The current intrusion detection system can prevent hacker attacks in a timely manner, right?

The current intrusion detection system can prevent hacker attacks in a timely manner, isn't it right? An intrusion detection system is a network security device that monitors network transmissions in real time and issues an alarm or takes proactive response measures when suspicious transmissions are discovered.

#Currently the intrusion detection system can prevent hacker attacks in a timely manner, that’s not right.

(Related recommendations: Server Security)

What is an intrusion detection system?

An intrusion detection system (IDS) is a network security device that monitors network transmissions in real time and issues alarms or takes proactive response measures when suspicious transmissions are discovered. What makes it different from other network security devices is that IDS is a proactive security protection technology.

IDS first appeared in April 1980. In the mid-1980s, IDS gradually developed into Intrusion Detection Expert System (IDES). In 1990, IDS differentiated into network-based IDS and host-based IDS. Later, distributed IDS appeared. At present, IDS is developing rapidly, and some people have claimed that IDS can completely replace firewalls.

Security strategy:

The intrusion detection system is divided into two modes based on the behavior of intrusion detection: anomaly detection and misuse detection. The former must first establish a model of the normal behavior of system access. Any visitor behavior that does not conform to this model will be judged as an intrusion; the latter, on the contrary, must first summarize all possible adverse and unacceptable behaviors and establish a model. Any visitor behavior that conforms to this model will be judged as an intrusion.

The security strategies of these two modes are completely different, and they each have their own strengths and weaknesses: the false negative rate of anomaly detection is very low, but behaviors that do not conform to normal behavior patterns are not necessarily malicious attacks. , so this strategy has a higher false positive rate; misuse detection has a lower false positive rate because it directly matches the unacceptable behavior pattern of the comparison anomaly. However, malicious behaviors are ever-changing and may not be collected in the behavior pattern library, so the false negative rate is very high. This requires users to formulate strategies and select behavior detection modes based on the characteristics and security requirements of the system. Now users adopt a strategy that combines the two modes.

The above is the detailed content of The current intrusion detection system can prevent hacker attacks in a timely manner, right?. For more information, please follow other related articles on the PHP Chinese website!