IndexIntrudersIntruder Classes: Intrusion Detection System (IDS)Types of IDS:Host-Based Intrusion Detection Systems (HIDS):Network Intrusion Detection Systems (NIDS) ):Techniques used in IDS: Basic Signature Detection: Basic Anomaly Detection: Uses of IDS: Weaknesses in IPS DetectionAn intrusion is an occasion when someone finds themselves in a situation or place where they are not wanted or allowed. It refers to the action of intrusion or unwanted visit, intrusion into someone's business, and forced entry into any situation. In computer security, intrusion refers to any unauthorized access to the network. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an Original EssayIntrudersIn computer security, one of the two most publicized security threats is the intruder generally referred to as a hacker or cracker. Intruders are those who attempt to intrude on the privacy of a network. Intruder Classes: Generally, intruders are classified into three categories. Masquerader: An individual who is unauthorized to use the computer and who penetrates a system's access controls to exploit a legitimate user account. The masquerader is likely to be an outsider. Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is unauthorized, or who is authorized for such access but abuses his privileges, the malefactor is generally an insiderClandestine user: An individual who assumes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection. The clandestine user can be an external or an internal user. Intrusion Detection System (IDS) An IDS is a device or software application that monitors a system or network for malicious activity or policy violations. Any activity or violation detected is typically reported to a network administrator. There is a wide range of IDS, ranging from antivirus software to hierarchical systems that monitor the traffic of an entire network. Types of IDS: The most common classifications are: Network Intrusion Detection Systems (NIDS) Host-Based Intrusion Detection Systems (HIDS) Host-Based Intrusion Detection Systems (HIDS): A system that monitors important files of the operating system is an example of HIDS. Host Intrusion Detection Systems (HIDS) run on individual hosts or devices on the network. A HIDS only monitors packets entering and leaving the device and will alert the user or administrator if suspicious activity is detected. Takes a snapshot of existing system files and matches it with the previous snapshot. If critical system files have been modified or deleted, an alert is sent to the administrator to investigate. An example of using HIDS can be seen on mission-critical machines, which are not expected to change their configuration. Network Intrusion Detection Systems (NIDS): A system that analyzes incoming network traffic is an example of NIDS. Network Intrusion Detection Systems (NIDS) are placed at one or more strategic points within the network to monitor traffic to and from all devices on the network. Performs an analysis of the traffic passing through the entire subnet and associates the traffic transmitted in the subnets with the library of known attacks. Once an attack is identified or anomalous behavior is detected, the alert can be sent to the administrator. Snort is a commonly used tool for network intrusion detection systems. NID systems are also capable of comparingsimilar packet signatures to attach and drop detected malicious packets that have a signature matching records in the NIDS. When we classify the design of NIDS based on the interactivity property of the system, there are two types: on NIDS -line and offline, often referred to as inline and tap mode respectively. The online NIDS deals with the network in real time. It analyzes the Ethernet packets and applies some rules, to decide if it is an onon attack. Offline NIDS takes care of the stored data and passes it through some processes to decide whether it is an attack or not. Techniques used in IDS: It is also possible to classify IDS based on the detection approach, the best known variants are: signature- anomaly based detection (recognition of malicious patterns, such as malware) anomaly based detection (detection of deviations from a "good" traffic model, which is often based on machine learning). Basic signature detection: Signature-based IDS refers to the detection of attacks by looking for specific patterns, such as sequences of bytes in network traffic or sequences of known malicious instructions used by malware.[2] This terminology comes from antivirus software, which refers to these detected patterns as signatures. Although signature-based IDSs can easily detect known attacks, it is impossible to detect new attacks, for which no model is available. Anomaly-based detection: Anomaly-based intrusion detection systems were introduced primarily to detect unknown attacks, partly due to the rapid development of malware. The basic approach is to use machine learning to create a reliable activity model and then compare new behavior to this model. While this approach allows for the detection of previously unknown attacks, it may present false positives and even previously unknown legitimate activities may be classified as malicious. Uses of IDS: Intrusion detection system can be called both computer and network management system. It is a combination of architected devices and software applications with the purpose of detecting malicious activities and policy violations and producing reports about them. The intrusion detection system can monitor a network for any type of abusive, anomalous or malicious activity. It tracks every single malicious or abusive activity. These logs are very important for security professionals to take any action or establish rules against these activities. The logs kept by IDS can be used against an attacker as evidence to take any legal action. Detection Weaknesses Intrusion detection systems often produce false reports of malicious activity. Sometimes this causes real malicious activity to be ignored. One of the key features of most intrusion detection systems is that they operate on encrypted packets. These encrypted packets are complicated to analyze. There are various ways in which attacks can avoid detection by an IDS. The signature based on must be kept up to date. If the signature is too specific, the attack can be modified to avoid detection. Too much traffic to analyze everything.IPSA An Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent intrusions. Intrusion Detection and Prevention Systems (IDPS) primarily focus on identifying possible incidents, recording information about them, and reporting attempts.