Introduction:
This paper describes about a metric-based approach which will help Real-Time systems to get the best facilities by making use of best intrusion detection system. This metric-based approach addresses all real-time and distributed processing issues. Also, this paper discussed about the metric scorecard to test 3 commercial intrusion detections systems.
Intrusion Detection Systems:
Always Intrusion detection systems checks the effectiveness of other access controls and by this provides defense-in-depth. ID’s detects both internal misuse of computer and network resources and also external attacks. ID technologies always points to a soft real-time problems. To prevent the damages from intrusion there is a severe need that arrived data must be analyzed and alerts must be issued in equal intervals of time. Besides, IDs considers the needs of real-time and distributed system before providing protection to those.
IDs must not disturb system performance. IDS are classified into three types signature-based, anomaly-based and hybrid based on the corresponding detection mechanisms. Anomaly-based or behavior-based IDS are helpful to detect behavior which is inconsistent with normal behavior. Anomaly-based IDS generates a suspicious activity alert when it detects hundreds of login within a few seconds. A signature-based ID detects patterns in network traffic. Signature-based IDS are also known as “misuse-based” or “knowledge-based” IDS. A hybrid IDS uses either series or parallel technologies. Based on monitoring scope IDS are characterized further. IDs that monitors one or more or both hosts in a network. IDS monitors a network collects and also analyzes the packets from network.
Conclusions:
Information security services frequently have conflicts with the highly distributed and real-time systems performance. These systems grow more complex and constrained. These issues can be overcome by intrusion detection. Intrusion detections assure integrity by keeping it clear whenever access controls have failed. This paper also proposed a testing technology to test ID products as per user-definable and dynamically-changing standards.
Its a good approach but I think intruders, spywares and spammers will never stop at anything. They keep on updating their spywares for all systems. Is there any ultimate solution to it?
Regards
.S-