Home  >  Article  >  What can intrusion detection systems be classified according to the source of detection data?

What can intrusion detection systems be classified according to the source of detection data?

王林
王林Original
2020-12-04 15:18:058260browse

According to the source of detection data, intrusion detection systems can be divided into network-based IDS and host-based IDS. An intrusion detection system is a network security device that monitors network transmissions in real time and issues an alarm or takes proactive response measures when suspicious transmissions are discovered.

What can intrusion detection systems be classified according to the source of detection data?

The operating environment of this tutorial: Windows 7 system, Dell G3 computer.

According to the source of detection data, intrusion detection systems (IDS) can be divided into network-based IDS and host-based IDS.

What is an intrusion detection system?

An intrusion detection system (IDS) is a network security device that monitors network transmissions in real time and issues alarms or takes proactive response measures when suspicious transmissions are discovered. What makes it different from other network security devices is that IDS is a proactive security protection technology. IDS first appeared in April 1980. In the mid-1980s, IDS gradually developed into Intrusion Detection Expert System (IDES). In 1990, IDS differentiated into network-based IDS and host-based IDS. Later, distributed IDS appeared. At present, IDS is developing rapidly, and some people have claimed that IDS can completely replace firewalls.

IETF divides an intrusion detection system into four components:

Event generators (Event generators), whose purpose is to obtain events from the entire computing environment, and provide this event to other parts of the system.

Event analyzers (Event analyzers), which obtain data after analysis and generate analysis results.

Response units (Response units) are functional units that react to the analysis results. They can make strong reactions such as cutting off connections and changing file attributes, or they can simply alarm.

Event databases (Event databases) Event database is the collective name for the place where various intermediate and final data are stored. It can be a complex database or a simple text file.

php中文网 provides a large number of free, high-definition, original programming videos, I believe you will be satisfied. (Security tutorial recommendation: Server Security)

The above is the detailed content of What can intrusion detection systems be classified according to the source of detection data?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn