tailieunhanh - Network Security Algorithms

An effective network security plan is developed with the understanding of security issues, potential attackers, needed level of security, and factors that make a network vulnerable to attack [1]. The steps involved in understanding the composition of a secure network, internet or otherwise, is followed throughout this research endeavor. To lessen the vulnerability of the computer to the network there are many products available. These tools are encryption, authentication mechanisms, intrusion‐detection, security management and firewalls. Businesses throughout the world are using a combination of some of these tools. “Intranets” are both connected to the internet and reasonably protected from it. The internet architecture itself leads to vulnerabilities in the network. Understanding the security issues of the internet greatly assists in developing new security technologies and approaches for networks with internet access and internet security itself. . | CHAPTER Network Security Algorithms 4 From denial-of-service to Smurf attacks hackers that perpetrate exploits have captured both the imagination of the public and the ire of victims. There is some reason for indignation and ire. A survey by the Computer Security Institute placed the cost of computer intrusions at an average of 970 000 per company in 2000. Thus there is a growing market for intrusion detection a field that consists of detecting and reacting to attacks. According to IDC the intrusion-detection market grew from 20 million to 100 million between 1997 and 1999 and is expected to reach 518 million by 2005. Yet the capabilities of current intrusion detection systems are widely accepted as inadequate particularly in the context of growing threats and capabilities. Two key problems with current systems are that they are slow and that they have a high false-positive rate. As a result of these deficiencies intrusion detection serves primarily as a monitoring and audit function rather than as a real-time component of a protection architecture on par with firewalls and encryption. However many vendors are working to introduce real-time intrusion detection systems. If intrusion detection systems can work in real time with only a small fraction of false positives they can actually be used to respond to attacks by either deflecting the attack or tracing the perpetrators. Intrusion detection systems IDSs have been studied in many forms since Denning s classic statistical analysis of host intrusions. Today IDS techniques are usually classified as either signature detection or anomaly detection. Signature detection is based on matching events to the signatures of known attacks. In contrast anomaly detection based on statistical or learning theory techniques identifies aberrant events whether known to be malicious or not. As a result anomaly detection can potentially detect new types of attacks that signature-based systems will miss. Unfortunately anomaly detection .