To stop the Intrusions? It changes Method....
I have read an article on a monthly (Hacker Italia) that quoted: " Soon the system to notice the intrusions denominated as Statistical or Behaviour Based it would be able to blow away the most diffused Signature Based "
If the answer can interest you I give it for you immediately:
the biggest problem of these traditional systems, based on a system of signatures and rules, it is the speed of compilation of the same signatures, without which the system shows itself blind. To include in the list an attack, in fact it needs to individualize it, to record it and to analyze it.
Then it it is necessary to look for the rule in the intern of some signatures and to distribute the signatures themselves.
The Statistical Based Intrusion Detection (SBID) they have a whole other philosophy instead.
In few words once determined the normal activity of the system all of this that goes out of the parameters of the norm it is considered as suspicious activity. The SBID continually analyze the normal traffic of the net in which they are directly implemented with a proportional precision to the period of activity of the same IDS. For this reason they don't serve continuous updatings of the signatures of identification and in comparison to the traditional systems they guarantee greater coverage to the new typologies of attack.
I hope to be you useful........