4 Other Types Of Intrusion Detection System
In my previous article, I have talked about one of the major type of Intrusion Detection System in network security. It also shows some of the facts that you need to know about the different types of Intrusion Detection System that you need to know. Follow me as we look at that together in this article.
#1 Anomaly Detection
Anomaly detection involves actual software that works to detect intrusion attempts and to then notify the administrator. This is what many people think of when they talk about Intrusion Detection Systems.
The general process is simple: The system looks for abnormal behaviour. Any activity that does not match the pattern of normal user access is noted and logged. The software compares observed activity against the expected normal usage profile.
Profiles are usually developed for specific users, group of users, or applications. Any application that does not match the definition of normal behaviour is considered an anomaly and is logged.
Sometimes, we refer to this as “trace back” detection or “trace back” process. We are able to establish from where this packet was delivered. The specific ways in which an anomaly is detected include:
- Threshold monitoring.
- Resource profiling
- User/group work profiling.
- Executable profiling.
#1 Threshold Monitoring
Threshold monitoring presets acceptable behaviour levels and observes whether these levels are exceeded. This could include something as simple as a finite number of failed login attempts or something as complex as monitoring the time a user is connected and the amount of data the user downloads.
Threshold provides a definition of acceptable behaviour. Unfortunately, characterizing intrusive behaviour only by the threshold limits can be somewhat challenging. It is often quite difficult to establish proper threshold values on the proper time frames at which to check those threshold values. This can result in a high rate of false positives in which the system misidentifies normal usage as a possible attack.
#3 Resource Profiling
Resource Profiling measures the system-wide use of resources and develops a historic usage profile. Looking at how a user normally utilizes system resources enables the system to identify usage level that are outside normal parameters.
Abnormal reading can be indicative of illicit activity underway. However, it may be difficult to interpret the meaning of changes in overall system usage. An increase in usage might simply indicate something benign like an increased workflow rather than an attempt to breach security.
#4 Executive Profiling
Executive Profiling seeks to measure and monitor how programs use system resources, paying particular attention to those whose activity cannot always be traced to a specific originating user. For example, system services usually cannot be traced to a specific user launching them.
Viruses, Trojan Horses, worms, trapdoor, and other software attacks are addressed by profiling how system objects such as files and printers are normally used, not only by users but also by other system subjects on the part of the users.
In most conventional systems, for example, any program, including a virus inherits all of the privileges of the user executing the software. The software is not limited by the principle of least privilege, But to only those privileges needed to properly execute. This openness in the architecture permits the viruses to covertly change and infect totally unrelated parts of the system.
Now Tell Us Your Own Side Of This Story.
We would also like to hear what you feel about the topic we discussed today. Your feedback is very important to us. Feel free to drop your comments and recommendations. If you have a contrary opinion, you can drop that too.
You can also become part of our Facebook Page CRMNigeria for more updates. You can do that by clicking on the link or searching for our page on Facebook.
You can also become part of our WhatsApp Group Here.
Enjoy Latest Music From across the globe. Download TubeNaira.