Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of IDS and can also attempt to stop possible incidents. This paper provides an overview of IDPS technologies. It explains the key functions that IDPS technologies perform and the detection methodologies that they use. Next, it highlights the most important characteristics of each of the major classes of IDPS technologies. The paper also discusses various types of IDPS security capabilities, technology limitations and challenges.
[1]
G. G. Stokes.
"J."
,
1890,
The New Yale Book of Quotations.
[2]
Dorothy E. Denning,et al.
An Intrusion-Detection Model
,
1987,
IEEE Transactions on Software Engineering.
[3]
Michael I. Jordan,et al.
Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint
,
2001
.
[4]
Stephen Northcutt.
Inside Network Perimeter Security
,
2005
.
[5]
S. E. Smaha.
Haystack: an intrusion detection system
,
1988,
[Proceedings 1988] Fourth Aerospace Computer Security Applications.
[6]
Karen A. Scarfone,et al.
Guide to Intrusion Detection and Prevention Systems (IDPS)
,
2007
.