First page Back Continue Last page Summary Graphics
Application Links (cont.)
Intrusion Detection - Network-based
- There are two types of Intrusion Detection Systems:
- Knowledge-based (also known as Expert) Systems match known patterns to detect malicious or dangerous activity.
- Pros:
- Accurate as long as the pattern files are kept up to date.
- Very low false-alarm rate.
- Cons:
- Can only detect a subset of "known" network attacks.
- Can be very high maintenance in keeping patterns updated.
- Hard to gather initial information on attacks.
Notes: