Intrusion detection terminology
Definitions and descriptions of commonly used intrusion detection terms are included here.
- denial-of-service attack
- In computer security, an assault on a network that brings down one or more hosts on a network such that the host is unable to perform its functions properly. Network service is interrupted for some period.
- ICMP scan
- A check that determines if a host responds to Internet Control Message Protocol requests, such as a ping.
- Internet Control Message Protocol (ICMP)
- An Internet Protocol that is used by a gateway to communicate with a source host, for example, to report an error in a datagram.
- intrusion detection system
- A system program that detects attempts to hack into, disrupt, or deny service to the system.
- port scan
- Software that searches systems in a network for open ports. A port scanner is used by administrators to check the security of a network, and by hackers or crackers to gain entry to the network.
- Quality of Service (QoS)
- Any operation that allows traffic priorities to be designated. Through QoS, different traffic throughout a network can be classified and administered.
- traffic regulation anomaly
- A deviation from normal network traffic patterns that is detected by an intrusion detection system. These situations could indicate a denial-of-service attack or a hacker who is monitoring connections to a Web server.
- User Datagram Protocol (UDP)
- An Internet Protocol that provides unreliable, connectionless datagram service. It enables an application program on one machine or process to send a datagram to an application program on another machine or process.
Parent topic:
Intrusion detection