This chapter presents network intrusion detection systems (NIDSs)—the foundation models, the technologies employed most commonly, and the methodologies that are adopted—and discusses their benefits and limitations. Moreover, it provides the reader with a sense of the technological evolution of NIDSs, presenting the issues that are still unresolved, as well as some relevant research efforts. The chapter begins with a description of the two basic network intrusion detection models—anomaly and misuse detection—followed by an analysis of signatures and their management, signature-based NIDS features, and active response mechanisms. The next section takes into account the evolution of NIDS technology from mechanisms based on string matching to the analysis of application protocols. Handling application protocols represents an important advancement toward a better semantic awareness of intrusion detection systems, a technological trend that could bring significant improvements to future generation of NIDSs. The chapter then presents the limitations of signature-based mechanisms by introducing some of the most common techniques for evading them. The issue of testing NIDSs is then described together with some testing guidelines and criteria. In the next section, architectural options for NIDSs deployment are discussed along with management issues that complex environments should take into account. Then, some economic considerations are presented— a reliable estimate of costs and benefits of NIDSs represents a necessary analysis that must drive the choice of solutions. The final section presents some significant research efforts in the field of network intrusion detection. The difficulties posed by detecting intrusions at the application level and the introduction of systems that integrate intrusion detection with other security features are discussed. Another aspect related to integration is the possible convergence between anomaly-based and signature-based techniques, which might prove effective for some application environments. In conclusion, novel requirements that mobile wireless networks exhibit with respect to intrusion detection are introduced.
Network-based intrusion detection systems / Marco Cremonini - In: Handbook of information security : threats, vulnerabilities, prevention, detection and management : v. 3 / Hossein Bidgoli, editor. - [s.l] : John Wiley & sons, 2006 Feb. - ISBN 0471648337. - pp. 29-33
Network-based intrusion detection systems
M. Cremonini
2006
Abstract
This chapter presents network intrusion detection systems (NIDSs)—the foundation models, the technologies employed most commonly, and the methodologies that are adopted—and discusses their benefits and limitations. Moreover, it provides the reader with a sense of the technological evolution of NIDSs, presenting the issues that are still unresolved, as well as some relevant research efforts. The chapter begins with a description of the two basic network intrusion detection models—anomaly and misuse detection—followed by an analysis of signatures and their management, signature-based NIDS features, and active response mechanisms. The next section takes into account the evolution of NIDS technology from mechanisms based on string matching to the analysis of application protocols. Handling application protocols represents an important advancement toward a better semantic awareness of intrusion detection systems, a technological trend that could bring significant improvements to future generation of NIDSs. The chapter then presents the limitations of signature-based mechanisms by introducing some of the most common techniques for evading them. The issue of testing NIDSs is then described together with some testing guidelines and criteria. In the next section, architectural options for NIDSs deployment are discussed along with management issues that complex environments should take into account. Then, some economic considerations are presented— a reliable estimate of costs and benefits of NIDSs represents a necessary analysis that must drive the choice of solutions. The final section presents some significant research efforts in the field of network intrusion detection. The difficulties posed by detecting intrusions at the application level and the introduction of systems that integrate intrusion detection with other security features are discussed. Another aspect related to integration is the possible convergence between anomaly-based and signature-based techniques, which might prove effective for some application environments. In conclusion, novel requirements that mobile wireless networks exhibit with respect to intrusion detection are introduced.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
