Intrusion Detection Systems
Specific requirements of this IDS
In order to work and be effective on a long term basis, the ideal system of this type would send data to a permanent database of normal patterns of network use, that use statistical formulae to identify abnormal patterns and that allow the end-user to record specific explanations for normal variations in the pattern of traffic.
Take for example a hypothetical Icarus University. One would expect very large numbers of students to log on to the network at certain times of the year – approaching examination time - and not at all at others (summer vacation break) i.e. The specific organisation’s characteristics should be taken into account in building a specific advanced IDS for any given organisation.
In the case of this project it was not considered reasonable to identify normal patterns of usage, given that there was only a limited volume of stored network data gathered over a long period – the cw.enc file, and no simple way to approach an identification of the normal uses of the network through discussion with the network staff and users, as would normally be the case if one was setting up a heuristic model.
Page 1 - Page 2 - Page 3 - Page 4 - Page 5 - Page 6 - Page 7
