40
packet header
in
which
network-based information such as IP address and
types
of packet are stored.
•
Host-based IPS (HIPS)
is specialized software applications that are installed on a
host’s
computer or
server
to
watch
all
inbound
and
outbound communication
traffic
to
and
from
that
computer.
It
is
apposite
in
web-based applications
protection
and
working
best
in
detecting
internal
or
local
attack.
It
effectively
monitors traffic flows to and from host.
Intrusion
prevention
system
that
uses
anomaly-based detection
scheme
is
generally
implemented throughout the
network rather than
the
host
because
it
primarily
focuses on the analysis of
network traffics
that
flow all the
way through. That
is why
it
typically
uses
the
type
of
network-based design.
However,
to
detect
more
quickly
and
prioritize the
anomaly-based or
rate-based attacks
more accurately, IPS
can
also
use
the
network
behavior
analysis
(NBA)
technology, which
mostly
employs
the
same
architecture as network-based IPS, but is specialized in detecting anomaly behavior.
2.1.8.1 Mechanisms of IPS
IPS
works
to
detect
and
additionally
block
attacks
or
other
malicious
activities.
In
signature-based detection
methodology, or
also
referred to
as
rule-based
matching or
misuse
detection, signatures of
attacks are
comprehensively analyzed and
matched
with
current database of
signatures to
figure out the attacks.
This
type of
detection
method
is
best
used
against
content-based or
context-based attacks that
fetch
data
signatures,
such
as worms, Trojans, and exploits of vulnerability. Alternatively, anomaly or profile-based
detection,
in
which
we
are
concentrating
on,
is
used
to
simply
detect
anomalies
or
 |