Intrusion Detection Systems Basics
Peng Ning, North Carolina State University
Sushil Jajodia, George Mason University
Intuitively, intrusions in an information system are the activities that violate the security policy of the system, and intrusion detection is the process used to identify intrusions. Intrusion detection has been studied for more than 20 years since Anderson's report (Anderson, 1980). It is based on the beliefs that an intruder's behavior will be noticeably different from that of a legitimate user and that many unauthorized actions will be detectable.
Intrusion detection systems (IDSs) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second ...