Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Intrusion detection system
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Analyzed activity === ====Network intrusion detection systems==== Network intrusion detection systems (NIDS) are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network.<ref>{{Cite book|last=Gurley.|first=Bace, Rebecca|url=http://worldcat.org/oclc/70689163|title=Intrusion detection systems|date=2001|publisher=[U.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology]|oclc=70689163}}</ref> It performs an analysis of passing traffic on the entire [[Subnetwork|subnet]], and matches the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator. NIDS function to safeguard every device and the entire network from unauthorized access.<ref>{{Cite journal |last=Ahmad |first=Zeeshan |last2=Shahid Khan |first2=Adnan |last3=Wai Shiang |first3=Cheah |last4=Abdullah |first4=Johari |last5=Ahmad |first5=Farhan |date=2020-10-16 |title=Network intrusion detection system: A systematic study of machine learning and deep learning approaches |url=http://dx.doi.org/10.1002/ett.4150 |journal=Transactions on Emerging Telecommunications Technologies |volume=32 |issue=1 |doi=10.1002/ett.4150 |issn=2161-3915}}</ref> An example of an NIDS would be installing it on the subnet where firewalls are located in order to see if someone is trying to break into the firewall. Ideally one would scan all inbound and outbound traffic, however doing so might create a bottleneck that would impair the overall speed of the network. [[OPNET]] and NetSim are commonly used tools for simulating network intrusion detection systems. NID Systems are also capable of comparing signatures for similar packets to link and drop harmful detected packets which have a signature matching the records in the NIDS. When we classify the design of the NIDS according to the system interactivity property, there are two types: on-line and off-line NIDS, often referred to as inline and tap mode, respectively. On-line NIDS deals with the network in real time. It analyses the [[Ethernet frame|Ethernet packets]] and applies some rules, to decide if it is an attack or not. Off-line NIDS deals with stored data and passes it through some processes to decide if it is an attack or not. NIDS can be also combined with other technologies to increase detection and prediction rates. [[Artificial neural network|Artificial Neural Network]] (ANN) based IDS are capable of analyzing huge volumes of data due to the hidden layers and non-linear modeling, however this process requires time due its complex structure.<ref>{{Cite journal |last=Ahmad |first=Zeeshan |last2=Shahid Khan |first2=Adnan |last3=Wai Shiang |first3=Cheah |last4=Abdullah |first4=Johari |last5=Ahmad |first5=Farhan |date=2021 |title=Network intrusion detection system: A systematic study of machine learning and deep learning approaches |url=https://onlinelibrary.wiley.com/doi/10.1002/ett.4150 |journal=Transactions on Emerging Telecommunications Technologies |language=en |volume=32 |issue=1 |doi=10.1002/ett.4150 |issn=2161-3915}}</ref> This allows IDS to more efficiently recognize intrusion patterns.<ref>{{Cite book|last1=Garzia|first1=Fabio|last2=Lombardi|first2=Mara|last3=Ramalingam|first3=Soodamani|title=2017 International Carnahan Conference on Security Technology (ICCST) |chapter=An integrated internet of everything β Genetic algorithms controller β Artificial neural networks framework for security/Safety systems management and support |date=2017|pages=1β6 |language=en-US|publisher=IEEE|doi=10.1109/ccst.2017.8167863|isbn=9781538615850|s2cid=19805812}}</ref> Neural networks assist IDS in predicting attacks by learning from mistakes; ANN based IDS help develop an early warning system, based on two layers. The first layer accepts single values, while the second layer takes the first's layers output as input; the cycle repeats and allows the system to automatically recognize new unforeseen patterns in the network.<ref>{{Cite book|last1=Vilela|first1=Douglas W. F. L.|last2=Lotufo|first2=Anna Diva P.|last3=Santos|first3=Carlos R.|title=2018 International Joint Conference on Neural Networks (IJCNN) |chapter=Fuzzy ARTMAP Neural Network IDS Evaluation applied for real IEEE 802.11w data base |date=2018|pages=1β7 |language=en-US|publisher=IEEE|doi=10.1109/ijcnn.2018.8489217|isbn=9781509060146|s2cid=52987664}}</ref> This system can average 99.9% detection and classification rate, based on research results of 24 network attacks, divided in four categories: DOS, Probe, Remote-to-Local, and user-to-root.<ref>{{Cite book|last1=Dias|first1=L. P.|last2=Cerqueira|first2=J. J. F.|last3=Assis|first3=K. D. R.|last4=Almeida|first4=R. C.|title=2017 9th Computer Science and Electronic Engineering (CEEC) |chapter=Using artificial neural network in intrusion detection systems to computer networks |date=2017|pages=145β150 |language=en-US|publisher=IEEE|doi=10.1109/ceec.2017.8101615|isbn=9781538630075|s2cid=24107983}}</ref> ====Host intrusion detection systems==== {{Main|Host-based intrusion detection system}} Host intrusion detection systems (HIDS) run on individual hosts or devices on the network. A HIDS monitors the inbound and outbound packets from the device only and will alert the user or administrator if suspicious activity is detected. It takes a snapshot of existing system files and matches it to the previous snapshot. If the critical system files were modified or deleted, an alert is sent to the administrator to investigate. An example of HIDS usage can be seen on mission critical machines, which are not expected to change their configurations.<ref>{{Cite book|url=https://books.google.com/books?id=6BgEAAAAMBAJ&q=host+IDS+%22mission+critical%22&pg=PT30|title=Network World|date=2003-09-15|publisher=IDG Network World Inc|language=en}}</ref><ref>{{Cite book|url=https://books.google.com/books?id=3iiLDQAAQBAJ&q=hids+%22mission+critical%22&pg=PT118|title=Network and Data Security for Non-Engineers|last1=Groom|first1=Frank M.|last2=Groom|first2=Kevin|last3=Jones|first3=Stephan S.|date=2016-08-19|publisher=CRC Press|isbn=9781315350219|language=en}}</ref>
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Intrusion detection system
(section)
Add topic
