Intrusion Detection/Prevention Systems (2020)

The intent of the Intrusion Detection/Prevention Systems (IDS) Knowledge Unit is to provide students with knowledge and skills related to detecting and analyzing vulnerabilities and threats and taking steps to mitigate associated risks.

Outcomes[edit]

After completing the KU, students will be able to:

1. Detect, identify, resolve and document host or network intrusions.
2. Use tools and algorithms to detect various types of malware (keyloggers, rootkits) and unauthorized devices (rogue wireless access points) on a live network.
3. Configure IDS/IPS systems to reduce false positives and false negatives.
4. Deploy reactive measures to respond to detected intrusion profiles.

Topics[edit]

1. Deep Packet Inspection
2. Log File Analysis
3. Log Aggregation
4. Cross Log Comparison and Analysis
5. Anomaly Detection
   1. Establishing profiles
   2. Anomaly algorithms, such as:
      1. Statistical Techniques
      2. Correlation Techniques
      3. Fuzzy Logic Approaches
      4. Artificial Intelligence
      5. Filtering Algorithms
      6. Neural Networks
6. Misuse Detection (Signature Detection)
7. Specification-based Detection
8. Host-based Intrusion Detection and Prevention
9. Network-based Intrusion Detection and Prevention
   1. Stealth mode
10. Distributed Intrusion Detection
11. Hierarchical IDS's
12. Honeynets/Honeypots
13. Intrusion response
    1. Device Reconfiguration.
    2. Notifications
       1. Logging
       2. SNMP Trap
       3. Email
       4. Visual/Audio Alert
    3. Trace Recording
    4. Opening Application
    5. Session Interuption
    6. Reach back.

Skills[edit]

NICE Framework Categories[edit]

CSEC 2017 Categories[edit]

Specialization Areas[edit]

• Data Security Analysis
• Industrial Control Systems-SCADA Security
• Network Security Administration, Specialization Area
• Network Technology and Protocols
• Security Incident Analysis and Response
• System Security Administration

See also[edit]

Related Knowledge Units

• Basic Networking
• Network Defense
• Network Technology and Protocols
• Advanced Network Technology and Protocols
• Network Security Administration
• Wireless Sensor Networks

Original Knowledge Unit

• Intrusion Detection/Prevention Systems (2014)

Further reading[edit]

Suggested textbooks[edit]

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]

Contacts[edit]

Reference ID[edit]

IDS