Intrusion Detection Systems (IDSes) are software and/or hardware components that monitor the events in a computer or in a network and analyze the activities for signs of possible violations of computer security policies. There are various kinds of IDS each addressing a different aspect of computer security. A Network IDS (NIDS) attempts to identify unauthorized, illicit and anomalous behaviors based on network traffic, whereas a host IDS (HIDS) attempts to identify violations of the security policies on a specific device. A further distinction is between signature-based IDS and anomaly-based IDS. A signature-based IDS examines the activities for predetermined attack patterns known as signatures, whereas an anomaly based-IDS firstly builds a model of the normal usage of the monitored system and, based on this model, it then monitors the system's activities by classifying them as either normal or anomalous.
In this talk, we give an overview of the state of the art in intrusion detection research, by discussing the key characteristics of an IDS, its functions, limitations and typical architectures.
From 22/03/2010-15.00 to 22/03/2010-16.00 , Aula didattica dello IIT (Aula A32 - vicino biblioteca)
Speaker: Daniele Sgandurra
Responsible: Fabio Martinelli
Note: Daniele Sgandurra is currently working at IIT-CNR where his major research fields are intrusion detection systems, virtual machines security and cloud security. He graduated in Computer Science at the University of Pisa in 2006 where he is now a PhD student at the Department of Informatics