Intrusion Detection & Prevention
Content Leader: Jess Garcia - Last Updated: February 5, 2007
Index
Intrusion Detection
What is Intrusion Detection?
Definition by Dirk Lehmann (Siemens CERT), taken from the SANS IDS FAQ:
-
ID stands for Intrusion Detection, which is the art of detecting inappropriate, incorrect, or anomalous activity. ID systems that operate on a host to detect malicious activity on that host are called host-based ID systems, and ID systems that operate on network data flows are called network-based ID systems.
Sometimes, a distinction is made between misuse and intrusion detection. The term intrusion is used to describe attacks from the outside; whereas, misuse is used to describe an attack that originates from the internal network. However, most people don't draw such distinctions.
The most common approaches to ID are statistical anomaly detection and pattern-matching detection.
IDS / IPS Resources
-
-
-
Articles, Papers & Presentations
-
For a list of IDS/IPS papers and presentations, check Honeypots.net
-
See a list of IDS/IPS Books here.
-
Online Publications & Newsletters
-
-
-
-
-
-
-
