ABSTRACT

An intrusion detection system (IDS) could be defined as one of the security mechanisms that rely on monitoring and detection of attacks against information systems. The typical task of an IDS system could be, for example, detection of attacks targeted to blocking computer or service (DoS, denial of service), attempt of access to non-authorized resources, and installation of software-like worms or trojans. To locate our experiments within a general pattern of intrusion detection, we start from a presentation of the fundamentals of IDS models and approaches. Thus, intrusion detection systems could be classified according to three main criteria:

11.1 Intrusion Detection System Definition ................................................................................. 259 11.1.1 Source of Analyzed Information ..............................................................................260 11.1.2 Way of Analysis ........................................................................................................260 11.1.3 Reaction to Attack ....................................................................................................260