Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

5. Intrusion Monitoring and Detection > Traffic Monitoring - Pg. 102

102 Chapter 4 Misuse detection Normal if not attack Known attacks Define Define Normal behavior Suspicious if not normal Anomaly detection Figure 4.5: Misuse detection and anomaly detection. and evasive; attackers might try to confuse IDS with fragmented, encrypted, tunneled, or junk packets; an IDS might not react to an incident in real time or quickly enough to stop an attack; and incidents can occur anywhere at any time, which necessitates continual and extensive monitoring, with correlation of multiple distributed sensors. Host-Based Monitoring