Intrusion Detection Systems
Specific requirements of this IDS
Additionally, where such programs rely on comparison on anomalous and normal traffic, they face the problem of identifying identify normal patterns of network traffic. If they are analysing normal patterns at a time when an attack is taking place, then they are liable to store such attacks as part of the normal pattern of behaviour.
One of the main dangers of this approach is the generation of false negative results. That is, the IDS may fail to detect an attack, particularly when it involves a new and unforeseen exploitation of network vulnerabilities that seem to fit into the pattern of normal use. Thus an attacker can use the same exploit to gain access to resources and remain undetected and unsuspected.
A further problem is the identification of false positives. There are many possible variations in legitimate network traffic that may appear anomalous – inter-organisational changes, variations in the business world, rerouting of activity from one node to another etc. In terms of log file analysis, however, this is more of an inconvenience for the administrator who may be alerted unnecessarily. False positives are more problematic with real-time IDS systems that may stop or quarantine network traffic in response to imaginary attacks.
Page 1 - Page 2 - Page 3 - Page 4 - Page 5 - Page 6 - Page 7
