Bilkent University
Department of Computer Engineering


Intrusion Detection Methodologies


Muhammet Kabukçu
MSc. Student
Computer Engineering Department
Bilkent University

Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Incidents have many causes, such as malware (e.g., worms, spyware), attackers gaining unauthorized access to systems from the Internet, and authorized users of systems who misuse their privileges or attempt to gain additional privileges for which they are not authorized. Although many incidents are malicious in nature, many others are not; for example, a person might mistype the address of a computer and accidentally attempt to connect to a different system without authorization. An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. Many IPSs can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack’s content. This survey will discuss the principles of IDS and IPS technologies. IDS and IPS technologies use many methodologies to detect incidents. These methodologies and shortcomings of these methodologies are discussed.


DATE: 19 April, 2010, Monday @ 16:30