Abstract
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks. In this paper, we present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks. We categorize IDPS based on deployment as Network-based, host-based, and Perimeter-based and Hybrid. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level to give better performance in terms of reduced rate of false positives and accurate detection and prevention.
Highlights
In order to apply admission and access control for a network, various Intrusion Detection and Prevention systems (IDPS) are available in the market
We present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks
The detection technique used by the IDPS classifies it into two categories: signature based if it detects an attack by comparing it against a stored set of pre-defined signatures
Summary
In order to apply admission and access control for a network, various Intrusion Detection and Prevention systems (IDPS) are available in the market. The primary intrusion prevention use signature mechanism to identify activity in network traffic and host. The detection technique used by the IDPS classifies it into two categories: signature based if it detects an attack by comparing it against a stored set of pre-defined signatures. It is anomaly-based if any abnormal behavior or intrusive activity occurs in the computer system, which deviates from system normal behavior. System normal behavior such as kernel information, system logs event, network packet information, software-running information; operating system information etc is stored into the database [1].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
