Seminar about "Intrusion Detection in Computer Networks by Multiple Classifier Systems" in FCITR
|
|
Mr.
Mohammaed Rafeeque presented a seminar about "Intrusion Detection in
Computer Networks by Multiple Classifier Systems" in Computing and
Information Technology Faculty at Rabigh on Monday 24/4/2011 at 12:00
noon. The following is the brief of the seminar:
Computer networks
are usually protected against attacks by a number of access restriction
policies that act as a coarse grain filter. Intrusion detection systems
(IDS) are the fine grain filter placed inside the protected network,
looking for known or potential threats in network traffic and/or audit
data recorded by hosts.
Two approaches to
intrusion detection are currently used. The first one, called misuse
detection, is based on attack signatures, i.e., on a detailed
description of the sequence of actions performed by the attacker. This
approach allows the detection of intrusions matching perfectly the
signatures, so that new attacks performed by slight modification of
known attacks cannot be detected.
The second approach
is based on statistical knowledge about the normal activity of the
computer system, i.e., a statistical profile of what constitutes the
legitimate traffic in the network. In this case, intrusions correspond
to anomalous network activity, i.e. to traffic whose statistical profile
deviates significantly from the normal one.
|