Detecting attacks on networks

As Internet based and intranet based network systems have evolved, they have become invaluable tools that businesses can use to share information and conduct business with online partners. However, hackers have also learned to use these systems to access private networks and their resources. Studies have shown that many organizations have suffered external and internal network intrusions. Internet systems are subject to various types of attacks. Traditional network security products, such as firewalls, can be penetrated from outside and can also leave organizations vulnerable to internal attacks. Generally, victims do not find out that their networks have been attacked until they examine system logs the next day, after the damage has been done. Network intrusion detection systems solve this problem by detecting external and internal security breaches as they happen and immediately notifying security personnel and network administrators by e mail or pager. Intrusion detection systems use several types of algorithms to detect possible security breaches, including algorithms for statistical anomaly detection, rule based anomaly detection, and a hybrid of the two