University of Twente (07/01/09) Bruysters, Joost
University of Twente researcher Damiano Bolzoni has developed SilentDefense, an anomaly network intrusion detection system that could lead to a new generation of network security systems. There are two types of network intrusion detection systems. The first uses a database of all known attacks to identify signatures of commonly used methods, but these systems have difficulty stopping new attack methods. The second uses anomaly detection, essentially learning how the network is normally used and searching for any deviation from the standard pattern. Bolzoni says anomaly detection is not widely used because truly effective systems are not commercially available, but he says SilentDefense will rectify this shortcoming. SilentDefense is based on self-learning algorithms, which significantly improves the accuracy of the system and reduces the odds of false positives. Bolzoni says the ideal network intrusion detection system is not one type or another but a combination of the two. However, before such a system can be created, he says a better anomaly detection system needs to be developed.
No comments:
Post a Comment