This document provides an overview of intrusion detection systems (IDS). It discusses two main types of IDS - network intrusion detection systems (NIDS) which monitor network traffic to and from all devices, and host-based intrusion detection systems (HIDS) which monitor traffic to and from individual hosts. It also describes two common detection methods - misuse detection which looks for known attack patterns, and anomaly detection which identifies abnormal network traffic.
Cyber Security Intrusion Detection Systems Explained
1. 1
NAME : VIVEK FALDU
ENROLLMENT NO. : 160470105013
BRANCH : CHEMICAL
SEMESTER : 5th
SUBJECT : CYBER SECURITY
INTRUCTION DETECTION
SYSTEM
2. 2
1.Introduction
2.Analysed Activity
I. Network intrusion detection system(NIDS)
II. Host-bashed intrusion detection
system(HIDS)
3. Detection Methods
I. Misuse Bashed
II. Anomaly Bashed
ο content
3. 3ο INTRODUCTION
An intrusion detection system (IDS) is
device or software application that ability locate
and identify the malicious activity on your
network.
7. ο Analysed activity 7
Intrusion detection system (IDS) are available in two
forms like that Network intrusion detection system
(NISD) and Host-bashed intrusion detection system
(HIDS)
9. 9ο NETWORK INTRUSION
DETECTION SYSTEM(NISD)
Network intrusion detection systems (NIDS)
are placed at a strategic point within the network
to monitor traffic to and from all devices on the
network. It performs an analysis of passing traffic
on the entire subnet, and matches the traffic that
is passed on the subnets to the library of known
attacks.
12. 12ο HOST-BASHED INTRUSION
DETECTION SYSTEMS(HIDS)
Host intrusion detection systems (HIDS) run
on individual hosts or devices on the network. A
HIDS monitors the inbound and outbound
packets from the device only and will alert the
user or administrator if suspicious activity is
detected. It takes a snapshot of existing system
files and matches it to the previous snapshot. If
the critical system files were modified or deleted,
an alert is sent to the administrator to investigate.
14. 14
ο MISUSE BASHED
Misuse Bashed idea also know as signature Bashed or
knowledge Bashed
Signature-based IDS refers to the detection of attacks by
looking for specific patterns, such as sequences in
network traffic, or known malicious instruction
sequences used by malware. This terminology
originates from anti-virus software, which refers to these
detected patterns as signatures. Although signature-
based IDS can easily detect known attacks, it is
impossible to detect new attacks, for which no pattern is
available.
16. 16
Network-based anomalous intrusion detection systems
often provide a second line of defence to detect
anomalous traffic at the physical and network layers
after it has passed through a firewall or other security
appliance on the border of a network.
Host-based anomalous intrusion detection systems are
one of the last layers of defence and reside on
computer end points.
17. 17
Anomaly-based Intrusion Detection at both the
network and host levels have a few
shortcomings; namely a high false-positive rate
and the ability to be fooled by a correctly
delivered attack.