Analyze how to build an intrusion detection system

Others 2022-04-27 18:24:57 views: 0

      An intrusion detection system is a network security device that monitors network transmissions in real-time and issues alerts or takes proactive measures when suspicious transmissions are detected. What sets it apart from other network security devices is that IDS is a proactive security technology. IDS first appeared in April 1980. In the mid-1980s, IDS gradually developed into Intrusion Detection Expert System (IDES). In 1990, IDS differentiated into network-based IDS and host -based IDS. Distributed IDS appeared later. At present, IDS is developing rapidly, and some people claim that IDS can completely replace the firewall.

The intrusion detection system is divided into two modes according to the behavior of intrusion detection: anomaly detection and misuse detection. The former must first establish a model of the normal behavior of system access, and any behavior that does not conform to this model will be judged as intrusion; the latter, on the contrary, must first summarize all possible unfavorable and unacceptable behaviors to establish a model, Any visitor that conforms to this model will be judged as an intrusion.

The security strategies of these two modes are completely different, and they have their own advantages and disadvantages: the false negative rate of anomaly detection is very low, but the behavior that does not conform to the normal behavior mode is not necessarily a malicious attack, so this strategy is wrong. The false positive rate is high; misuse detection has a low false positive rate due to unacceptable behavioral patterns that directly match alignment anomalies. But malicious behavior is ever-changing and may not be collected in the behavior pattern library, so the false negative rate is high. This requires users to formulate strategies and select behavior detection modes according to the characteristics and security requirements of the system. Now users are adopting a strategy that combines the two modes.

  Tutorial List: Overview of Intrusion Detection Systems and Firewall Differences

                   Intrusion detection system application scenarios and functions

                   Intrusion Detection System Classification

               Intrusion Detection Process Analysis

               Read the original text to start learning

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325770688&siteId=291194637
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com