Français
2. Analysis technologies
2.1 Scenario-based detection
Scenario-based detection is based on accumulated knowledge of attacks and specific vulnerabilities in information systems, operating systems and applications. The intrusion detection system contains information on these vulnerabilities and searches for attempts to exploit them. When such an attempt is detected, an alert is generated.
In other words, any action that is not explicitly identified as a misuse of the information system is considered acceptable. Note that scenario-based detection covers more than just known attacks. A security policy can explicitly declare events as "undesirable" without any associated vulnerability. For example, certain protocols such as SNMP can be banned from a network regardless of any vulnerability....
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Analysis technologies
Data sources
Bibliography
References
- (1) - WOOD (M.), ERLINGER (M.) - Intrusion Detection Message Exchange Requirements. - IETF (22 oct. 2002). http://www.ietf.org/internet-drafts/draft-ietf-idwg-requirements-10.txt
- ...
Organizations
Internet Engineering Task Force (IETF) http:/www.ietf.org
Intrusion Detection Exchange Format Working Group (IDWG) http://www.ietf.org/html.charters/idwg-charter.html
Software
Snort http://www.snort.org
Stide (Sequence Time-Delay Embedding) http://www.cs.unm.edu/~immsec/systemcalls.htm
Nessus http://www.nessus.org
...
Databases
Snort Signature Database http://www.snort.org/snort-db
Bugtraq http://www.securityfocus.com/bid
Common Vulnerabilities and Exposures (CVE) http://cve.mitre.org
...
The Ultimate Scientific and Technical Reference
