Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Intrusion detection system
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Analyzed activity === ====Network intrusion detection systems==== Network intrusion detection systems (NIDS) are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network.<ref>{{Cite book|last=Gurley.|first=Bace, Rebecca|url=http://worldcat.org/oclc/70689163|title=Intrusion detection systems|date=2001|publisher=[U.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology]|oclc=70689163}}</ref> It performs an analysis of passing traffic on the entire [[Subnetwork|subnet]], and matches the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator. NIDS function to safeguard every device and the entire network from unauthorized access.<ref>{{Cite journal |last=Ahmad |first=Zeeshan |last2=Shahid Khan |first2=Adnan |last3=Wai Shiang |first3=Cheah |last4=Abdullah |first4=Johari |last5=Ahmad |first5=Farhan |date=2020-10-16 |title=Network intrusion detection system: A systematic study of machine learning and deep learning approaches |url=http://dx.doi.org/10.1002/ett.4150 |journal=Transactions on Emerging Telecommunications Technologies |volume=32 |issue=1 |doi=10.1002/ett.4150 |issn=2161-3915}}</ref> An example of an NIDS would be installing it on the subnet where firewalls are located in order to see if someone is trying to break into the firewall. Ideally one would scan all inbound and outbound traffic, however doing so might create a bottleneck that would impair the overall speed of the network. [[OPNET]] and NetSim are commonly used tools for simulating network intrusion detection systems. NID Systems are also capable of comparing signatures for similar packets to link and drop harmful detected packets which have a signature matching the records in the NIDS. When we classify the design of the NIDS according to the system interactivity property, there are two types: on-line and off-line NIDS, often referred to as inline and tap mode, respectively. On-line NIDS deals with the network in real time. It analyses the [[Ethernet frame|Ethernet packets]] and applies some rules, to decide if it is an attack or not. Off-line NIDS deals with stored data and passes it through some processes to decide if it is an attack or not. NIDS can be also combined with other technologies to increase detection and prediction rates. [[Artificial neural network|Artificial Neural Network]] (ANN) based IDS are capable of analyzing huge volumes of data due to the hidden layers and non-linear modeling, however this process requires time due its complex structure.<ref>{{Cite journal |last=Ahmad |first=Zeeshan |last2=Shahid Khan |first2=Adnan |last3=Wai Shiang |first3=Cheah |last4=Abdullah |first4=Johari |last5=Ahmad |first5=Farhan |date=2021 |title=Network intrusion detection system: A systematic study of machine learning and deep learning approaches |url=https://onlinelibrary.wiley.com/doi/10.1002/ett.4150 |journal=Transactions on Emerging Telecommunications Technologies |language=en |volume=32 |issue=1 |doi=10.1002/ett.4150 |issn=2161-3915}}</ref> This allows IDS to more efficiently recognize intrusion patterns.<ref>{{Cite book|last1=Garzia|first1=Fabio|last2=Lombardi|first2=Mara|last3=Ramalingam|first3=Soodamani|title=2017 International Carnahan Conference on Security Technology (ICCST) |chapter=An integrated internet of everything β Genetic algorithms controller β Artificial neural networks framework for security/Safety systems management and support |date=2017|pages=1β6 |language=en-US|publisher=IEEE|doi=10.1109/ccst.2017.8167863|isbn=9781538615850|s2cid=19805812}}</ref> Neural networks assist IDS in predicting attacks by learning from mistakes; ANN based IDS help develop an early warning system, based on two layers. The first layer accepts single values, while the second layer takes the first's layers output as input; the cycle repeats and allows the system to automatically recognize new unforeseen patterns in the network.<ref>{{Cite book|last1=Vilela|first1=Douglas W. F. L.|last2=Lotufo|first2=Anna Diva P.|last3=Santos|first3=Carlos R.|title=2018 International Joint Conference on Neural Networks (IJCNN) |chapter=Fuzzy ARTMAP Neural Network IDS Evaluation applied for real IEEE 802.11w data base |date=2018|pages=1β7 |language=en-US|publisher=IEEE|doi=10.1109/ijcnn.2018.8489217|isbn=9781509060146|s2cid=52987664}}</ref> This system can average 99.9% detection and classification rate, based on research results of 24 network attacks, divided in four categories: DOS, Probe, Remote-to-Local, and user-to-root.<ref>{{Cite book|last1=Dias|first1=L. P.|last2=Cerqueira|first2=J. J. F.|last3=Assis|first3=K. D. R.|last4=Almeida|first4=R. C.|title=2017 9th Computer Science and Electronic Engineering (CEEC) |chapter=Using artificial neural network in intrusion detection systems to computer networks |date=2017|pages=145β150 |language=en-US|publisher=IEEE|doi=10.1109/ceec.2017.8101615|isbn=9781538630075|s2cid=24107983}}</ref> ====Host intrusion detection systems==== {{Main|Host-based intrusion detection system}} Host intrusion detection systems (HIDS) run on individual hosts or devices on the network. A HIDS monitors the inbound and outbound packets from the device only and will alert the user or administrator if suspicious activity is detected. It takes a snapshot of existing system files and matches it to the previous snapshot. If the critical system files were modified or deleted, an alert is sent to the administrator to investigate. An example of HIDS usage can be seen on mission critical machines, which are not expected to change their configurations.<ref>{{Cite book|url=https://books.google.com/books?id=6BgEAAAAMBAJ&q=host+IDS+%22mission+critical%22&pg=PT30|title=Network World|date=2003-09-15|publisher=IDG Network World Inc|language=en}}</ref><ref>{{Cite book|url=https://books.google.com/books?id=3iiLDQAAQBAJ&q=hids+%22mission+critical%22&pg=PT118|title=Network and Data Security for Non-Engineers|last1=Groom|first1=Frank M.|last2=Groom|first2=Kevin|last3=Jones|first3=Stephan S.|date=2016-08-19|publisher=CRC Press|isbn=9781315350219|language=en}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)