State-Based Network Intrusion Detection SystemNetwork intrusion detection systemConventionally, to secure computer systems, programmers resorted to creation of protective “shield” – so to speak – around these systems by way of design security mechanisms such as firewalls (see Lodin & Schuba), authentication mechanisms, Virtual Private Networks (VPN). However, these security mechanisms almost have inevitable vulnerabilities and they are usually not sufficient to ensure complete security of the infrastructure and to ward off attacks that are continually being adapted to exploit the system’s weaknesses often caused by careless design and implementation flaws. This accounts for the need for security technology that can monitor systems and identify computer attacks.
This is called intrusion detection and is complementing the conventional security mechanisms (Kumar, Srivastava & Lazarevic, 20). To better understand Network Intrusion Detection System (NIDS), we first need to clarify its element terminologies. Firstly, an intrusion is an attempt to break into or misuse one’s system. An intruder is more commonly known as hacker – a generic term for a person who like getting into things, with a benign hacker who likes to get into his/her own computer and understands how it works and a malicious hacker who likes getting into other people’s systems -- or cracker (a term that benign hackers would like to be applied to them).
Now, intruders may be outsiders. That is, they may attack your network from outside – e. g., defacing the web servers, forwarding spasm through e-mail servers, etc. – or may try to skirt around the security mechanisms used – such as firewalls -- to assail machines on the internal network. Intruders from the outside (of the network) may proceed from the dial-up Internet lines, or may be a result of physical break-ins, and/or may be by one’s partner (vendor, customer, reseller, etc. ) network that is linked to one’s corporate network.
Intruders may likewise be internal – i. e., intruders that may legitimately use one’s internal network, including users who misuse privileges (for example, an election officer who marked someone in the list of the voters as being dead for political reason) or who impersonate higher privileged users (by using someone else’s terminal). Of these two categories of intruders, it is said that around eighty percent (80%) of security intrusions are done by insiders (see Graham).
Understandably, thus, intrusion is popularly defined as a malicious and externally and internally induced operational fault. Now, computer intrusions and attacks are often rendered synonyms. But, more technically, an attack is an attempt to intrude (into what is supposedly a secure network); while an intrusion is actually resulting from an attack that has been partially or completely successful (Kumar, Srivastava & Lazarevic 22). “Intrusions in the computer systems are usually caused by attackers accessing the systems from the Internet, or by authorized users of the systems who attempt to misuse the privileges given to them and/or to gain additional privileges for which they are not authorized” (see Kumar, Srivastava & Lazarevic, 21). Intruders may also be categorized depending on their ultimate intent.
They may be joy riders, who hack just for the sake of hacking if not to simply show that they can actually hack; vandals, who intend to or simply cause destruction or marking up one’s web pages; or profiteers, who as their name means derive profit from their enterprise – e. g., such as rigging the system to give them money or stealing corporate data to sell (Graham).