FYP LOGBOOK 3
|
|
TYPE OF IDS |
|||
|
Network Intrusion Detection System (NIDS) |
Host-Based Intrusion Detection System (HIDS) |
Anomaly-Based |
Signature-based |
|
|
Definition |
A system that links to network hubs or network taps and are frequently installed near data chokepoints that commonly in a demilitarised zone (DMZ) or network border. |
A system that keeps an eye on critical operating system files. a host-based agent that detects malicious activity via system calls, application logs, and file system alterations. |
A detection approach using machine learning to establish a specified model of trustworthy behaviour, which is then compared against new actions. |
Looks for certain patterns in network data, such as byte sequences, or known dangerous instruction sequences used by malware, to identify attacks. |
|
Performance of IDS |
Does not add to the traffic volume makes no effect on network availability or performance |
HIDS can identify assaults that NIDS would miss since they monitor events local to hosts |
It is susceptible to false positives, in which previously unknown acceptable behaviour is mistakenly categorised as harmful. |
May quickly detect known attacks, new assaults for which no pattern exists are more difficult to detect. |
|
|
TYPE OF IDS PLACEMENT |
||
|
Distributed IDS placement |
Centralized IDS placement |
Hybrid IDS placement |
|
|
Definition |
IDS are placed in every physical object of the Lowpower and Lossy Networks (LLN) |
IDS is placed in a centralised component, such as a border router or a dedicated server |
combines concepts of centralized and distributed placement to take advantage of their strong points and avoid their drawbacks. |
|
|
TYPE OF DATASET |
||
|
NSL-KDD dataset |
Bot-IoT Dataset |
BotNet |
|
|
Definition |
NSL-KDD is a data set suggested to solve some of the inherent problems of the KDD'99 dataset. Although, this new version of the KDD data set still suffers from some of the problems discussed by McHugh and may not be a perfect representative of existing real networks, because of the lack of public data sets for network-based IDSs, we believe it still can be applied as an effective benchmark data set to help researchers compare different intrusion detection methods. |
The BoT-IoT dataset was created by designing a realistic network environment in the Cyber Range Lab of UNSW Canberra. The network environment incorporated a combination of normal and botnet traffic. |
A botnet is a collection of internet-connected devices, which may include personal computers (PCs), servers, mobile devices and internet of things (IoT) devices, that are infected and controlled by a common type of malware, often unbeknownst to their owner.behaviour. |
|
URL |
https://github.com/jmnwong/NSL-KDD-Dataset/blob/master/KDDTest-21.arff |
/projects/ bot-iot-dataset |
harvardnlp/botnet-detection |