Article | REF: H5840 V1

Intrusion detection and analysis

Author: Hervé DEBAR

Publication date: October 10, 2004 | Lire en français

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

Automatically translated using artificial intelligence technology (Note that only the original version is binding) > find out more.

A | A

2. Analysis technologies

2.1 Scenario-based detection

Scenario-based detection is based on accumulated knowledge of attacks and specific vulnerabilities in information systems, operating systems and applications. The intrusion detection system contains information on these vulnerabilities and searches for attempts to exploit them. When such an attempt is detected, an alert is generated.

In other words, any action that is not explicitly identified as a misuse of the information system is considered acceptable. Note that scenario-based detection covers more than just known attacks. A security policy can explicitly declare events as "undesirable" without any associated vulnerability. For example, certain protocols such as SNMP can be banned from a network regardless of any vulnerability....

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors

+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year

From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Security of information systems

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
Analysis technologies

Previous
page Context

Data sources

Bibliography

References

(1) - WOOD (M.), ERLINGER (M.) - Intrusion Detection Message Exchange Requirements. - IETF (22 oct. 2002). http://www.ietf.org/internet-drafts/draft-ietf-idwg-requirements-10.txt
...

Organizations

Internet Engineering Task Force (IETF) http:/www.ietf.org

Intrusion Detection Exchange Format Working Group (IDWG) http://www.ietf.org/html.charters/idwg-charter.html

NSS Group

Software

Snort http://www.snort.org

Stide (Sequence Time-Delay Embedding) http://www.cs.unm.edu/~immsec/systemcalls.htm

Nessus http://www.nessus.org

...

Databases

Snort Signature Database http://www.snort.org/snort-db

Bugtraq http://www.securityfocus.com/bid

Common Vulnerabilities and Exposures (CVE) http://cve.mitre.org

...

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors

+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year

From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

Outline
Full outline