This article is an overview of intrusion detection systems (IDSs). Intrusion detection is an essential layer in a defend-in-depth strategy to protect enterprise networks. Traditional IDSs passively monitor activities in hosts and network traffic for signs of attacks. The core intelligence uses a detection algorithm using signatures or anomaly detection to classify activities as normal, suspicious or malicious. Signatures allow more reliable detection if a signature exists for a known attack, but unknown attacks without a signature will escape detection (resulting in a false negative). Anomaly detection is a complementary approach that can potentially recognise unknown attacks without a signature. Anomaly detection defines normal activities and identifies significant deviations as anomalies. However, anomaly detection is prone to high false positive rates. Detection accuracy, particularly in terms of false positives, is crucial to intrusion prevention systems that combine intrusion detection with active responses.
Please sign in or register for FREE
Sign in to E&T Cyber Security Hub
Register to E&T Cyber Security Hub
E&T Cyber Security Hub brings together engineers and cyber security specialists to share practical know-how. With content created ‘by engineers, for engineers,’ it provides peer-reviewed technical information, real-world insights, lessons learnt and case studies, as well as tools for networking and knowledge-sharing, profiles of experts and the opportunity for companies to showcase their expertise.