Combining Anomaly and Signature based Intrusion Detection Systems Essay

Combining Anomaly and Signature based Intrusion Detection Systems - Essay Example The researcher states that the Internet continues to modernize the world’s economy. It is apparently changing the way people live, study, work, participate, and devour. At the hub, of this rebellion is technology. Technology has moved from the "back office" to the leading edge. Namely, the interface between the customer and the organization has changed spectacularly. Increasingly, technology is shifting the organization’s associations with its customers from a "face-to-face" to a "screen-to-face" communication. The Internet is not an  innovation  that concerns only one or two sectors of the economy. Because it revolutionizes the way businesses should prudently  systematize  their activities and go to the market, the Internet affects all economic commotions. Organizations maintain data communication networks for paperless business operations along with enhanced communication. On the other hand, threats and vulnerabilities related to data communication networks ar e significantly increasing. Firewalls are not considered as the only solution because these intelligent viruses and malicious codes tend to pass through it. In order to enable advanced security measures, Intrusion Detections Systems are recommended for corporate networks. The types include network-based IDS, host-based IDS, and software-based IDS. These types are further categorized into signature-based IDS which is also referred as misuse detection, and Anomaly Detection. The functionality of ‘signature-based IDS’ is dependent on known signatures. The word ‘known’ is important because threats that are detecting so far are categorized as known threats and are called signatures. Signature-based IDS only detect threats similar to the defined available signatures and do not comply with any new threat. Whereas, Anomaly-based IDS detect unknown activities within the network and detect them as threats and vulnerabilities. These two IDS types comply with different types of methods, process, and various profiles that are discussed in the next part of this coursework. II. Signature-Based IDS The signature-based IDS analyze and identify specific patterns of attacks that are recognized by raw data that is in terms of byte sequences called strings, port number, protocol types etc. Likewise, apart from the normal operational pattern, signature-based IDS detects any activity that is unusual from previously defined patterns. Moreover, the patterns are monitored with strict control algorithms. The signatures are stored in a signature repository. The prime object of a ‘signature-based IDS’ is to search signatures in order to detect a threat or vulnerability that is similar to antivirus software that also detects viruses. The functionality of IDS is to detect attacks that are initiated directly towards the network. Moreover, IDS tries to identify as many events as possible and therefore generate logs.