B. Santos Kumar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol.

4 (1) , 2013, 77 - 82

Intrusion Detection System- Types and Prevention

B.Santos Kumar, T.Chandra Sekhara Phani Raju, M.Ratnakar, Sk.Dawood Baba, N.Sudhakar

Wellfare Institute of Science, Technology & Management

Dept of CSE
Vishakhapatnam, A.P

Abstract: Intrusion detection is the act of detecting unwanted systems administrators, it would be interesting to assess the
traffic on a network or a device. An IDS can be a piece of IDS/IPS to be able to choose the best before installing it on
installed software or a physical appliance that monitors network their networks or systems, but also to continue to evaluate its
traffic in order to detect unwanted activity and events such as efficiency in operational method. Unfortunately, many false
illegal and malicious traffic, traffic that violates security policy,
and traffic that violates acceptable use policies. This article aims
positives and false negatives persist in the new versions of the
at providing (i) a general presentation of the techniques and IDS/IPS, then, they brought improvements are not worthy of
types of the intrusion detection and prevention systems, (ii) an the continuous efforts of research and development in the
in-depth description of the evaluation, comparison and domain of the detection and the prevention of intrusion. In
classification features of the IDS and the IPS.Many IDS tools general, it is essentially due to the absence of efficient
will also store a detected event in a log to be reviewed at a later methods of assessment of the security tools, and of the
date or will combine events with other data to make decisions IDS/IPS in particular.
regarding policies or damage control. An IPS is a type of IDS
 

that can prevent or stop unwanted traffic. The IPS usually logs II. TYPES OF IDS’S
such events and related information.
Several types of IDS technologies exist due to the variance of
Keywords: IDS, IPS, DIDS, NIDS, OSI.
network configurations. Each type has advantages and
I. INTRODUCTION disadvantage in detection, configuration, and cost. Mainly,
Intrusion detection is the process of monitoring the events there are three important distinct families of IDS: The types
occurring in a computer system or network and analyzing of IDPS technologies are differentiated primarily by the types
them for signs of possible incidents, which are violations or of events that they monitor and the ways in which they are
imminent threats of violation of computer security policies, deployed.
acceptable use policies, or standard security practices. Network-Based
Intrusion prevention is the process of performing intrusion A Network Intrusion Detection System (NIDS) is one
detection and attempting to stop detected possible incidents. common type of IDS that analyzes network traffic at all
Intrusion detection and prevention systems (IDPS) 1 are layers of the Open Systems Interconnection (OSI) model and
primarily focused on identifying possible incidents, logging makes decisions about the purpose of the traffic, analyzing
information about them, attempting to stop them, and for suspicious activity. Most NIDSs are easy to deploy on a
reporting them to security administrators. In addition, network and can often view traffic from many systems at
organizations use IDPSs for other purposes, such as once. A term becoming more widely used by vendors is
identifying problems with security policies, documenting “Wireless Intrusion Prevention System” (WIPS) to describe a
existing threats and deterring individuals from violating network device that monitors and analyzes the wireless radio
security policies. IDPSs have become a necessary addition to spectrum in a network for intrusions and performs
the security infrastructure of nearly every organization. IDPSs countermeasures which monitors network traffic for
typically record information related to observed events, notify particular network segments or devices and analyzes the
security administrators of important observed events, and network and application protocol activity to identify
produce reports. Many IDPSs can also respond to a detected suspicious activity. It can identify many different types of
threat by attempting to prevent it from succeeding. They use events of interest. It is most commonly deployed at a
several response techniques, which involve the IDPS stopping boundary between networks, such as in proximity to border
the attack itself, changing the security environment (e.g., firewalls or routers, virtual private network (VPN) servers,
reconfiguring a firewall), or changing the attack’s content. remote access servers, and wireless networks. The NIDS are
This publication describes the characteristics of IDPS also called passive IDS since this kind of systems inform the
technologies and provides recommendations for designing, administrator system that an attack has or had taken place,
implementing, configuring, securing, monitoring, and and it takes the adequate measures to assure the security of
maintaining them. The types of IDPS technologies are the system. The aim is to inform about an intrusion in order to
differentiated primarily by the types of events that they look for the IDS capable to react in the post. Report of the
monitor and the ways in which they are deployed. Therefore, damages is not sufficient. It is necessary that the IDS react
it is important for them to value the improvements brought by and to be able to block the detected doubtful traffics. These
these new devices. In the same way, for the network and reaction techniques imply the active IDS.

