--- title: 第一堂 tags: 網路入侵 --- # 期中報告 ### snort 執行報告 5分鐘 ### snort 文件報告 10分鐘 --- # Principal Defense Catrgories - Prevention (預防) - Detection (偵查) - Respone (回應)  # Audit # Detection ## Primciple Approaches - Anomatic detection user usage habit - 異常行為偵測 - 易造成誤判 - 私人研究居多 - Misuse detection - 誤用偵測 - 以公司、研究機構為主 - 需定義檔、資料庫 ## type of error - false positive - 偽陽性 - false negative - 偽陰性  - Standard measure ## Requirement to Intrusion Detection Systems - High accuray - Easy to integrate into a System/network - 易於部屬 ## Response - 啟動反制 # Types of Audit Data ## Events recorded in a computer system:(for host-based IDS) # Analysis - Anomatic Detection - Misuse Detection