sahel1389
New member
- Joined
- Nov 3, 2013
- Member Type
- Student or Learner
- Native Language
- Persian
- Home Country
- Iran
- Current Location
- Iran
Nowadays, with the development of computer networks, computer attacks are also growing. Therefore, a major challenge for the most organizations is security problems. In order to have an immune system, many security mechanisms such as firewalls, intrusion detection systems, intrusion prevention systems and etc, are used by security administrators. Intrusion detection systems can be grouped into anomaly detection and misuse detection systems. The main advantage of the anomaly detection systems is that they don’t require any prior knowledge of possible intrusions, thus, are able to identify any new virus attack, zero-day attacks, unknown system faults, and potential threats to the system.In the misuse detection techniques there is a knowledge database of existing attacks. If network traffic is consistent with this pattern, it detects as an attack. One major drawback of misuse detection techniques is that the intrusion must be known in advance to be identified. Thus, any new intrusion, such as a new type of viruses will be unidentified by the misuse detection techniques. Generally, due to high volume and low quality of alerts generated by IDSs, their analysis is virtually impossible for a network administrator. To address this problem, an efficient method for the analysis and alert correlation is required. Alert correlation is a multi-stage process. It is the process of finding relationship between alerts and aggregates them in order to improve the quality of information while reducing the number of alerts.
I want you to show me my mistakes. I'll be grateful for your advice.
Thanks in advance.
I want you to show me my mistakes. I'll be grateful for your advice.
Thanks in advance.
Last edited: