Overview
Network intrusion detection is a critical component of network defense. Through effective network intrusion detection, malicious activities and policy violations can be monitored and identified. In general, network intrusion detection system (NIDS) can be classified into two types: signature-based detection and anomaly-based detection. The former detects intrusions by matching network patterns with predefined rules, and the latter one detects deviations from a model of “normal” traffic. In this lab, students will learn how to do the signature-based detection.
Conceptual Visualization
The following animation visualizes the concept of network intrusion detection.
Lab Instruction Materials
- Lab instruction
- Configuration file for creating lab environment
- Lab solution is not provided here. Interested instructors can email PI Mengjun Xie for the lab solution.