and what services were affected.
The envisioned Intrusion Detection System that will be developed in this report will belong to the group of Log file Analysers and will report on anomalies, specifically looking for the forms of anomalous behaviour associated with common forms of attack, such as SYN flooding IP spoofing or masquerading, denial of service attacks and virus related anomalies.
The objective is to identify evidence of potential attacks from a sample traffic file and create a concise report that identifies the anomalous traffic to the user. A secondary aim is to provide a basic security policy on which the users can base further security procedures.
This approach to intrusion detection has some disadvantages that include the fact that they only analyse activity after it has taken place. So this type of IDS cannot prevent an attack or detect it at the instant that it is happening. However, it can flag up anomalous network behaviour so that system administrators can take action in the future and can analyse the signatures or sources of attack in order to create better holistic security policies.
Page 1 - Page 2 - Page 3 - Page 4 - Page 5 - Page 6 - Page 7
