Created by Akanksha

Confusion Matrix causing confusion 🤔 while Risk Identification in Security Surveillance of Organizational Network

Phishing Attack
Man in the middle Attack
Session Hijacking Attack
Denial of Service Attack
SQL injection attack
DNS Tunneling Attack
Zero-Day Exploit Attack
Brute Force Attack
Credential Stuffing Attack
Birthday Attack
XSS Attack
Topology of IDS and IPS

👉 IDS :

Detection Method of IDS are:

Signature-based Method:
Signature-based IDS detects the attacks on the basis of the specific patterns such as number of bytes or number of 1’s or number of 0’s in the network traffic. It also detects on the basis of the already known malicious instruction sequence that is used by the malware. The detected patterns in the IDS are known as signatures. Signature-based IDS can easily detect the attacks whose pattern (signature) already exists in system but it is quite difficult to detect the new malware attacks as their pattern (signature) is not known.

Anomaly-based Method:
Anomaly-based IDS was introduced to detect the unknown malware attacks as new malware are developed rapidly. In anomaly-based IDS there is use of machine learning to create a trustful activity model and anything coming is compared with that model and it is declared suspicious if it is not found in model. Machine learning based method has a better generalized property in comparison to signature-based IDS as these models can be trained according to the applications and hardware configurations.

👉 IPS :

Detection method in IPS are:

Signature-based detection:
Signature-based IDS operates packets in the network and compares with pre-built and preordained attack patterns known as signatures.

Statistical anomaly-based detection:
Anomaly based IDS monitors network traffic and compares it against an established baseline. The baseline will identify what is normal for that network and what protocols are used. However, It may raise a false alarm if the baselines are not intelligently configured.

Stateful protocol analysis detection:
This IDS method recognizes divergence of protocols stated by comparing observed events with pre-built profiles of generally accepted definitions of not harmful activity.

Challenges in the IPS & IDS System
Confusion Matrix

--

--

Platform Engineer | Kubernetes | Docker | Terraform | Helm | AWS | Azure | Groovy | Jenkins | Git, GitHub | Sonar | NMAP and other Scan and Monitoring tool

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akanksha Singh

Platform Engineer | Kubernetes | Docker | Terraform | Helm | AWS | Azure | Groovy | Jenkins | Git, GitHub | Sonar | NMAP and other Scan and Monitoring tool