Intruder detection

From Wikipedia, the free encyclopedia

You have new messages (last change).

In information security, intruder detection is the art of detecting intruders behind attacks as unique persons. This techniques try to identify the person analyzing their computational behaviour.

This concept is not yet very extended and tend to be confused with Intrusion Detection (also known as IDS) techniques which are the art of detecting intruder actions.

Contents

[edit] Theory

Intruder Detection Systems (See Intruder detection#Translation Confusion) try to detect whom is attacking a system analyzing his computational behaviour or biometric behaviour.

[edit] Some of the parameters used to identify a person

  • Keystroke Dynamics (aka keystroke patterns, typing pattern, typing behaviour)
  • Patterns using an interactive command interperter:
    • Commands used
    • Commands sequence
    • Accessed directories
    • Character deletion
  • Patterns on the network usage:
    • IP address used
      • ISP
      • Country
      • City
    • Ports used
    • TTL analysis
    • Operating system used to attack
    • Protocols used
    • Connection times patterns

[edit] Keystroke dynamics

Keystroke dynamics is paramount in Intruder Detection techniques because is the only parameter that has been classified as real 'behavioural biometric pattern'.

Keystroke Dynamics analyze times between keystrokes issued in a computer keyboard or cellular phone keypad searching for patterns. First techniques used statistics and probability concepts like 'standard deviations' and 'Mean', later approaches use data mining, neural networks, Support Vector Machine, etc.

There are numerous papers on this topic.

[edit] History

Some other earlier works reference the concept of Intruder Autentication, Intruder Verification, or Intruder Classification, but the Si6 project Si6#Paranoid was one of the first projects to deal with the full scope of the concept.

[edit] Translation confusion

There is a confusion with the Spanish translation of 'Intrusion_detection_system', also known as IDS. Some people translate it as 'Sistemas de Detección de Intrusiones', but others translate it as 'Sistemas de Detección de Intrusos'. Only the former is correct.

[edit] See also

[edit] External links

 This computer-related article is a stub. You can help Wikipedia by expanding it.
Retrieved from "http://en.wikipedia.org../../../i/n/t/Intruder_detection.html"
In other languages