Intrusion detection terminology

 

Definitions and descriptions of commonly used intrusion detection terms are included here.

denial-of-service attack

In computer security, an assault on a network that brings down one or more hosts on a network such that the host is unable to perform its functions properly. Network service is interrupted for some period.

ICMP scan

A check that determines if a host responds to Internet Control Message Protocol requests, such as a ping.

Internet Control Message Protocol (ICMP)

An Internet Protocol that is used by a gateway to communicate with a source host, for example, to report an error in a datagram.

intrusion detection system

A system program that detects attempts to hack into, disrupt, or deny service to the system.

port scan

Software that searches systems in a network for open ports. A port scanner is used by administrators to check the security of a network, and by hackers or crackers to gain entry to the network.

Quality of Service (QoS)

Any operation that allows traffic priorities to be designated. Through QoS, different traffic throughout a network can be classified and administered.

traffic regulation anomaly

A deviation from normal network traffic patterns that is detected by an intrusion detection system. These situations could indicate a denial-of-service attack or a hacker who is monitoring connections to a Web server.

User Datagram Protocol (UDP)

An Internet Protocol that provides unreliable, connectionless datagram service. It enables an application program on one machine or process to send a datagram to an application program on another machine or process.

 

Parent topic:

Intrusion detection