Intrusion Detection Systems: Threats, Taxonomy, Tuning
Abstract
An intrusion is defined as any set of actions that attempts to compromise the integrity, the confidentiality, or the availability of a resource. Following the pioneering work of Anderson in 1980 it has been recognised that while computer systems and networks need to be protected from unauthorised external access, using firewalls for example, it is not possible to provide an unconditional guarantee of invulnerability to intrusion. There are a number of reasons for this. One is the extreme diversity of intrusions observed, for example password stealing and cracking, masquerade and sniffer attacks, subversion of security controls (via trapdoors, Trojans etc), denial of service attacks, and malicious codes (viruses, worms, Trojans, logic bombs etc). Another reason is that over 70 per cent of attacks on networks are believed to be internal in origin.
Citation
Overill, R.E. (1998), "Intrusion Detection Systems: Threats, Taxonomy, Tuning", Journal of Financial Crime, Vol. 6 No. 1, pp. 49-51. https://doi.org/10.1108/eb025861
Publisher
:MCB UP Ltd
Copyright © 1998, MCB UP Limited