Please enable JavaScript.
Coggle requires JavaScript to display documents.
Intrusion Detection - Coggle Diagram
Intrusion Detection
Intruders
cyber criminals
activists
state-sponsored orgs
others
skill levels
apprentice
journeyman
master
IDS
3 components
sensors
analyzers
user interface
host-based IDS (HIDS)
monitors characteristics of single host for sus activity
network-based IDS (NIDS)
monitors network traffic for network segments or devices for sus activity
distributed or Hybrid IDS
base-rate fallacy
NIDS
typically located in perimeter infrax
just inside the external firewall
types of network sensor
inline
passive
monitors a copy of traffic
detection techniques
signature detection
anomaly detection
stateful protocol analysis
analysis approaches
anomaly detection
statistcal
knowledge-based
machine learning
signature or heuristic detection
HIDS
can detect both external and internal intrustions
common data sources
system calls
audit records
file integrity checksums
registry access