First page Back Continue Last page Summary Graphics
Application Links (cont.)
Intrusion Detection - Network-based (Con't.)
- The second type of Intrusion Detection Systems:
- Behavior-based Systems use network usage patterns to detect "abnormal" usage.
- This type of IDS is not widely used.
- Pros:
- Can detect new and unforseen attacks
- Detects abuse of priveleges
- Cons:
- High false alarm rate. (Anything not considered "normal" generates an alarm.)
- Attacks or abnormal patterns gathered during the the learning stage can be masked.
- Behavior may change over time.
Notes: