Jump to content

Intruder detection

Edit links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Eldraco (talk | contribs) at 14:41, 17 January 2006. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In Information security, Intruder Detection is the art of detecting intruders behind attacks as unique persons. This techniques try to identify the person analyzing their computational behaviour.

This concept is not yet very extended and tend to be confused with Intrusion_Detection (also known as IDS) techniques which are the art of detecting intruder actions.


Theory

Intruder Detection Systems (See Intruder detection#Translation Confusion) try to detect whom is attacking a system analyzing his computational behaviour or biometric behaviour.

Some of the parameters used to identify a person

  • Keystroke Dynamics (aka:Keystroke Patterns Typing Pattern, Typing Behaviour)
  • Patterns using an interactive command interperter:
    • Commands Used.
    • Commands Sequence.
    • Accessed Directories.
    • Caracter deletion.
  • Patterns on the network usage:
    • Ip address used
      • ISP
      • Country
      • City
    • Operation System Used to attack. See p0f


History

Some other earlier works reference the concept of Intruder Autentication, Intruder Verification, or Intruder Clasification, but in its full meaning, the Si6 proyect Si6#Paranoid was one of the first proyects to research about it.


Translation Confusion

There is a confusion with the spanish translation of 'Intruder Detection Systems', some people translate it as 'Sistemas de Detección de Intrusiones', but others translate it as 'Sistemas de Detección de Intrusos'. Ony the former is correct.


behavioral characteristics


See Also



Stub icon

This computing article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Intruder_detection&oldid=35542785"