Intruder detection

Intruder detection

In information security, intruder detection is the art of detecting intruders behind attacks as unique persons. This techniques try to identify the person analyzing their computational behaviour.

This concept is not yet very extended and tend to be confused with Intrusion Detection (also known as IDS) techniques which are the art of detecting intruder "actions".

Theory

Intruder Detection Systems (See Intruder detection#Translation Confusion) try to detect whom is attacking a system analyzing his computational behaviour or biometric behaviour.

Some of the parameters used to identify a person

* Keystroke Dynamics (aka keystroke patterns, typing pattern, typing behaviour)
* Patterns using an interactive command interperter:
** Commands used
** Commands sequence
** Accessed directories
** Character deletion
**
* Patterns on the network usage:
** IP address used
*** ISP
*** Country
*** City
** Ports used
** TTL analysis
** Operating system used to attack
** Protocols used
** Connection times patterns

Keystroke dynamics

Keystroke dynamics is paramount in Intruder Detection techniques because is the only parameter that has been classified as real 'behavioural biometric pattern'.

Keystroke Dynamics analyze times between keystrokes issued in a computer keyboard or cellular phone keypad searching for patterns. First techniques used statistics and probability concepts like 'standard deviations' and 'Mean', later approaches use data mining, neural networks, Support Vector Machine, etc.

There are numerous papers on this topic.

History

Some other earlier works reference the concept of Intruder Autentication, Intruder Verification, or Intruder Classification, but the Si6 project Si6#Paranoid was one of the first projects to deal with the full scope of the concept.

Translation confusion

There is a confusion with the Spanish translation of 'Intrusion detection system', also known as IDS. Some people translate it as 'Sistemas de Detección de Intrusiones', but others translate it as 'Sistemas de Detección de Intrusos'. Only the former is correct.

See also

*Intrusion Detection
*Intrusion-detection system
*Biometrics

External links

* [http://lcamtuf.coredump.cx/p0f.shtml P0f OS fingerprinting tool]
* [http://www.citefa.gov.ar/SitioSI6_EN/si6.htm Si6 Paranoid Proyect]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать курсовую

Look at other dictionaries:

  • intruder —    An unauthorized user of a computer system, usually a person with malicious intent.    See also cracker; firewall; hacker; Intrusion Detection System …   Dictionary of networking

  • Diver Detection Sonar — (DDS) systems are sonar and acoustic location systems employed underwater for the detection of divers and submerged swimmer delivery vehicles (SDVs). The purpose of this type of sonar system is to provide detection, tracking and classification… …   Wikipedia

  • Intrusion detection — In Information Security, intrusion detection is the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource. When Intrusion detection takes a preventive measure without direct human… …   Wikipedia

  • A-6 Intruder — Infobox Aircraft name = A 6 Intruder type = Attack aircraft manufacturer = Grumman caption =The A 6E Intruder designer = first flight = 19 April 1960 introduced = 1963 retired = 1997 primary user = United States Navy more users = United States… …   Wikipedia

  • Intrusion detection system — An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.[1] Some systems may attempt to stop …   Wikipedia

  • minimum line of detection — The closest distance at which the approach of hostile aircraft must be detected to successfully intercept them before they reach their weapon release line. This line is the function of one’s own reaction time, the speeds of the intruder and one’s …   Aviation dictionary

  • Host-based intrusion detection system — A host based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses the internals of a computing system rather than on its external interfaces (as a network based intrusion detection system (NIDS) would do) …   Wikipedia

  • Intrusion Detection System —    Abbreviated IDS. A software package designed to detect specific actions on a network that are typical of an intruder or that might indicate an act of corporate espionage. An IDS package monitors the network or the server for specific attack… …   Dictionary of networking

  • Private security industry in South Africa — The private security industry in South Africa is a complex and vast entity that includes multiple disciplines. Many credit the rise of the Security Industry with the high crime and resultant paranoia after the first democratic elections in 1994.… …   Wikipedia

  • Si6 — is the codename of the Laboratorio de Investigación y Desarrollo en Seguridad Informática (Information Security Research and Development Laboratory) of the Argentine CITEFA ( Instituto de Investigaciones Científicas y Técnicas de las Fuerzas… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”