Six major problems
We have to admit that IDS is a very good security means, but it is never perfect, it also has a lot of its own restrictions. (Any technique is mostly defective, the problem is the proportion of contribution and defects) When monitoring network activities in real time, there may be some situations that have been discovered, but take measures are too late. (After all, in the algorithm, real-time implementation is very difficult, to reflect the high-speed and safety of the network, maybe it is difficult to have such a major role, but the domestic application is far from being popular (perhaps the author of this article is aloud) It has been widely used in domestic IDS. It is provided separately. It is integrated into the network firewall. This aspect is due to the low degree of cognition, on the other hand, due to intrusion detection is a relatively new technology (IDS) The system architecture is basically mature. The so-called newly reflected in the continuous upgraded network environment, and there is still some technical difficulties, not all manufacturers have the strength of investigating intrusion detection products (this field of technology The difficulty of entering is relatively small, the market has basically blended a collective that can survive, it is best not to blindly enter this area, generally choose to enter the field, will adopt a network-based IDS simple system, then make algorithm innovation, stronger real-time. ). Most of the current intrusion detection products have some problems. The contradictory intrusion detection system of false positives and leaks analyzes all the data on the network (this description is network IDS, non-host IDS), if the attacker attacks the system, and the system is open, but the vulnerability has been repaired So, whether this attack needs alarm, it is a problem that requires administrator judgment (relationship to security restrictions). Because this also represents an attempt of attack. But a large number of alarm events will disperse the administrator's energy, but cannot respond to true attacks. Corresponding to the false positives are missing, as the attack is constantly updated, whether the intrusion detection system can report all the attacks in the network is also a problem (as a passive upgrade defense, IDS is the detection system, emphasizing defense, non-defense Active attack, the corresponding solution is to constantly update the rule base in time). Privacy and secure contradictory intrusion detection system can receive all the data from the network, while analyzing and recording it, which is extremely important to network security, but it is inevitable to make certain threats to the user's privacy, which is to see specific intrusion detection Whether the product can provide corresponding functions for administrators. (Safety and privacy is also better than the network speed and real-time, whether Microsoft or Google, when the technology improvement, the same user is also condemned, ultimately, technology or progress!) Passive analysis and active discovery The contradictory intrusion detection system is to discover network issues in passive monitors, and cannot actively discover security hazards and faults in the network. How to solve this problem is also a problem facing intrusion detection products. Actively discovered that the intelligence is very strong, not to mention, there is always a fish, defense and attack, who is not, it is difficult to pay, there is no need to excessively strong. Contradictions in massive information and analysis costs With the growing network data flow, the intrusion detection product can be efficiently handled in the network is also an important basis for measuring intrusion detection products.
