The IT Law Wiki

Intrusion detection

32,295pages on
this wiki
Add New Page
Talk0 Share

Definitions Edit

Intrusion detection is

the process of monitoring events occurring in a computer system or network and analyzing them for signs of intrusion.[1]
[t]he process of identifying that an intrusion has been attempted, is occurring, or has occurred.[2]

Overview Edit

There are two different approaches to analyzing events to detect attacks: signature-based detection and anomaly detection.

  • Signature-Based Detection. This approach identifies events or sets of events that match with a predefined pattern of events that describe a known attack. These patterns are called signatures. Signatures may include system states, or accessing system areas that have been explicitly identified as “off-limits.”
  • Anomaly Detection. Anomaly detection assumes that all intrusive activities deviate from the norm. These tools typically establish a normal activity profile and then maintain a current activity profile of a system. When the two profiles vary by statistically significant amounts, an intrusion attempt is assumed.

References Edit

  1. NIST Special Publication 800-36, at 21.
  2. Report on the NS/EP Implications of Intrusion Detection Technology Research and Development, at 6.

Source Edit

See also Edit

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Also on Fandom

Random Wiki