Joke Collection Website - Blessing messages - Briefly describe four common intrusion detection methods.
Briefly describe four common intrusion detection methods.
1, feature detection
Signature-based detection is also called misuse detection This detection assumes that the activities of intruders can be represented by a pattern, and the goal of the system is to detect whether the activities of agents conform to these patterns.
It can check the existing intrusion methods, but it can't do anything about the new ones. The difficulty lies in how to design a model that can not only express the phenomenon of "invasion" but also exclude normal activities.
2. Anomaly detection
Anomaly detection assumes that the activities of intruders are different from those of normal subjects. According to this idea, the "activity contour" of the normal activity of the subject is established, and the current activity state of the subject is compared with the "activity contour". When it violates its statistical law, it is considered that the activity may be an "invasion" behavior.
The difficulty of anomaly detection lies in how to establish "active contour" and how to design statistical algorithm, so as not to regard normal operation as "intrusion" or ignore real "intrusion" behavior.
Extended data
Intrusion classification:
1, based on host
Generally, the audit and trace logs of the operating system are mainly used as data sources, and some will actively interact with the host system to obtain information that does not exist in the system logs to detect intrusions.
This detection system does not need additional hardware, is insensitive to network traffic and has high efficiency. It can accurately locate the intrusion and respond in time, but it takes up host resources and depends on the reliability of the host, so the types of attacks it can detect are limited. Unable to detect network attacks.
2, based on the network
By passively monitoring the original traffic transmitted on the network, the obtained network data is processed to extract useful information, and then the attack events are identified by matching with the known attack characteristics or comparing with the normal network behavior prototype.
This detection system does not depend on the operating system as a detection resource, and can be applied to different operating system platforms. Simple configuration, no need for any special audit and login mechanism; It can detect various attacks, such as protocol attacks and attacks in specific environments.
However, it can only monitor the activities passing through this network segment and cannot obtain the real-time status of the host system, so its accuracy is poor. Most intrusion detection tools are network-based intrusion detection systems.
3. Distributed
This intrusion detection system is usually distributed and consists of multiple components. Host intrusion detection is used for key hosts, and network intrusion detection is used for key nodes of the network. At the same time, the audit log from the host system and the data stream from the network are analyzed to judge whether the protected system is attacked.
Baidu Encyclopedia-Intrusion Detection
- Previous article:Apple watch se shortcomings
- Next article:Do Piggy and Leehom have a good relationship?
- Related articles
- I can't guess what my ex-boyfriend sent me to America. Would you please answer it for me?
- What happened when the mobile phone received such a message? I didn't order any hotel rooms.
- A short story of five famous people's struggles.
- Daily funny god replies to paragraphs _ Daily funny god replies to paragraphs Daquan
- How to solve the slow reaction of apple 13
- Ningbo City¡¯s latest epidemic prevention policies
- Summary of the 4.15 National Security Education Day activities in the banking industry
- How to use the package coupon? Ask for a detailed introduction
- The effective time of the stock price reminder of Oriental Fortune.
- Special greetings from medical students.