Intrusion detection dates back to the early 1980s and the pioneering work of Dorothy Denning and Peter Neumann.Research into IDS was driven largely by the U.S. government,which sought to protect confidential assets from internal users.This is a vital distinction because threats were defined more by misbehaving or internal users and not external attackers. At that time, all attacks were essentially insider attacks.
Many concepts behind the first IDS remain relevant today. The goal was to build rules that reveal suspicious behavior and identify deviations from normal baselines. They relied heavily on establishing baselines and finding anomalies by analyzing audit logs at the host level.Today, IDS is deployed on the host or the network, with host-based IDS monitoring a single host and network-based IDS monitoring the entire network. The two dominant detection models are signature-based and anomaly-based.First introduced in antivirus technology, signatures detect attacks by looking for specific patterns, such as distinct byte sequences in network traffic or malicious code used by malware.
Deze whitepaper is alleen in het Engels verkrijgbaar. Wilt u een toelichting in het Nederlands?
Bezoek dan onze Access42
stand, u kunt ons vind bij standnr. D01.059.