Network-Based Intrusion Detection Systems
Marco Cremonini, University of Milan, Italy
This chapter focuses on the characteristics of network-based intrusion detection systems (NIDSs). NIDSs collect data from packets in transit on a network segment for the purpose of identifying and preventing inappropriate network uses. NIDSs have several fundamental functional components:
- Source of observed events: The source-of-event information used to determine whether an intrusion has taken place. The most common sources are recorded from an individual computer system (in host-based IDSs) or by capturing network packets in transit (in network-based IDSs). ...