Joke Collection Website - Blessing messages - What is intrusion detection and its system structure?
What is intrusion detection and its system structure?
The architecture of intrusion detection;
1. Event generator: Its purpose is to obtain events from the whole computing environment and provide them to other parts of the system.
2. Event analyzer: It analyzes data and produces analysis results.
3. Response unit: a functional unit that responds to the analysis results. It can make a strong reaction such as cutting off the connection, changing the file properties, or simply calling the police.
4. Event database: Event database is the general name of the place where all kinds of intermediate data and final data are stored. It can be a complex database or a simple text file.
Extended data:
According to the behavior of intrusion detection, intrusion detection system is divided into two modes: anomaly detection and misuse detection. The former must first establish a model of the normal behavior of system access, and any visitor's behavior that does not conform to this model will be judged as intrusion.
The latter, on the other hand, should first sum up all possible unfavorable and unacceptable behaviors to establish a model, and any behavior of visitors that conforms to this model will be judged as invasion.
The security strategies of these two modes are completely different, and each has its own advantages and disadvantages: the false negative rate of anomaly detection is very low, but the behavior that does not conform to the normal behavior pattern is not necessarily a malicious attack, so the false positive rate of this strategy is very high.
Misuse detection has a low false positive rate because it directly matches the unacceptable behavior pattern of abnormal comparison. However, malicious acts are ever-changing, and may not be collected in the behavior pattern library, so the rate of missing reports is very high.
This requires users to formulate strategies and choose behavior detection modes according to the characteristics and security requirements of the system. Now users adopt the strategy of combining the two modes.
Baidu Encyclopedia-Intrusion Detection
Baidu Encyclopedia-Intrusion Detection System
- Related articles
- Will Weibo inform the borrower when verifying the contact person?
- I added my ex-boyfriend WeChat and he verified it, but no matter what text messages I sent or what phone calls I made, he just wouldn't reply. Why?
- Fetion SMS oversubscribed.
- Congratulations from colleagues, baby, happy face, anxious.
- When will the money for setting up the card arrive in the account 221
- What if wechat can't log in with SMS verification code?
- How does CCB E-Pass collect money?
- Can SMS threats be filed?
- China Bank's card did not open international roaming before going abroad. How to open SMS international roaming after going abroad?
- Mobile phone numbers of various brands in Tianjin are charged.