Analysis of several famous intrusion detection systems

Source: Internet
Author: User
Tags ossec
Intrusion detection System (IDS) is a network security device that monitors the transmission of the network in real time, alerts when suspicious transmissions are detected, or takes proactive measures. The difference between it and other network security devices is that intrusion detection system is a kind of proactive security protection technology.

The intrusion Detection System (IDS) examines all incoming and emitted network activity and confirms a suspicious pattern that IDS uses to indicate a network attack (or system attack) from someone attempting to enter (or destroy the system). The intrusion detection system differs from the firewall mainly because the firewall is concerned about the intrusion to prevent it from happening. Firewalls restrict access between networks in order to prevent intrusions, but do not send an alert signal to attacks from within the network. IDs can, however, evaluate suspicious intrusions and warn when an intrusion occurs. And IDs can also observe attacks originating from within the system. In this sense, IDs may be doing a more comprehensive job of security. Today we will look at the following five most famous intrusion detection systems.

1.Snort: This is an open source IDs that almost everyone loves, which uses flexible rules-based language to describe communication, combining signatures, protocols, and detection methods for abnormal behavior. It has been updated extremely quickly, becoming the most widely deployed intrusion detection technology in the world and a standard for defensive technology. With protocol analysis, content lookup, and a variety of preprocessor programs, snort can detect thousands of worms, exploit attempts, port scans, and various suspicious behaviors. Note here that users need to check out the free base to analyze snort warnings.

2.OSSEC HIDS: A host-based, open-source intrusion detection system that performs log analysis, integrity checks, Windows Registry monitoring, rootkit detection, real-time alerts, and dynamic, timely responses. In addition to the capabilities of its IDs, it can often be used as a sem/sim solution. Because of its powerful log analytics engine, Internet providers, universities, and data centers are happy to run ossec HIDS to monitor and analyze their firewalls, IDS, Web servers, and authentication logs 3.fragroute/fragrouter: A toolkit to evade network intrusion detection , which is a self-segmented routing program that intercepts, modifies, and rewrites traffic destined for a specific host, and can implement multiple attacks such as INSERT, escape, denial of service attacks, and so on. It has a simple set of rules that can delay the sending of packets destined for a particular host, or copy, discard, fragment, overlap, print, record, source route tracking, and so on. Strictly speaking, this tool is used to help test the network intrusion detection system, but also to assist in testing the firewall, basic TCP/IP stack behavior. Don't misuse this software uh.

4.BASE: Also known as the basic analysis and security engine, base is a PHP-based analysis engine that can search and process security event data generated by a wide variety of IDs, firewalls, and network monitoring tools. Its features include a query generator and find interfaces that can detect warnings for different matching patterns, as well as a packet viewer/decoder based on time, signatures, protocols, statistical graphs of IP addresses, and so on.

5.Sguil: This is a console tool called network security expert monitoring network activity, which can be used for network security analysis. Its main component is an intuitive GUI interface that can provide real-time event activity from Snort/barnyard. Other components are also available to enable event-driven analysis of network security monitoring activities and IDs alerts.

Through the introduction of the above content, I believe that we have a general understanding of the intrusion detection system, science and technology is still progressing, intrusion detection system will continue to evolve.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.