In: Computer Science
Using the Internet, search for commercial IDPS systems. What classification systems and descriptions are used, and how can they be used to compare the features and components of each IDPS? Create a comparison spreadsheet to identify the classification systems you find.
So Lets see what is an intrusion detection and prevention system, (IDPS), It is is an extension of Intrusion detection system (IDS) technology, which can find and also helps to prevent the intrusion from safely securing attacks the network.
Classification of Intrusion detection system type-1:
• Host Based IDS
• Network Based IDS (NIDS)
• Hybrid Based IDS(HIDS)
Step 2
Classification of Intrusion detection system type-2:
Classification is done on the basis of analysis pattern of the intrusion detection system. This scheme pattern can be broadly divided into two groups:
• Knowledge based Intrusion Detection System
o Expert systems
o Signature analysis
o State transition
o Petri Nets
• Anomaly Based Intrusion Detection System.
o Statistical based IDS
o Neural networks IDS
o Expert system IDS
o Data mining
o Computer immunology IDS
Step 3
Intrusion prevention systems are ofyen classified into four different types:
• Network-based intrusion prevention system (NIPS):
o Checks the entire network for suspicious traffic by examining the network traffic using analyzing protocol and take the appropriate action.
• Wireless intrusion prevention systems (WIPS):
o Monitor a wireless network for suspicious traffic by analyzing wireless networking protocols.
• Network behavior analysis (NBA):
o Examines network traffic to identify threats such as distributed denial of service (DDoS) attacks and policy violations.
• Host-based intrusion prevention system (HIPS):
o A software agent installed in the single host, monitors suspicious activity by analyzing events occurring within that host.
Step 4
Parameters used for comparative analysis is given below:
Type |
Category in which this tool belongs. |
Operating System |
The operating system(s) on which the tool runs. If the operating system is embedded in the tool then a “not applicable” symbol (N/A) is placed in the column. |
License |
The type of license under which the tool is distributed, e.g., Commercial, Freeware, GNU Public License |
Based on |
Technique being used to find detection |
Comparative analysis of IDPS system based on the parameters in the above table is shown below:
Name |
Type |
OS |
License |
Based on |
CSP alert plus |
HIDS |
Windows |
Commercial |
Rule based |
eEye®Retina |
HIDS |
Windows |
Commercial |
Rule based |
eEye Secure II web server protection |
HIDS |
Windows |
Commercial |
Rule based |
GFI events manager |
HIDS |
Windows |
Commercial |
Rule based |
IBM® real secure®server sensor |
HIDS |
Windows |
Commercial |
Rule based |
McAfee® Host intrusion prevention |
HIDS |
Linux, Windows |
Commercial |
Rule based |
Tripwire® enterprise |
HIDS |
Linux, Windows ,and unix |
Commercial |
Audit assessment |
Arbor networks peak flow® X |
NIDS |
N/A |
Commercial |
Behavior based |
Arc Sight® |
NIDS |
N/A |
Commercial |
Anomaly based |