blog




  • Essay / IDS - 1093

    Anomaly-based IDS vs Abuse-based IDSAnomaly and abuse-based systems are used to detect attacks or any suspicious behavior in the network. These systems are somewhat similar in functionality to host-based and network-based systems. Anomaly-based and abuse-based systems are clearly known as baseline-based and signature-based IDS, respectively.Fig. Anomaly-based IDS. [1]Anomaly-based IDS: These types of IDS systems operate on either the baseline or another type of standard. These systems are often called behavior-based systems or statistics-based IDS. When services deviate from the baseline, the system detects an attack. The system is often referred to as anomalous because most of the time it can detect suspicious activity on the network. The 3 types of basic detection mechanism for an anomaly-based system.1. Neural networks → Neutral networks are based on the probability of pattern recognition.2. Statistical Analysis → The statistical analysis approach is based on the divergence of normal user behavior based on the modeling model.3. State Change Analysis → The state change analysis system is based on the divergence from normal system behavior based on system state modeling. The principle of operation of anomaly-based IDS systems: Anomaly-based IDS is also called basic IDS system. The data inspection task is performed according to the task list configuration and saved in the system which decides whether the user is an authorized user or not. Privileges or rights constitute the basis of the attack detection mechanism of IDS systems. The rules described are as follows: Other users' home directories should be hidden from current users using the...... middle of paper... ...provides rapid detection and review.The system is easy to understand and simple to use. The configuration is easily deployable and applies to the system without requiring any special skills. The configuration is also updated easily and frequently. False positive results are also comparatively very low for this mechanism. Disadvantages of misuse-based IDS: Attacks that are unknown and never discovered cannot be detected by this system. The provider side providing such an IDS mechanism must keep the database up to date and must frequently release updates to customers in need using this system. As system flaws and vulnerabilities will always increase, it is difficult to build such an efficient database. Complex communications cannot be tracked or understood by this type of system, so in the event of a multiple attack, this type of IDS system is ineffective.