Читать книгу Artificial Intelligence and Data Mining Approaches in Security Frameworks - Группа авторов - Страница 33
2.5.1.1 Network-Based IDS
ОглавлениеComputer networks have been targeted by enemies and criminals because of their progressively dynamic roles in modern societies. It is very important to find the best possible solutions for the sake of protection of our systems. Various techniques of intrusion prevention like programming errors avoidance, protection of information using encryption techniques and biometrics or passwords (Zhan et al., 2005) can be used as a first line of security. By using intrusion prevention technique as the only protection measure, our system is not 100% safe from combat attacks. To provide an additional security for computer system, the above-mentioned techniques are used. Various resources like accounts of users, their file systems and the system kernels of a target system must be protected by an intrusion detection system. For network-based intrusion detection systems, data source is the network packets. To listen and analyse network traffic as the packets travel across the network, the network-based intrusion detection system (NIDS) makes use of a network adapter. A network-based intrusion detection system is used to generate alerts for the detection of an intrusion which is outside of the boundary of its enterprise.
Advantages
Following are the advantages of a Network-Based IDS:
1 They can be made invisible to improve the security against attacks.
2 Large size of networks can be monitored by network-based IDS.
3 This IDS can give better output deprived of upsetting the usual working of a network.
4 It is easy to fit in an IDS into an existing network.
Limitations
Limitations of Network-Based IDS are as follows:
1 Virtual private networks encrypted information cannot be analysed with network-based IDS.
2 Successful implementation of network-based IDS is based on the intermediate switches present in the network.
3 Network-based IDS would be unstable and crash when the attackers splinter their packets and release them.