www.ijcsit.com 77
 B. Santos Kumar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (1) , 2013, 77 - 82

traffic or segments that see only a particular type of traffic

may transform the amount or type of traffic if an unwanted
event occurs. NBAD requires several sensors to create a good
snapshot of a network and requires benchmarking and
baselining to determine the nominal amount of a segment’s
traffic. The NIDS-HIDS combination or the so called hybrid
gathers the features of several different IDS. It allows, in only
one single tool, to supervise the network and the terminals.
The probes are placed in strategic points, and act like NIDS
and/or HIDS according to their sites. All these probes carry
up the alerts then to a machine which centralize them all, and
aggregate the information of multiple origins.
Wireless
A wireless local area network (WLAN) IDS is similar to
NIDS in that it can analyze network traffic. However, it will
also analyze wireless-specific traffic, including scanning for
Fig: Location of IDS/IPS external users trying to connect to access points (AP), rogue
APs, users outside the physical area of the company, and
The Host Intrusion Detection System WLAN IDSs built into APs. As networks increasingly
According to the source of the data to examine, the Host support wireless technologies at various points of a topology,
Based Intrusion Detection System can be classified in two WLAN IDS will play larger roles in security. Many previous
categories: NIDS tools will include enhancements to support wireless
 The HIDS Based Application. The IDS of this type traffic analysis. Some forms of IDPS are more mature than
receive the data in application, for example, the logs others because they have been in use much longer. Network-
files generated by the management software of the based IDPS and some forms of host-based IDPS have been
database, the server web or the firewalls. The commercially available for over ten years. Network behavior
vulnerability of this technique lies in the layer analysis software is a somewhat newer form of IDPS that
application. evolved in part from products created primarily to detect
 The HIDS Based Host. The IDS of this type receive DDoS attacks, and in part from products developed to
the information of the activity of the supervised monitor traffic flows on internal networks. Wireless
system. This information is sometimes in the form technologies are a relatively new type of IDPS, developed in
of audit traces of the operating system. It can also response to the popularity of wireless local area networks
include the logs system of other logs generated by (WLAN) and the growing threats against WLANs and
the processes of the operating system and the WLAN clients.
contents of the object system not reflected in the
standard audit of the operating system and the III. DETECTION TYPES
mechanisms of logging. These types of IDS can also Signature-Based Detection
use the results returned by another IDS of the Based An IDS can use signature-based detection, relying on known
Application type. traffic data to analyze potentially unwanted traffic. This type
Host-based intrusion detection systems (HIDS) analyze of detection is very fast and easy to configure. However, an
network traffic and system-specific settings such as software attacker can slightly modify an attack to render it
calls, local security policy, local log audits, and more. A undetectable by a signature based IDS. Still, signature-based
HIDS must be installed on each machine and requires detection, although limited in its detection capability, can be
configuration specific to that operating system and software. very accurate.
Host-Based, which monitors the characteristics of a single Anomaly-Based Detection
host and the events occurring within that host for suspicious An IDS that looks at network traffic and detects data that is
activity. Examples of the types of characteristics a host-based incorrect, not valid, or generally abnormal is called anomaly-
IDPS might monitor are network traffic (only for that host), based detection. This method is useful for detecting unwanted
system logs, running processes, application activity, file traffic that is not specifically known. For instance, anomaly-
access and modification, and system and application based IDS will detect that an Internet protocol (IP) packet is
configuration changes. Host-based IDPSs are most commonly malformed. It does not detect that it is malformed in a
deployed on critical hosts such as publicly accessible servers specific way, but indicates that it is anomalous.
and servers containing sensitive information. Stateful Protocol Inspection
Network Behavior Anomaly Detection Stateful protocol inspection is similar to anomaly based
Network behavior anomaly detection (NBAD) views traffic detection, but it can also analyze traffic at the network and
on network segments to determine if anomalies exist in the transport layer and vender-specific traffic at the application
amount or type of traffic. Segments that usually see very little layer, which anomaly-based detection cannot do.

