Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Intrusion detection system
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
====Anomaly-based==== [[Anomaly-based intrusion detection system]]s were primarily introduced to detect unknown attacks, in part due to the rapid development of malware. The basic approach is to use machine learning to create a model of trustworthy activity, and then compare new behavior against this model. Since these models can be trained according to the applications and hardware configurations, machine learning based method has a better generalized property in comparison to traditional signature-based IDS. Although this approach enables the detection of previously unknown attacks, it may suffer from [[false positives]]: previously unknown legitimate activity may also be classified as malicious. Most of the existing IDSs suffer from the time-consuming during detection process that degrades the performance of IDSs. Efficient [[feature selection]] algorithm makes the classification process used in detection more reliable.<ref>{{cite journal|last=Rowayda|first=A. Sadek|author2=M Sami, Soliman|author3=Hagar, S Elsayed|title=Effective anomaly intrusion detection system based on neural network with indicator variable and rough set reduction|journal= International Journal of Computer Science Issues |date=November 2013|volume=10|issue=6}}</ref> New types of what could be called anomaly-based intrusion detection systems are being viewed by [[Gartner]] as User and Entity Behavior Analytics (UEBA)<ref>{{Cite web|url=https://www.gartner.com/doc/3134524?ref=SiteSearch&sthkw=avivah%20litan&fnl=search&srcId=1-3478922254|title=Gartner report: Market Guide for User and Entity Behavior Analytics|date=September 2015}}</ref> (an evolution of the [[user behavior analytics]] category) and network [[traffic analysis]] (NTA).<ref>{{Cite web|url=https://www.gartner.com/doc/3367417?ref=SiteSearch&sthkw=hype%20cycle%20for%20infrastructure&fnl=search&srcId=1-3478922254|title=Gartner: Hype Cycle for Infrastructure Protection, 2016}}</ref> In particular, NTA deals with malicious insiders as well as targeted external attacks that have compromised a user machine or account. Gartner has noted that some organizations have opted for NTA over more traditional IDS.<ref>{{Cite web|url=https://www.gartner.com/doc/3449317?ref=SiteSearch&sthkw=intrusion%20detection&fnl=search&srcId=1-3478922254|title=Gartner: Defining Intrusion Detection and Prevention Systems|access-date=2016-09-20}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)