A CDE Definition
A deviation from the normal traffic pattern. An intrusion detection system (IDS) may look for unusual traffic activities, such as a flood of UDP packets or a new service appearing on the network. Traffic anomalies can be used to identify unknown attacks and DoS floods, but tuning the IDS for this can be difficult. It also requires a clear understanding of the "normal" traffic. See IDS.
(Intrusion Detection System) Software that detects an attack on a network or computer system. A Network IDS (NIDS) is designed to support multiple hosts, whereas a Host IDS (HIDS) is set up to detect illegal actions within the host. Most IDS programs typically use signatures of known cracker attempts to signal an alert. Others look for deviations of the normal routine as indications of an attack. Intrusion detection is very tricky. Too much analysis can add excessive overhead and also trigger false alarms. Insufficient analysis can overlook a valid attack.
Catch It at the Source
The opposite of intrusion detection is "extrusion detection." Such software examines the outgoing data in the computer to determine if malware is originating in this computer. See protocol anomaly, traffic anomaly, IPS and attack.
Before/After Your Search Term
Terms By Topic
Click any of the following categories for a list of fundamental terms.