www.ijcsit.com 78
 B. Santos Kumar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (1) , 2013, 77 - 82

False Positives and Negatives many attacks that other methods cannot. Problems with
It is impossible for an IDS to be perfect, primarily because stateful protocol analysis include that it is often very difficult
network traffic is so complicated. The erroneous results in an or impossible to develop completely accurate models of
IDS are divided into two types: false positives and false protocols, it is very resource-intensive, and it cannot detect
negatives. False positives occur when the IDS erroneously attacks that do not violate the characteristics of generally
detects a problem with benign traffic. False negatives occur acceptable protocol behavior.
when unwanted traffic is undetected by the IDS. Both create
problems for security administrators and may require that the IV. INTRUSIONS PREVENTION SYSTEM
system be calibrated. A greater number of false positives are The intrusion prevention is an amalgam of security
generally more acceptable but can burden a security technologies. Its goal is to anticipate and to stop the attacks
administrator with cumbersome amounts of data to sift [2]. The intrusion prevention is applied by some recent IDS.
through. Instead of analyzing the traffic logs, which lies in discovering
However, because it is undetected, false negatives do not the attacks after they took place, the intrusion prevention tries
afford a security administrator an opportunity to review the to warn against such attacks. While the systems of intrusion
data. detection try to give the alert, the intrusion prevention
IDPSs cannot provide completely accurate detection; they all systems block the traffic rated dangerous. Over many years,
generate false positives (incorrectly identifying benign the philosophy of the intrusions detection on the network
activity as malicious) and false negatives (failing to identify amounted to detect as many as possible of attacks and
malicious activity). Many organizations choose to tune IDPSs possible intrusions and to consign them so that others take the
so that false negatives are decreased and false positives necessary measures. On the contrary, the systems of
increased, which necessitates additional analysis resources to prevention of the intrusions on the network have been
differentiate false positives from true malicious events. Most developed in a new philosophy "taking the necessary
IDPSs also offer features that compensate for the use of measures to counter attacks or detectable intrusions with
common evasion techniques, which modify the format or precision ".In general terms, the IPS are always online on the
timing of malicious activity to alter its appearance but not its network to supervise the traffic and intervene actively by
effect, to attempt to avoid detection by IDPSs.Most IDPSs limiting or deleting the traffic judged hostile by
use multiple detection methodologies, either separately or interrupting the suspected sessions or by taking other reaction
integrated, to provide more broad and accurate detection. The measures to an attack or an intrusion. The IPS functions
primary classes of detection methodologies are as follows: symmetrically to the IDS; in addition to that, they analyze the
Signature-based, which compares known threat signatures to connection contexts, automatize the logs analysis and suspend
observed events to identify incidents. This is very effective at the suspected connections. Contrary to the classic IDS, the
detecting known threats but largely ineffective at detecting signature is not used to detect the attacks. Before taking
unknown threats and many variants on known threats. action, The IDS must make a decision about an action in an
Signature-based detection cannot track and understand the appropriate time. If the action is in conformity with the rules,
state of complex communications, so it cannot detect most the permission to execute it will be granted and the action will
attacks that comprise multiple events. be executed.
Anomaly-based detection, which compares definitions of But if the action is illegal an alarm is issued. In most cases,
what activity, is considered normal against observed events to the other detectors of the network will be informed with the
identify significant deviations. This method uses profiles that goal to stop the other computers from opening or executing
are developed by monitoring the characteristics of typical specific files. Unlike the other prevention techniques, the IPS
activity over a period of time. The IDPS then compares the is a relatively new technique. It is based on the principle of
characteristics of current activity to thresholds related to the integrating the heterogeneous technologies: firebreak, VPN,
profile. Anomaly-based detection methods can be very IDS, anti-virus, anti-Spam, etc. Although the detection
effective at detecting previously unknown threats. Common portion of an IDS is the most complicated, the IDS goal is to
problems with anomaly-based detection are inadvertently make the network more secure, and the prevention portion of
including malicious activity within a profile, establishing the IDS must accomplish that effort. After malicious or
profiles that are not sufficiently complex to reflect real-world unwanted traffic is identified, using prevention techniques
computing activity, and generating many false positives. can stop it. When an IDS is placed in an inline configuration,
Stateful protocol analysis, which compares predetermined all traffic must travel through an IDS sensor. When traffic is
profiles of generally accepted definitions of benign protocol determined to be unwanted, the IDS do not forward the traffic
activity for each protocol state against observed events to to the remainder of the network. To be effective, however,
identify deviations. Unlike anomaly-based detection, which this effort requires that all traffic pass through the sensor.
uses host or network-specific profiles, stateful protocol When an IDS is not configured in an inline configuration, it
analysis relies on vendor-developed universal profiles that must end the malicious session by sending a reset packet to
specify how particular protocols should and should not be the network. Sometimes the attack can happen before the IDS
used. It is capable of understanding and tracking the state of can reset the connection. In addition, the action of ending
protocols that have a notion of state, which allows it to detect connections works only on TCP, not on UDP or internet

