Idt Seminar
Idt Seminar
Idt Seminar
1. Signature-based Method:
Signature-based IDS detects the attacks on the basis of the
specific patterns such as number of bytes or number of 1’s or
number of 0’s in the network traffic. It also detects on the
basis of the already known malicious instruction sequence
that is used by the malware. The detected patterns in the
IDS are known as signatures.
Signature-based IDS can easily detect the attacks whose pattern
(signature) already exists in system but it is quite difficult to
detect the new malware attacks as their pattern (signature) is not
known.
2.
3. Anomaly-based Method:
Anomaly-based IDS was introduced to detect the unknown
malware attacks as new malware are developed rapidly. In
anomaly-based IDS there is use of machine learning to
create a trustful activity model and anything coming is
compared with that model and it is declared suspicious if it
is not found in model. Machine learning based method has
a better generalized property in comparison to
signature-based IDS as these models can be trained
according to the applications and hardware configurations.
Comparison of IDS with Firewalls:
IDS and firewall both are related to the network security but an
IDS differs from a firewall as a firewall looks outwardly for
intrusions in order to stop them from happening. Firewalls
restrict access between networks to prevent intrusion and if an
attack is from inside the network it don’t signal. An IDS
describes a suspected intrusion once it has happened and then
signals an alarm.
What is the function of an intrusion detection system
on a network?
“Once you’ve gone down the path to say we’re going to keep
track of what’s going on in our environment, you need someone
to respond to alerts and incidents. Otherwise, why bother?” he
said.
“You might have an IDS that can handle 100 megabits of traffic
but you might have 200 megabits coming at it or traffic gets
distributed, so your IDS only sees one out of every three or four
packets,” Hanselman said.