Network Security Principles and Practices

The Process of Detecting Intrusions

So far, you have read a detailed discussion of the various types of attacks. We have also looked at some specific examples of attacks. Now we will look at the general theory behind how such attacks can be prevented and how network intrusions (that is how most of these attacks are classified) can be detected. This builds our path to the more specific discussion of setting up Cisco's IDS in the next chapter.

Two main ways of detecting intrusion are generally used in today's networks:

Statistical anomaly-based IDS
Pattern matching or signature-based IDS

Statistical anomaly-based IDS relies on establishing thresholds for various types of activity on the network, such as how many times a certain command is executed ...

Get Network Security Principles and Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Security Principles and Practices by Saadat Malik

The Process of Detecting Intrusions

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly