ABSTRACT
An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization.
IDPSes typically record information related to observed events, notify security administrators of important observed events, and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack’s content.
TABLE OF CONTENTS
CERTIFICATION PAGE
DEDICATION
ACKNOWLEDGEMENT
ABSTRACT
CHAPTER ONE
1.1STATEMENT OF PROBLEM
1.2PURPOSE OF STUDY
1.3IMPORTANCE OF STUDY
1.4DEFINITION OF TERMS
1.5ASSUMPTION OF STUDY
CHAPTER TWO
2.0 LITERETURE REVIEW
2.1 INTRUSION PREVENTION SYSTEM
2.2 IS IDS THE SAME AS FIREWALL?
2.3 TYPES OF INTRUSION DETECTION SYSTEM
CHAPTER THREE
3.0 NETWORK-BASED VS. HOST-BASED IPS
3.1 IDS VS. IPS
CHAPTER FOUR
4.0 DEVELOPMENT OF AN INTRUSION DETECTION SYSTEM
4.1 STATISTICAL ANOMALY AND SIGNATURE BASED IDSES
4.1.1 STATISTICAL ANOMALY-BASED IDS
4.1.2 SIGNATURE-BASED IDS
CHAPTER FIVE: CONCLUSION
5.1LIMITATION OF STUDY
5.2SUGGESTION FOR FURTHER RESEARCH
5.3 REFERENCES