Intruder detection

This article relies largely or entirely on a single source. Relevant discussion may be found on the talk page. Please help improve this article by introducing citations to additional sources. Find sources: "Intruder detection" – news · newspapers · books · scholar · JSTOR (December 2024)

In information security, intruder detection^[1] is the process of detecting intruders behind attacks as unique persons. This technique tries to identify the person behind an attack by analyzing their computational behaviour.

Some other earlier works reference the concept of Intruder Authentication, Intruder Verification, or Intruder Classification, but the Si6 project was one of the first projects to deal with the full scope of the concept.

Intruder Detection Systems try to detect who is attacking a system by analyzing his or her computational behaviour or biometric behaviour.

• Keystroke Dynamics (aka keystroke patterns, typing pattern, typing behaviour)
• Patterns using an interactive command interpreter:
  • Commands used
  • Commands sequence
  • Accessed directories
  • Character deletion
• Patterns on the network usage:
  • IP address used
    • ISP
    • Country
    • City
  • Ports used
  • TTL analysis
  • Operating system used to attack
  • Protocols used
  • Connection times patterns

Keystroke dynamics is paramount in Intruder Detection techniques because it is the only parameter that has been classified as a real 'behavioural biometric pattern'.

Keystroke dynamics analyze times between keystrokes issued in a computer keyboard or cellular phone keypad searching for patterns. First techniques used statistics and probability concepts like 'standard deviations' and 'Mean', later approaches use data mining, neural networks, Support Vector Machine, etc.

There is a confusion with the Spanish translation of 'Intrusion detection system', also known as IDS. Some people translate it as 'Sistemas de Detección de Intrusiones', but others translate it as 'Sistemas de Detección de Intrusos'^{[citation needed]}. Only the former is correct.

• Intrusion-detection system
• Biometrics

• P0f OS fingerprinting tool
• Si6 Paranoid Project Archived 2005-12-01 at the Wayback Machine