ABSTRACT
Intrusion detection systems play an important role in filtering out all the known malicious content inside the network and watch into every nook and corner of the organization where it installs. Intrusion detection is a tool that monitors known malicious activities and potential malicious activities in the ingress network. It provides defense-in-depth by securing the computer network. However, sometimes these tools are also not enough to stop the malicious activities from compromising the network. It is because of the attacker’s updated techniques that evade the network securities easily. This chapter reveals the in-depth knowledge of network forensics and its classification. It helps to make understand the different types of network forensics and their classification. It also helps to understand payloads and their classification. It helps in building the concepts of signature- and anomaly-based detection systems. Further, it compares signature- and anomaly-based detection systems and shows differences between them. It also classifies the detection-based systems into network-based, host-based, and physical-based detection and provides the detailed concepts related to the detection systems and thereafter the prevention system. This chapter shows different types of network clues and their classification, and also provides in-depth knowledge of signature-based classification and the meaning of ensemble and ensemble-based classification. It also explains the term deep packet investigation and its various analysis classifications.
