Hai all....
This is my first post regarding my small research on Intrusion Detection which is my final year project......
As far as i know Intrusion Detection plays a key role in the field of Network Security...Basically there are two families of Intrusion Detection system...They are
1)Signature based IDS
2)Anomaly based IDS
I dont want to go technically deep into it...I just wanna give u an overall view.....
Signature based works on rule principle..That is u create a new rule for an attack and check the incoming data against this rule and verifies whether its a valid one or attack data...So all u need to do is to create as many rules as possible for the attacks coming...The problem is if new attacks comes where u dont have a rule for it, that particular attack will go undetected.
Anomaly based works on.. u create a profile like something that this particular network should work like this and any changes would be detected.The problem is even if we encrypt the data anomaly based will detect has an anomaly.Hence we will have high false rate in anomaly detection system.
Monday, December 8, 2008
Subscribe to:
Posts (Atom)
