RangerIDS - Intrusion Detection System (IDS)

Detection Methods

Pattern Matching

Stateful Pattern Matching

Protocol Decode

Heuristic Analysis

Anomaly Analysis

Which Detection Method is Best

Monitor-Evaluate-Modify: The Security Cycle

Detection Methods

At one time, most Network IDS products based their alerts purely on pattern matching packet contents against a database of known signatures. Then came a new breed of IDS offerings that approached the problem in a completely different way - by doing a full protocol analysis on the data stream. Others began to use heuristics or anomaly-based analysis to determine when an attempted attack had taken place. Today, most IDS employ a mixture of these detection methods in a single product, though some will be more biased towards one method than another.

According to Cisco, there are five main methods of attack identification (source: Cisco Systems, The Science of Intrusion Detection System Attack Identification):