Abstract
An intrusion detection sensor is defined as a device that collects and analyses network traffic for the purpose of identifying suspicious events. Too often the value of a sensor is associated with its data collection and analysis features. Experience tells us such sensors fall under a range of different types and are diverse in their operational characteristics, some of which have been little studied. In this article, researchers from the Cranfield and York universities examine some of these characteristics, such as location and response, and also characterise the various costs associated with such sensors. A common definition for an intrusion detection sensor defines it as a ''device that collects and analyses network traffic for the purpose of identifying suspicious events''.^1 Too often the value of a sensor is associated with its data collection and analysis features. This is inevitable since so many of the intrusion detection systems (IDS) are designed with such characteristics in mind. Experience tells us such sensors fall under a range of different types with diverse operational characteristics, some of which have been little studied. There is a need to examine some of these characteristics to appreciate the value they add to sensor deployments particularly from a system perspective. Such characteristics are important if sensors are to be assessed collectively as opposed to the effectiveness of individual sensors.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.