Detection type's of Intrusion Detection System (IDS)

-

 

An Intrusion Detection System (IDS) can use various detection methods to identify malicious activities. Here are two common types of IDS detection:

1. Signature-Based Detection

Description:

  • Signature-based detection identifies malicious activity by comparing network traffic or system behavior against a database of known attack patterns or signatures.

Key Points:

  • Signature Database: Uses predefined patterns or signatures of known threats to detect attacks. For example, a signature might match a specific sequence of bytes or a known exploit.
  • Efficiency: Effective at detecting known threats and providing accurate alerts for attacks with well-documented signatures.
  • Limitation: Ineffective against new, unknown threats or variations of known attacks that do not match existing signatures.

Example:

  • Virus Detection: Detects known viruses by matching their specific code patterns or signatures.

2. Anomaly-Based Detection

Description:

  • Anomaly-based detection identifies malicious activity by detecting deviations from established normal behavior or baseline patterns. It flags any activity that significantly deviates from the norm as potentially suspicious.

Key Points:

  • Behavioral Baseline: Establishes a baseline of normal network or system behavior and monitors for deviations from this baseline.
  • Flexibility: Capable of detecting previously unknown or novel attacks by identifying unusual or abnormal patterns of behavior.
  • Limitation: May produce false positives if normal variations in behavior are mistakenly classified as anomalies, requiring fine-tuning of the baseline.

Example:

  • Network Traffic Monitoring: Flags unusual spikes in network traffic or unusual access patterns that deviate from typical usage.

Summary

  1. Signature-Based Detection: Detects known threats by matching patterns against a database of attack signatures.
  2. Anomaly-Based Detection: Detects potential threats by identifying deviations from established normal behavior patterns.


To detect the attack described in the WION news article, where hackers temporarily shut down two advanced telescopes, the appropriate detection types would be:

1. Anomaly-Based Detection

Why It’s Relevant:

  • Behavioral Deviations: Anomaly-based detection is well-suited for identifying unusual behavior or deviations from normal operational patterns. In this case, if the telescopes or their associated network systems were behaving unusually—such as unexpected shutdowns or unusual access patterns—anomaly-based IDS would detect these deviations from the norm.
  • Unknown Threats: Given that the attack involved a new or unknown method of compromise, anomaly-based detection would be able to identify this as suspicious because it would deviate from the expected behavior of the telescopes and their control systems.

Application:

  • Monitoring Telescope Operations: An anomaly-based IDS would monitor the regular operational patterns of the telescopes and flag any abnormal activities, such as unexpected shutdowns or changes in communication patterns, as potential threats.

2. Signature-Based Detection

Why It Might Also Be Relevant:

  • Known Attack Patterns: If the attack used known malware or exploits with established signatures, signature-based detection could identify it by matching the attack against its database of known threats.
  • Detection of Known Threats: If the hackers used known tools or methods to shut down the telescopes, signature-based IDS could potentially detect these based on known signatures of such tools.

Application:

  • Malware Detection: If the attack involved deploying known malware or exploiting known vulnerabilities, signature-based IDS would scan for and detect these threats based on their signatures.

Summary

  • Anomaly-Based Detection: Best suited for detecting the initial indication of the attack by identifying deviations from normal behavior, especially useful for detecting unknown or novel attack techniques.
  • Signature-Based Detection: Useful if the attack involved known malicious tools or techniques with established signatures. It would help in identifying and confirming the specific nature of the attack if it matches known patterns.

In the context of the reported attack on the telescopes, anomaly-based detection would likely be the primary method for identifying unusual activities leading to the shutdowns, while signature-based detection could be used to verify and further analyze the nature of the attack if it involved known malicious software or techniques.

Ulasan

Catat Ulasan

Catatan popular daripada blog ini

SISTEM PENGOPERASIAN KOMPUTER (OS)

-
Imej
Sistem pengoperasian merupakan perisian sistem yang terpenting bagi setiap komputer. OS adalah satu atau lebih atur cara yang mengurus operasi CPU,mengawal input/output dan sumber storan dan aktiviti komputer serta pelbagai servis sokongan seperti pengurusan memori,ruang cakera dan lain-lain. DEFINISI OS Sistem pengoperasian atau operating system (OS) adalah set program-program yang dipasang dalam cakera keras. Tanpa OS, sesebuah komputer tidak dapat beroperasi dengan baik. OS sangat penting kepada komputer: TUGAS SISTEM PENGOPERASIAN I. Mengawal, menyelaras dan mengkoordinasi perkakasan. II. Menyediakan antara muka pengguna (User Interface). III. Membolehkan program aplikasi dipasang untuk kegunaan pengguna. TUJUAN SISTEM PENGOPERASIAN KOMPUTER         I.            Memaksimakan produktiviti sistem komputer dengan pengoperasian yang lebih efiksyen.       II.            Komponen penting sebagai antaramuka sistem di antara pengguna dan perkakasan komputer. FUNGSI-FUNG
Read more »

JENIS-JENIS SISTEM PENGOPERASIAN KOMPUTER

-
Imej
Sistem Pengoperasian terbahagi kepada 4 jenis :- i .  Sistem Berkelompok ii. Sistem Multipengaturcaraan iii. Sistem Perkongsian Masa iv. Sistem Agihan a)Pemprosesan Berkelompok Sistem di luar talian telah mengurangkan masalah pergantungan input output kepada tenaga manusia. Dalam usaha untuk menghapuskan langsung ini, suatu teknik yang tertentu diperlukan bagi membolehkan input output dikendalikan serentak dengan pemprosesan. Teknik ini telah dapat digunakan dengan terciptanya dua perkakas yang dikenali sebagai pemprosesan input output atau saluran dan sampukan. Pemprosesan input output seperti yang telah disebutkan adalah satu peranti yang boleh mengawal satu atau lebih periferal atau ingatan tanpa melalui pemproses pusat. Sampukan pula adalah satu isyarat yang memindahkan kawalan pemproses pusat kepada satu lokasi yang tertentu dan pada masa yang sama juga menyimpan nilai pembilang arahan yang lepas. Justeru itu sampukan akan menyebabkan satu-satu aturcara yang
Read more »

JENIS - JENIS ARAHAN SQL

-
1. DATA DEFINITION LANGUAGE (DDL) Penyataan Data Definition Language atau DDL digunakan untuk menakrifkan dan menguruskan sesuatu jadual. Berikut adalah fungsi penyataan DDL : • Menakrifkan dan mencipta jadual yang  baharu • Menghapuskan jadual yang tidak diingini lagi • Mengubahsuai takrifan pada jadual yang telah diwujudkan Walaupun penyataan DDL lebih kepada pengurusan pembinaan jadual, arahan pembinaan pangkalan data dan arahan untuk memilih pangkalan data yang hendak digunakan juga termasuk dalam penyataan ini. ARAHAN SQL BAGI PENYATAAN DDL Berikut merupakan kata kunci arahan SQL dalam penyataan DDL : Kata kunci Arahan SQL Fungsi CREATE DATABASE Membina pangkalan data yang baharu. USE Memilih pangkalan data yang hendak digunakan. CREATE TABLE Menakrifkan dan membina jadual yang baharu. ALTER TABLE Mengubahsuai struktur jadual yang sedia ada. DROP TABLE
Read more »