www.ijcsit.com 79
 B. Santos Kumar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (1) , 2013, 77 - 82

control message protocol (ICMP) connections. A more V. IDS TOOLS

sophisticated approach to IPS is to reconfigure network AIDE—Advanced Intrusion Detection Environment
devices (e.g., firewalls, switches, and routers) to react to the AIDE is a free replacement for Tripwire®, which operates in
traffic. Virtual local area networks (VLAN) can be configured the same manner as the semi-free Tripwire, but provides
to quarantine traffic and limit its additional features. AIDE creates a database from the regular
connections to other resources. The IPS allows the following expression found in a customizable configuration file. Once
functionalities [8]: this database is initialized, it can be used to verify the
 Supervising the behaviour of the application integrity of the files. It has several messages digest algorithms
 Creating rules for the application (md5, sha1, rmd160, Tiger®, Haval, etc.) that are used to
 Issuing alerts in case of violations check the integrity of the file. More algorithms can be added
 Correlating different sensors to guarantee a better with relative ease. All the usual file attributes can be checked
Protection against the attacks. for inconsistencies, and AIDE can read databases from older
 Understanding of the IP networks or newer versions.
 Having mastery over the network probes and the Alert-Plus
logs analysis Alert-Plus is a rule based system that compares events
 Defending the vital functions of the network recorded in a Safeguard audit trail against custom-defined
carrying out an analysis with high velocity. rules and automatically invokes a response when it detects an
event of interest. Alert-Plus can detect an intrusion attempt
and actually help to block it. Example of Alert Plus Are
Builints and Dash Boards.
Eye Retina
Retina Network Security Scanner provides vulnerability
management and identifies known and zero day
vulnerabilities, plus provides security risk assessment,
enabling security best practices, policy enforcement, and
regulatory audits.
eEye SecureIIS Web Server Protection
SecureIIS Web server security delivers integrated multi-
layered Windows server protection. It provides application
layer protection via integration with the IIS platform as an
Fig: Intrusion Detection and Prevention System Internet Server Application Programming Interface (ISAPI)
filter, protecting against known and unknown exploits, zero
Network Behavior Anomaly Detection day attacks and unauthorized Web access.
NBAD is an IDS technology in which the shape or statistics GFI Events Manager
of traffic, not individual packets, determines if the traffic is GFI Events Manager is a software-based events management
malicious. NBAD sensors are placed around a network in key solution that delivers automated collection and processing of
places, such as at switches, at demilitarized zones (DMZ), events from diverse networks, from the small, single-domain
and at locations at which traffic splits to different segments. network to extended, mixed environment networks, on
Sensors then report on what type and amount of traffic is multiple forests and in diverse geographical locations. It
passing through. By viewing the shape of the traffic, an offers a scalable design that enables you to deploy multiple
NBAD can detect DoS attacks, scanning across the network, instances of the front-end application, while at the same time,
worms, unexpected application services, and policy maintaining the same database backend. This decentralizes
violations. NIDS and NBAD systems share some of the same and distributes the event collection process while centralizing
components, such as sensors and management consoles; the monitoring and reporting aspects of events monitoring.
however, unlike NIDS, NBAD systems usually do not have 11i Host Intrusion Detection System (HIDS)
database servers. HP-UX HIDS continuously examines ongoing activity on a
The Host Intrusion Prevention System system, and it seeks out patterns that suggest security
Nowadays, the attacks evolve quickly and are targeted. Also, breaches or misuses. Security threats or breaches can include
it is necessary to have a protection capable to stop the attempts to break into a system, subversive activities, or
malwares before the publication of an update of the specific spreading a virus. Once you activate HP-UX HIDS for a
detection. An intrusions prevention system based on the Host given host system and it detects an intrusion attempt, the host
Intrusion Prevention System or HIPS is destined to stop the sends an alert to the administrative interface where you can
malwares before an update of the specific detection is taken immediately investigate the situation, and when necessary,
by supervising the code behaviour. The majority of the HIPS take action against the intrusion.
solutions supervises the code at the time of its execution and IBM RealSecure Server Sensor
intervenes if the code is considered suspected or IBM RealSecure Server Sensor provides automated, real-time
malevolent [7]. intrusion protection and detection by analyzing events, host

