What is a disruption detection system?
Information networks can be highly sensitive to harmful attacks of worms, viruses and various other network threats, with regular new problems on these fronts. Such attacks can paralyze networks, destroy important data and adversely affect productivity. To prevent this, disturbance detection systems (IDS) are set to protect information networks.
The detection detection system acts as a guarantee that detects attacks before or as they occur, warns the system management, and then takes appropriate steps to deactivate the attacks and renew the network to its normal work capacity. Disruption detection systems are usually required a certain degree of human supervision and investigation because IDS is not completely reliable. For example, a disruption detection system can identify some network threats, or in the case of busy networks, it may not be able to check all the operation that passes through the network.
In its daily operation, a disruption detection system monitors user and operationIn the network and monitors system configurations and system files. If any abnormalities or attacks are found, the detection detection system immediately sets a alarm that warns the system manager. The system can then continue to solve the network threats or let the administrator decide on the best way to solve the problem.
There are three main types of disruption detection systems that together form a system of disturbance. The first is to detect a network disruption that maintains the library of known network threats. The system checks around the Internet and constantly updates this library; In this way, the system is informed of the latest network threats and is able to better protect the network. The passing traffic is monitored and the chess system connects to the library, and if any known attack or abnormal behavior corresponds to those in the library, the system will block it.
Detection of network node disturbance is the second part of the Systemthe prevention of disruption. It checks and analyzes traffic that moves from the network to a particular host. The third part is the host detection system that checks any changes in the current system; If some files are edited or deleted, the host intrusion detection system is the alarm. It can either directly disable the attack, or set a new, improved security environment.