0% found this document useful (0 votes)
178 views3 pages

CSC 411: Computer Network Security: Intrusion Detection Systems

An intrusion detection system (IDS) monitors network traffic or systems for malicious activity and policy violations. There are several types of IDS including host-based, network-based, stack-based, signature-based, and anomaly-based. A host-based IDS monitors a single computer system to detect intrusions, while a network-based IDS monitors traffic at strategic network points. A stack-based IDS watches packets as they traverse the OSI layers. Signature-based IDS detects known attacks by comparing signatures in a database, while anomaly-based IDS establishes a baseline of normal behavior to detect anomalies.

Uploaded by

Charles Masila
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
178 views3 pages

CSC 411: Computer Network Security: Intrusion Detection Systems

An intrusion detection system (IDS) monitors network traffic or systems for malicious activity and policy violations. There are several types of IDS including host-based, network-based, stack-based, signature-based, and anomaly-based. A host-based IDS monitors a single computer system to detect intrusions, while a network-based IDS monitors traffic at strategic network points. A stack-based IDS watches packets as they traverse the OSI layers. Signature-based IDS detects known attacks by comparing signatures in a database, while anomaly-based IDS establishes a baseline of normal behavior to detect anomalies.

Uploaded by

Charles Masila
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

CSC 411: COMPUTER NETWORK SECURITY

INTRUSION DETECTION SYSTEMS


An intrusion detection system (IDS) is a device or software application that monitors a network for
malicious activity or policy violations. Any malicious activity or violation is typically reported or
collected centrally using a security information and event management system. Some IDS’s are capable
of responding to detected intrusion upon discovery. [ CITATION Ber19 \l 1033 ]

Types of Intrusion Detection System (IDS)

1. Host Based IDS

2. Network Based IDS

3. Stack Based IDS

4. Signature Based IDS

5. Anomaly Based IDS

Host Based IDS

A host-based intrusion detection system (HIDS) is a system that monitors a computer system on which it
is installed to detect an intrusion and/or misuse, and responds by logging the activity and notifying the
designated authority. A HIDS can be thought of as an agent that monitors and analyzes whether anything
or anyone, whether internal or external, has circumvented the system’s security policy. [ CITATION
Dav02 \l 1033 ]

Network Based IDS


Network Intrusion Detection Systems (NIDS) monitor traffic at strategic points on the network. NIDS use
as a dedicated platform for use to analyze all the passing network traffic. NIDS work with the network
and analyses the ethernet packet to be decide to apply rules.

Stack Based IDS

Stack based IDS, works by integrating closely with the TCP/IP stack, allowing packets to be watched as
they traverse their way up the OSI layers. Watching the packet in this way allows the IDS to pull the
packet from the stack before the OS or application has a chance to process the packets.

Signature Based IDS

Signature-based IDS refers to the detection of attacks by looking for specific patterns, such as byte
sequences in network traffic, or known malicious instruction sequences used by malware. The system is
typically connected to a large database which houses attack signatures. It compares the information it
gathers against those attack signatures to detect a match.
These types of systems are normally presumed to be able to detect only attacks “known” to its database.
[ CITATION Pay03 \l 1033 ] Thus, if the database is not updated with regularity, new attacks could slip
through. It can, however, detect new attacks that share characteristics with old attacks, e.g., accessing
'cmd.exe' via a HTTP GET request. But, in cases of new, uncatalogued attacks, this technique is pretty
porous.

Anomaly Based IDS


Anomaly detection technique is a centralized process that works on the concept of a baseline for network
behavior. This baseline is a description of accepted network behavior, which is learned or specified by the
network administrators, or both. It’s like a guard dog personally interviewing everyone at the gate before
they are let down the drive.

References
1. Berracuda, 2019. glossary/intrusion-detection-system. [Online]
Available at: https://www.barracuda.com/glossary/intrusion-detection-system
[Accessed 7 November 2019].
2. David Wagner University of California, B. C., 2002. Mimicry attacks on host-based intrusion
detection systems. Washington DC, ACM Digital Library.

3. Payer, U., 2003. State-driven stack-based network intrusion detection system. Zagreb, Croatia,
Croatia, IEEE, p. 6.

You might also like