www.ijcsit.com 80
 B. Santos Kumar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (1) , 2013, 77 - 82

logs, and inbound and outbound network activity on critical Performance: the setting up of an IDS/IPS must not affect
enterprise servers in order to block malicious activity from the performance of the supervised systems. Besides, it is
damaging critical assets. necessary to have the certainty that the IDS/IPS has the
INTEGRIT capacity to treat all the information in its disposition because
Integrit has a small memory footprint, uses up-to-date in the reverse case it becomes trivial to conceal the attacks
cryptographic algorithms, and has other features. The integrit while increasing the quantity of information. These criteria
system detects intrusion by detecting when trusted files have must be taken into consideration while classifying an
been altered. By creating an integrit database (update mode) IDS/IPS, as well:
that is a snapshot of a host system in a known state, the host’s
files can later be verified as unaltered by running integrit in  The sources of the data to analyze, network, system
check mode to compare current state to the recorded known or application
state. integrit can do a check and an update simultaneously.  The behaviour of the product after intrusion
Lumension Sanctuary Application Control passive or active
Lumension Application Control (formerly Secure Wave  The frequency of use, periodic or continuous
Sanctuary® Application Control) is a three-tiered  The operating system in which operate the tools,
client/server application that provides the capability to Linux, Windows, etc.
centrally control the programs and applications users are able  The source of the tools, open or private.
to execute on their client computers. Three tiers of a
Sanctuary Application Control Desktop (SACD) deployment VI. CONCLUSION
comprise: This study has proved that both the intrusion detection
An SQL database systems and the intrusion prevention systems still need to be
 One or more servers improved to ensure an unfailing security for a network. They
 Client kernel driver (SXD) are not reliable enough (especially in regard to false positives
 McAfee Host Intrusion Prevention and false negatives) and they are difficult to administer. Yet,
McAfee Host Intrusion Prevention (HIP) is a host based it is obvious that these systems are now essential for
intrusion prevention system designed to protect system companies to ensure their security. To assure an effective
resources and applications. Host Intrusion Prevention is part computerized security, it is strongly recommended to
of McAfee Total Protection for Endpoint, which integrates combine several types of detection
with McAfee ePolicy Orchestrator® for centralized reporting system. The IPS, which attempt to compensate in part for
and management that’s accurate, scalable, and easy to use and these problems, is not yet effective enough for use in a
works with other McAfee and non-McAfee products. production context. They are currently mainly used in test
Osiris environments in order to evaluate their reliability. They also
Osiris is a host integrity monitoring system that can be used lack a normalized operating principle like for the IDS.
to monitor changes to a network of hosts over time and report However, these technologies require to be developed in the
those changes back to the administrator(s). Currently, this coming years due to the increasing security needs of
includes monitoring any changes to the file systems. Osiris businesses and changes in technology that allows more
takes periodic snapshots of the file system and stores them in efficient operation detection systems and intrusion
a database. These databases, as well as the configurations and prevention. We are working on the implementation of a
logs, are all stored on a central management host. When screening tool of attack and the characterization of test data.
changes are detected, Osiris will log these events to the We also focus on the collection of exploits and attacks to
system log and optionally send email to an administrator. classify and identify. Further work is under way and many
CLASSIFICATION OF THE IPS/IDS: ways remain to be explored. Then it would be interesting to
The following criteria will be adopted in the classification of conduct assessments of existing IDS and IPS following the
the IPS/IDS: approaches we have proposed and tools developed in this
Reliability: The generated alerts must be justified and no work. This paper provided a new way of looking at network
intrusion to escape intrusion detection research including intrusion detection
Reactivity: An IDS/IPS must be capable to detect and to types that are necessary, complete, and mutually exclusive to
prevent the new types of attacks as quickly as possible. Thus, aid in the fair comparison of intrusion detection methods and
it must constantly self-update. Capacities of automatic update to aid in focusing research in this area.
are so indispensable.
Facility of implementation and adaptability: An IDS/IPS ACKNOWLEGMENT
must be easy to function and especially to adapt to the context Thanks to management of WISTM Engg College and to my
in which it must operate. It is useless to have an IDS/IPS guide Mr. B.Kiran Kumar M.Tech is working as Asst.Prof in
giving out some alerts in less than 10 seconds if the resources the department of CSE in WellFare institute of science,
necessary to a reaction are not available to act in the same Technology & Management.
constraints of time.

