ABSTRACT
An intrusion–detection system (IDS) monitors networks and computer systems for signs of intrusion or misuse. The IDSs work in the background, continuously monitoring network traffic and system log files for suspicious activity. The Intrusion analysis can be categorized into three main classes: signature, statistical, and integrity. Signature analysis looks for specific attacks against known weak points of a system. The majority of commercial IDS products work by examining network traffic and looking for well–known patterns of attack. Statistical–intrusion analysis involves observing deviations from a baseline of normal system usage patterns. Integrity analysis identifies whether a file or object has been altered. Errors will occur and can be categorized as false positives, false negatives, or subversion. False positive errors are a real issue with IDS technology because they cause users to ignore alerts. False negative errors are even more serious than false positive errors because they provide a false sense of security. The application–intrusion detection monitors information at the application level.
