Posted by admin | February 14th, 2010
A misuse intrusion is when an intruder attacks well known areas of weakness in a system. Intrusion detection software can identify misuse intrusions by recognizing the distinct pattern behavior associated with the well known areas of weaknesses. An anomaly intrusion happens when the systems behavior is not consistent with normal system usage patterns. Intrusion detection software may have trouble recognizing an anomaly intrusion, because an intruder may monitor normal system usage and overtime can mimic normal patterns. However, with the help of human and software monitoring a system can be secured from anomaly intrusions.
A well rounded intrusion detection system consists of the following:
-
Runs autonomously
-
Fault tolerant
-
Defends against subversion
-
Low overhead
-
Detects abnormal activity
-
Adapt to normal network patterns
-
Adapt to the addition of new applications
The differences between misuse and anomaly intrusions lay in how they are detected. Misuse is defined by its detection in that it is specific, precise represent able techniques of computer misuse; Whereas anomaly is detected by monitoring a system and defining it as either normal, or abnormal. A good intrusion detection system is going to run without human supervision, recover from un-expected crashes or errors, not be a burden to the network, be able to protect from outside and inside intruders, and utilize some type of technique, such as neural network, to detect anomalies.
The most prevalent attack is Conficker, which affects embedded Windows applications; such as Windows media components. Additionally, Conficker can allow remote code execution to take place within the embedded application.
Leave a Reply