www.ijcsit.com 81
 B. Santos Kumar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (1) , 2013, 77 - 82

REFERENCES AUTHORS
[1] Langin, C. L. A SOM+ Diagnostic System for Network Intrusion
Detection. Ph.D. Dissertation, Southern Illinois University Carbondale
(2011)
[2] Amoroso, E.: Intrusion Detection: An Introduction to Internet
Surveillance, Correlation, Trace Back, Traps, and Response.
Intrusion.Net Books (1999)
[3] Denning, D.: An Intrusion-Detection Model. IEEE Transactions on
Software Engineering 13(2), 118-131 (1986)
[4] Young, C.: Taxonomy of Computer Virus Defense Mechanisms. In: The T.Chandra Sekhar Phaniraju Sk.Dawood Baba
10th National Computer Security Conference Proceedings (1987)
[5] Lunt, T.: Automated Audit Trail Analysis and Intrusion Detection: A
Survey. In: Proceedings of the 11th National Computer Security
Conference, Baltimore, pp.65-73 (1988)
[6] Lunt, T.: A Survey of Intrusion Detection Techniques. Computers and
Security 12, 405-418 (1993)
[7] Vaccaro, H., Liepins, G.: Detection of Anomalous Computer Session
Activity. In: Proceedings of the 1989 IEEE Symposium on Security and
Privacy (1989)
[8] Helman, P., Liepins, G., Richards, W.: Foundations of Intrusion M.Ratnakar B.Santos Kumar
Detection. In: Proceedings of the IEEE Computer Security Foundations
Workshop V (1992)
[9] Denault, M., Gritzalis, D., Karagiannis, D., Spirakis, and P.: Intrusion
Detection: Approach and Performance Issues of the SECURENET
System. Computers and Security 13(6), 495-507 (1994)
[10] Crying wolf: False alarms hide Newman attacks, Snyder & Thayer
Network World, 24/06/02,
http://www.nwfusion.com/techinsider/2002/0624security1.html
[11] F. Cikala, R. Lataix, S. Marmeche", The IDS/IPS. Intrusion
Detection/Prevention Systems ", Presentation, 2005.
[12] Hervé Debar and Jouni Viinikka, "Intrusion Detection,: Introduction to
N.Sudhakar
Intrusion Detection Security and Information Management",
Foundations of Security Analysis and Design III, Reading Notes in to Students of WellFare institute of Science technology &
Compute Science, Volume 3655, 2005. pp. 207-236. Management, pinagadi, Vishakapatnam.
[13] Hervé Debar, Marc Dacier and Andreas Wespi, "IN Revised Taxonomy
heart Intrusion Detection Systems", Annals of the Telecommunications,
Flight. 55, Number,: 7-8, pp. 361-378, 2000.
[14] Herve Schauer Consultants", The detection of intrusion…” Presentation:
excerpt of the course TCP/IP security of the Cabinet HSC, March 2000.
[15] ISS Internet Risk Impact Summary - June 2002.
[16] Janne Anttila", Intrusion Detection in Critical Ebusiness Environment ",
Presentation, 2004.
[17] D K. Müller", IDS - Systems of intrusion Detection, Left II ", July 2003,
http://www.linuxfocus.org/Francais/July2003/article294.shtml

www.ijcsit.com 82