Intrusion Prevention System (IPS) Detection Methods


There are four detection method that are commons amongst most Intrusion protection systems (IPS).  Theses methods are known as Signature, Policy, Anomaly, and Reputation based detection.

Signature-based detection is a set of rules used to identity intrusive activity. Sensors scan IP packets referencing existing signatures to detect known attacks and respond with predefined actions. Signatures must be must be tuned to reduce false positives or from preventing legitimate traffic from entering the network. Signatures-based IPS should be vulnerability-focused and not exploit-focused.

Policy based detection identifies actions that are opposing to traffic policies. These policies are predefined by the network security administrator. Policy-based detection typically do not look for malicious or abnormal behavior.

Anomaly based detection looks for abnormal statistical and protocol behaviors. Statistical baseline generally focuses on traffic patterns, traffic mix, and traffic volume. Protocol baseline focuses on traffic that deviated from protocol standards. Like policy-based detection, anomaly…

View original post 31 more words


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s