Classification
- Network-based intrusion prevention system (NIPS): monitors the
entire network for suspicious traffic by analyzing protocol activity. - Wireless intrusion prevention system (WIPS): monitor a wireless
network for suspicious traffic by analyzing wireless networking
protocols.
Network behavior analysis (NBA): examines network traffic to identify
threats that generate unusual traffic flows, such as distributed denial
of service (DDoS) attacks, certain forms of malware and policy
violations. - Host-based intrusion prevention system (HIPS): : an installed
software package which monitors a single host for suspicious activity by
analyzing events occurring within that host.
Detection methods
- Signature-based detection: Signature-based IDS monitors packets in
the Network and compares with pre-configured and pre-determined attack
patterns known as signatures. - Statistical anomaly-based detection: An IDS which is anomaly-based
will monitor network traffic and compare it against an established
baseline. The baseline will identify what is “normal” for that network –
what sort of bandwidth is generally used and what protocols are used.
It may however, raise a False Positive alarm for legitimate use of
bandwidth if the baselines are not intelligently configured. - Stateful protocol analysis detection: This method identifies
deviations of protocol states by comparing observed events with
“pre-determined profiles of generally accepted definitions of benign
activity”.