Intrusion Detection/Prevention Systems (2020)

From CyberEdWiki
Jump to: navigation, search

The intent of the Intrusion Detection/Prevention Systems (IDS) Knowledge Unit is to provide students with knowledge and skills related to detecting and analyzing vulnerabilities and threats and taking steps to mitigate associated risks.


After completing the KU, students will be able to:

  1. Detect, identify, resolve and document host or network intrusions.
  2. Use tools and algorithms to detect various types of malware (keyloggers, rootkits) and unauthorized devices (rogue wireless access points) on a live network.
  3. Configure IDS/IPS systems to reduce false positives and false negatives.
  4. Deploy reactive measures to respond to detected intrusion profiles.


  1. Deep Packet Inspection
  2. Log File Analysis
  3. Log Aggregation
  4. Cross Log Comparison and Analysis
  5. Anomaly Detection
    1. Establishing profiles
    2. Anomaly algorithms, such as:
      1. Statistical Techniques
      2. Correlation Techniques
      3. Fuzzy Logic Approaches
      4. Artificial Intelligence
      5. Filtering Algorithms
      6. Neural Networks
  6. Misuse Detection (Signature Detection)
  7. Specification-based Detection
  8. Host-based Intrusion Detection and Prevention
  9. Network-based Intrusion Detection and Prevention
    1. Stealth mode
  10. Distributed Intrusion Detection
  11. Hierarchical IDS's
  12. Honeynets/Honeypots
  13. Intrusion response
    1. Device Reconfiguration.
    2. Notifications
      1. Logging
      2. SNMP Trap
      3. Email
      4. Visual/Audio Alert
    3. Trace Recording
    4. Opening Application
    5. Session Interuption
    6. Reach back.


NICE Framework Categories

CSEC 2017 Categories

Specialization Areas

See also

Related Knowledge Units

Original Knowledge Unit

Further reading

Suggested textbooks

Suggested academic readings

Sample knowledge test

Sample skills test

Sample abilities test

Additional notes or materials


Reference ID