عنوان مقاله
مطالعه روش های مورد استفاده در سیستم های تشخیص و پیشگیری از نفوذ (IDPS)
فهرست مطالب
مقدمه
بررسی منابع
روش های IDPS
ارزیابی روش ها
نتیجه گیری
بخشی از مقاله
روش های IDPS
روش های متعدد بسیاری توسط IDPS برای تشخیص تغییرات در سیستم هایی که آن ها پایش می کنند مورد استفاده قرار می گیرند. این تغییرات می توانند شامل تهاجمات خارجی و یا سواستفاده توسط یک پرسنل و کاربر داخلی باشند. در میان روش های بسیار، چهار روش برجسته تر بوده و استفاده فراوانی دارند. چهار سیستم و روش تشخیص مورد استفاده توسط سیستم های تشخیص و پیشگیری از نفوذ (IDPS)، شامل مبتنی بر امضا یا تطبیق الگو، مبتنی بر ناهنجاری، مبتنی بر تجزیه تحلیل الگوی چند تراکنشی و مبتنی بر هیبرید می باشند. جدید ترین سیستم های IDPS از روش های هیبرید استفاده می کنند که ترکیبی از دیگر روش ها با قابلیت های تشخیص و پیشگیری از نفوذ بهتر می باشند.
کلمات کلیدی:
study of Methodologies used in Intrusion Detection and Prevention Systems (IDPS) David Mudzingwa Department of ECIT North Carolina A&T State University Greensboro, NC 27411 Email: dmudzing@ncat.edu Rajeev Agrawal Department of ECIT North Carolina A&T State University Greensboro, NC 27411 Email: ragrawal@ncat.edu Abstract— Intrusion detection and prevention systems (IDPS) are security systems that are used to detect and prevent security threats to computer systems and computer networks. These systems are configured to detect and respond to security threats automatically there by reducing the risk to monitored computers and networks. Intrusion detection and prevention systems use different methodologies such as signature based, anomaly based, stateful protocol analysis, and a hybrid system that combines some or all of the other systems to detect and respond to security threats. The growth of systems that use a combination of methods creates some confusion when trying to choose a methodology and system to deploy. This paper seeks to offer a clear explanation of each methodology and then offer a way to compare these methodologies. Keywords— Intrusion Detection and Prevention Systems (IDPS), Anomaly Based Detection, Signature Based Detection, Stateful Protocol Analysis Based Detection, Hybrid Based Detection. I. INTRODUCTION Intrusion detection and prevention systems (IDPS) have become a valuable tool in keeping information systems secure. IDPS are security tools that are used to monitor, analyse, and respond to possible security violations against computer and network systems. These violations can be a result of break in attempts by unauthorized external intruders trying to compromise the system or internal privileged users miss-using their authority. As the intrusion detection and prevention field continue to evolve and produce new systems, the underlying methodologies are not evolving at the same pace and are slowly being merged together. This creates confusion when trying to understand the detection methodologies that are utilized by newer systems. Past and current work in this area mainly focuses on explaining or improving one or two methodologies. Some works offer an evaluation of one methodology against a proposed a new methodology.
