jess LAND
        Sponsored by:       
One eSecurity
JISK Knowledgebase >>    About    News    Essentials    Architecture    FWs    IDS/IPS    Honeypots    Malware    Forensics   
  +  JSS Home    Projects    JSS Community    Events    News    Docs    About    Contact .


Intrusion Detection & Prevention

Content Leader: Jess Garcia - Last Updated: February 5, 2007


Intrusion Detection

What is Intrusion Detection?

Definition by Dirk Lehmann (Siemens CERT), taken from the SANS IDS FAQ:

  • ID stands for Intrusion Detection, which is the art of detecting inappropriate, incorrect, or anomalous activity. ID systems that operate on a host to detect malicious activity on that host are called host-based ID systems, and ID systems that operate on network data flows are called network-based ID systems.

    Sometimes, a distinction is made between misuse and intrusion detection. The term intrusion is used to describe attacks from the outside; whereas, misuse is used to describe an attack that originates from the internal network. However, most people don't draw such distinctions.

    The most common approaches to ID are statistical anomaly detection and pattern-matching detection.

IDS / IPS Resources

  • General Information
  • Tools
  • Articles, Papers & Presentations
  • For a list of IDS/IPS papers and presentations, check
  • Books
  • See a list of IDS/IPS Books here.
  • Online Publications & Newsletters
  • Coming soon...
  • Mailing Lists
  • Webcasts
  • Coming Soon...
  • IDS/IPS Conferences
  • Training
  • Websites
  • Coming Soon...

Copyright © 2000-2008 Jessland - Jess Garcia's Website - All rights reserved.