Jump to content

Anomaly-based intrusion detection system

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by M3tainfo (talk | contribs) at 01:13, 23 November 2004 (started page on anomaly detection - just couple paragraphs at the moment). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

An Anomaly-Based Intrusion Detection System, is a system for detecting computer intrusions and misuse by monitoring system activity and classifying it as either Normal or Anomalous. The classification is based on heuristics or rules, rather than patterns or signatures, and will detect any type of misuse that falls outwith normal system operation. This is as opposed to signature based systems which can only detect attacks for which a sigjnature has previously been created.

In order to determine what is attack traffic, the system myst be taught to recognise normal system activity. This can be accomplished in several ways, most often with Artificial Intelligence type techniques. Systems using Neural Networks have been used to great effect. Another method is to define what normal usage of the system comprises using a strict mathematical model, and flag any deviation from this as an attack. This is known as Strict anomaly detection.

This article is a stub. You can help Wikipedia by expanding it.

See also

Refernces

A strict anomaly detection model for IDS, Phrack 56 0x11, Sasha/Beetle

Retrieved from "https://en.wikipedia.org/w/index.php?title=Anomaly-based_intrusion_detection_system&oldid=8295747"