Please enable JavaScript.
Coggle requires JavaScript to display documents.
3.7 IDS Framework ,Signature and Tools (IDS Signatures (Signature…
3.7 IDS Framework ,Signature and Tools
IDS framework
The proposed framework(layered model) for the IDS are numbered,starting from the Collection layer (layer1) and each layer represents a group of specific tasks performed by agents specialized in the function of the layer.
-
-
IDS Tool
Software
*Snort-Snort is a NIDS based on lipcap,performs packet sniffing and works as a logger
BlackICE- Consists of an intrusion detection system the warns of attacks and resist threats against the system
-
IDS Signatures
-
A signature is a rule that examines a packet or series of packets for certain contents,such as matches on packet header or data payload information
Signatures are heart of the Cisco network -based IDS solution.This section focuses on signatures and their implementation
It is important to point out that it is not necessarily the number of signatures that makes an IDS signature-based solution good.
Instead,it is the flexibility of the signatures in detecting in detecting an attack
-
-