Introduction to Cybersecurity: Intrusion Detection

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/24

flashcard set

Earn XP

Description and Tags

Flashcards covering the fundamentals of Intrusion Detection Systems (IDS), including types of intruders, behavior steps, HIDS vs. NIDS, detection approaches, and Snort rule basics.

Last updated 9:44 PM on 6/29/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

25 Terms

1
New cards

Intrusion

A significant security problem for networked systems involving hostile, or at least unwanted, trespass (entering without permission) by users or software.

2
New cards

User Trespass

Unauthorized logon to a machine or, in the case of an authorized user, the acquisition of privileges or performance of actions beyond those that have been authorized.

3
New cards

Software Trespass

A form of intrusion that can take the form of a virus, worm, or Trojan horse.

4
New cards

Cyber criminals

Individuals or members of an organized crime group with a goal of financial reward.

5
New cards

Activists

Also known as hacktivists; individuals or members of a larger group of outsider attackers motivated by social or political causes, often with a quite low skill level.

6
New cards

State-sponsored organizations

Groups of hackers sponsored by governments to conduct espionage or sabotage activities, also known as Advanced Persistent Threats (APTs).

7
New cards

Security Intrusion

A security event, or combination of events, in which an intruder gains or attempts to gain unauthorized access to a system or system resource.

8
New cards

Intrusion Detection

A security service that monitors and analyzes system events to find and provide real-time or near real-time warnings of unauthorized access attempts.

9
New cards

Sensors (IDS Component)

The logical components of an Intrusion Detection System responsible for collecting data.

10
New cards

Analyzers (IDS Component)

Components that receive input from sensors to determine if an intrusion occurred, provide evidence for that conclusion, and offer guidance on actions to take.

11
New cards

User Interface (IDS Component)

Enables a user to view system output or control the behavior of the Intrusion Detection System.

12
New cards

Host-based IDS (HIDS)

Monitors the characteristics and events occurring within a single host, such as process identifiers and system calls, for evidence of suspicious activity.

13
New cards

Network-based IDS (NIDS)

Monitors network traffic for particular segments or devices and analyzes network, transport, and application protocols to identify suspicious activity.

14
New cards

Distributed or hybrid IDS

A system that combines information from a number of sensors, often both host and network-based, into a central analyzer for better identification and response.

15
New cards

Signature Recognition

Also known as misuse detection; it identifies events that indicate misuse of a system resource by matching traffic against a database of known intrusion patterns.

16
New cards

Anomaly Detection

Detects intrusions by collecting and processing sensor data from normal operations and identifying deviations based on fixed behavioral characteristics.

17
New cards

Statistical Anomaly Detection

Analysis of observed behavior using univariate, multivariate, or time-series models of observed metrics.

18
New cards

Knowledge-based Anomaly Detection

Approaches using an expert system to classify behavior according to a set of rules that model legitimate behavior.

19
New cards

Machine-learning Anomaly Detection

Approaches that automatically determine a suitable classification model from training data using data mining techniques.

20
New cards

Protocol Anomaly Detection

A type of detection where models explore anomalies in the way vendors deploy the TCP/IP specification.

21
New cards

Rule-based Heuristic Identification

Involves the use of rules specific to a machine and OS to identify known penetrations or those exploiting known weaknesses.

22
New cards

Passive NIDS Sensor

A sensor that monitors a copy of network traffic via a monitoring interface in promiscuous mode with no IP address, separate from its management interface.

23
New cards

Snort

An open source network intrusion detection system capable of performing real-time traffic analysis and packet logging on IP networks.

24
New cards

Snort Rule Header

The part of a Snort rule that identifies the rule's actions (e.g., alert, log, pass), protocol, IP addresses, ports, and direction.

25
New cards

Snort Rule Options

The part of a Snort rule that identifies specific alert messages and content to be searched for within a packet.