ABSTRACT
Intrusion, in the context of information systems, is a violation of established rules as to data access, where the violation may pertain to either reading or modifying protected data. Information systems are defended by dedicated traffic analysis systems designed to detect and hopefully block intrusions. Intrusion Detection and Prevention Systems (IDPSs) are broadly classified into four types of systems, namely, network-based, host-based, network behavior analysis, and wireless. The sensors are essential components in the intrusion detection process, with their function being to recognize the occurrence of potentially harmful events. The processor collects recorded activities provided by the sensors and agents and correlates them in the search for malware identification or abnormal situations. Information acquisition is done by the sensors, which provide the initial processing before forwarding the results to the IDPS processor. The intrusion detection techniques can be classified into three categories, respectively named: signature-based detection, anomaly-based detection, and stateful protocol analysis.
