- access to a system without authorization, attempt to cracking.
- security service that monitors and analyzes system events for the purpose to finding & providing real-time or near real-time warning of attempts to access system resources.
a)Host-based IDS: monitor single host activity
b)Network-based IDS: monitor network traffic
:: 3 Types Of IDS
a) Host IDS - specialized software to monitor system activity to
detect suspicious behavior
- anomaly detection - defines normal/expected behavior
- signature detection - defines proper behavior
b)Network IDS - monitor traffic at selected points on a network
in (near) real time to detect intrusion patterns; may examine network, transport and/or application level protocol activity directed toward systems. it comprises a number of sensors
3) Distributed IDS
- the monIDS monitoring module was developed. It collects and publishes the information generated by a local instrusion detection engine
- specialized IDS Agent is running on the MonALISA service and in case of an alert it takes custom reactive actions & also broadcasts the alert in its communication group.
- the attacking hosts are dynamically moved in a black-list based on the attacks level and the frequencies of them.
- A periodical report containing the intrusion alerts is generated and sent to the farm administrator.