Intrusion Detection/Prevention Systems (2020)

From CyberEdWiki
Revision as of 22:07, 21 November 2019 by GeralynUH (talk | contribs) (Text replacement - "To complete this KU, students should be able to:" to "After completing the KU, students will be able to:")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The intent of the Intrusion Detection/Prevention Systems (IDS) Knowledge Unit is to provide students with knowledge and skills related to detecting and analyzing vulnerabilities and threats and taking steps to mitigate associated risks.


After completing the KU, students will be able to:

  1. Detect, identify, resolve and document host or network intrusions.
  2. Use tools and algorithms to detect various types of malware (keyloggers, rootkits) and unauthorized devices (rogue wireless access points) on a live network.
  3. Configure IDS/IPS systems to reduce false positives and false negatives.
  4. Deploy reactive measures to respond to detected intrusion profiles.


  1. Deep Packet Inspection
  2. Log File Analysis
  3. Log Aggregation
  4. Cross Log Comparison and Analysis
  5. Anomaly Detection
    1. Establishing profiles
    2. Anomaly algorithms, such as:
      1. Statistical Techniques
      2. Correlation Techniques
      3. Fuzzy Logic Approaches
      4. Artificial Intelligence
      5. Filtering Algorithms
      6. Neural Networks
  6. Misuse Detection (Signature Detection)
  7. Specification-based Detection
  8. Host-based Intrusion Detection and Prevention
  9. Network-based Intrusion Detection and Prevention
    1. Stealth mode
  10. Distributed Intrusion Detection
  11. Hierarchical IDS's
  12. Honeynets/Honeypots
  13. Intrusion response
    1. Device Reconfiguration.
    2. Notifications
      1. Logging
      2. SNMP Trap
      3. Email
      4. Visual/Audio Alert
    3. Trace Recording
    4. Opening Application
    5. Session Interuption
    6. Reach back.


NICE Framework Categories[edit]

CSEC 2017 Categories[edit]

Specialization Areas[edit]

See also[edit]

Related Knowledge Units

Original Knowledge Unit

Further reading[edit]

Suggested textbooks[edit]

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]


Reference ID[edit]