Intrusion Detection is an important technology that monitors network traffic and Events. Intrusion Detection System also identifies network intrusions such as abnormal network behaviors, unauthorized network access and malicious attacks to computer systems.
Many efforts have been carried out to accomplish the task are security policies, firewalls, anti-virus software. Even Intrusion Detection Systems (IDSs) to configure different services in operating systems and computer networks.
The general example of Intrusion Detection is when we suffer from some disease and asking doctor what happen to me. Doctor suggests for blood checking and sends blood report doctor suggests medicine to cure the disease.
Here blood report is intrusion detection. Whereas medicine given by the doctor after checking blood report is called as Intrusion Detection System.
Intrusion Detection System has some policies or mechanisms to protect computer systems from many attacks. As the use of data transmission and receiving over the internet increases the need to protect the data of these connected systems also increases. Many scientists have different definition of IDS but as per our point of view IDS can be define as below point.
An Intrusion Detection System is software that monitors the events occur in a computer systems or networks. It analyzes what happens during an execution and tries to find out indications that the computer has been misuse in order to achieve confidentiality, integrity and availability of a resource and data.
The IDS will continuously run on our system in the background, and only generate the alert when it detects something suspicious as per its own rules and regulations.
Intrusion Detection Methods/Techniques –
(A) Signature Based Detection –
- It is a process of comparing the signatures of known threat with the events that are been observed. Here the current packet is been match with log entry of the signatures in the network.
- Signature is define as the pattern (structure) that we search inside a data packet. The data packet may contain source address, destination address, protocol, port number, etc.
- Signature based IDS create databases of such attack pattern for detecting the known or documented attacks. Single signature is use to detect one or more types of attacks which are present in different parts of a data packets.
- It is also use to monitor the events occurred in the network and match those events against a database of attack signatures to detect intrusions.
- Signature based IDSs are unable to detect unknown and newly generated attacks. This is because it requires manual updating of each new type of attacks into to the existing database.
(B) Anomaly Based Detection –
- It is the process of comparing activities which are supposed to be normal against observed events to identify deviation.
- An IDPS uses Anomaly based detection techniques, which has profiles that represent normal activities of user, host, connections or applications.
- Anomaly detection techniques generate large number of false alarms due to the unpredictable behaviors of users and networks.
- It also requires extensive “Training Data Set” of system events, records in order to characterize normal behavior patterns.
- An Anomaly detection system observes and checks the deviation of normal network. If it observes any changes or suspicious in the network from normal deviations it will immediately inform and alert about the unknown attack.