Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : Intrusion Detection System : Anomaly-Based IDS

Anomaly-Based IDS

Nov 24,2008 by admin

small font medium font large font
image

Anomaly-Based IDS

Anomaly-based IDS do not use static signatures to detect potential security events. Rather, these IDS use network traffic baselines to determine a "normal" state for the network and compare current traffic to that baseline. If network anomalies occur, the IDS alerts security administrators.

Two types of anomaly-based systems exist, behavior anomaly and protocol anomaly IDS. Both use the same type of statistical calculations to determine whether current traffic deviates from "normal" traffic, yet they specifically track different attributes. Behavior anomaly systems tend to monitor network resources using timing, volume, and similar resource characteristics while protocol anomaly IDS typically monitor application-level traits such as RFC compliancy and other operational protocol content attributes.

As compared to a signature-based IDS, an anomaly-based IDS has the potential to detect new attack vectors as they occur. Anomaly IDS, however, can suffer from numerous false positives as security administrators attempt to determine the dynamic definition of "normal" network operations.


312 times read

Related news
» Intrusion Detection System Overview Summary
by alperen posted on Feb 24,2010
» Intrusion Detection Systems Overview
by alperen posted on Feb 24,2010
» Intrusion Detection System Overview Questions and answers
by alperen posted on Feb 24,2010
» Overview of IDS
by admin posted on Nov 24,2008
» Intrusion Detection System (IDS)
by alperen posted on Sep 11,2009
Did you enjoy this article?
1 2 3 4 5
Rating: 1.00 (total 2 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.