This topic defines intrusion detection terms.
- denial-of-service (DOS) attack
- In computer security, an assault on a network that brings down one or
more hosts on a network such that the host is unable to perform its functions
properly. Network service is interrupted for some period.
- Internet Control Message Protocol (ICMP)
- An Internet protocol that is used by a gateway to communicate with a source
host, for example, to report an error in a datagram.
- ICMP scan
- An attack that tries to use ICMP to overload the system. This is typically
a denial-of-service attack.
- intrusion detection
- A broad term encompassing the detection of many undesirable
activities. The objective of an intrusion might be to acquire information
that a person is not authorized to have (information theft). The objective
might be to cause a business harm by rendering a network, system, or application
unusable (denial of service), or it might be to gain unauthorized use of a
system as a means for further intrusions elsewhere. Most intrusions follow
a pattern of information gathering, attempted access, and then destructive
attacks. Some attacks can be detected and neutralized by the target system.
Other attacks cannot be effectively neutralized by the target system. Most
of the attacks also make use of "spoofed" packets, which are not easily traceable
to their true origin. Many attacks now make use of unwitting accomplices,
which are machines or networks that are used without authorization to hide
the identity of the attacker. For these reasons, detecting information gathering,
access attempts, and attack behaviors are vital parts of intrusion detection.
- port scan
- An attack that attempts to connect to unused ports looking for a way to
break into the system.
- Quality of Service (QoS)
- Any operation that allows traffic priorities to be designated. Through
QoS, different traffic throughout a network can be classified and administered.
- traffic regulation (TR)
- Used for intrusion detection policies that specify the data/connection
rate thresholds.
- User Datagram Protocol (UDP)
- An Internet protocol that provides unreliable, connectionless datagram
service. It enables an application program on one machine or process to send
a datagram to an application program on another machine or process.