Edit filter log

Details for log entry 22040362

10:29, 18 September 2018: 112.133.193.242 (talk) triggered filter 432, performing the action "edit" on Anomaly-based intrusion detection system. Actions taken: Warn; Filter description: Starting new line with lowercase letters (examine)

Changes made in edit

Action parameters

Variable	Value
Whether or not the edit is marked as minor (no longer in use) (`minor_edit`)	false
Name of the user account (`user_name`)	'112.133.193.242'
Whether the user is editing from mobile app (`user_app`)	false
Whether or not a user is editing through the mobile interface (`user_mobile`)	false
Page ID (`page_id`)	1199510
Page namespace (`page_namespace`)	0
Page title without namespace (`page_title`)	'Anomaly-based intrusion detection system'
Full page title (`page_prefixedtitle`)	'Anomaly-based intrusion detection system'
Action (`action`)	'edit'
Edit summary/reason (`summary`)	''
Old content model (`old_content_model`)	'wikitext'
New content model (`new_content_model`)	'wikitext'
Old page wikitext, before the edit (`old_wikitext`)	'An '''anomaly-based intrusion detection system''', is an [[intrusion detection system]] for detecting both network and computer intrusions and misuse by monitoring system activity and classifying it as either ''normal'' or ''anomalous''. The classification is based on [[heuristics]] or rules, rather than patterns or [[signature]]s, and attempts to detect any type of misuse that falls out of normal system operation. This is as opposed to signature-based systems, which can only detect attacks for which a signature has previously been created.<ref name="Wang2004" /> In order to positively identify attack traffic, the system must be taugt to recognize normal system activity. The two phases of a majority of anomaly detection systems consist of the training phase (where a profile of normal behaviors is built) and testing phase (where current traffic is compared with the profile created in the training phase).<ref name="Khalkhali, Azmi, Azimpour-Kivi, and Khansari" /> Anomalies are detected in several ways, most often with [[artificial intelligence]] type techniques. Systems using artificial [[neural networks]] have been used to great effect. Another method is to define what normal usage of the system comprises using a strict mathematical model, and flag any deviation from this as an attack. This is known as strict anomaly detection.<ref name = "Sasha2000"/> Other techniques used to detect anomalies include [[data mining]] methods, grammar based methods, and [[Artificial Immune System]].<ref name="Khalkhali, Azmi, Azimpour-Kivi, and Khansari" /> Network-based anomalous intrusion detection systems often provide a second line of defense to detect anomalous traffic at the physical and network layers after it has passed through a firewall or other security appliance on the border of a network. Host-based anomalous intrusion detection systems are one of the last layers of defense and reside on computer end points. They allow for fine-tuned, granular protection of end points at the application level.<ref name="Beaver2014" /> Anomaly-based Intrusion Detection at both the network and host levels have a few shortcomings; namely a high [[False positives and false negatives\|false-positive]] rate and the ability to be fooled by a correctly delivered attack.<ref name = "Sasha2000"/> Attempts have been made to address these issues through techniques used by PAYL<ref name="Perdisci2008" /> and MCPAD.<ref name="Perdisci2008" /> ==See also== * [[Cfengine]] – 'cfenvd' can be utilized to do ''''''anomaly detection'''''' * [[Change detection]] * [[DNS analytics]] * [[Hogzilla IDS]] – is a free software (GPL) anomaly-based intrusion detection system. * [[RRDtool]] – can be configured to flag anomalies ==References== {{Reflist\|refs= <ref name="Wang2004">{{cite web\|last=Wang\|first=Ke\|title=Anomalous Payload-Based Network Intrusion Detection\|doi=10.1007/978-3-540-30143-1_11\|work=Recent Advances in Intrusion Detection\|publisher=Springer Berlin\|accessdate=2011-04-22\|url=http://sneakers.cs.columbia.edu/ids/publications/RAID4.PDF}}</ref> <ref name="Khalkhali, Azmi, Azimpour-Kivi, and Khansari">{{cite web\|last1=Khalkhali\|first1=I\|last2=Azmi\|first2=R\|last3=Azimpour-Kivi\|first3=M\|last4=Khansari\|first4=M\|title=Host-based web anomaly intrusion detection system, an artificial immune system approach\|website=ProQuest}}</ref> <ref name = "Sasha2000">[http://phrack.org/issues/56/11.html A strict anomaly detection model for IDS, Phrack 56 0x11, Sasha/Beetle]</ref> <ref name="Khalkhali, Azmi, Azimpour-Kivi, and Khansari">{{cite web\|last1=Khalkhali\|first1=I\|last2=Azmi\|first2=R\|last3=Azimpour-Kivi\|first3=M\|last4=Khansari\|first4=M\|title=Host-based web anomaly intrusion detection system, an artificial immune system approach\|website=ProQuest}}</ref> <ref name="Beaver2014">{{cite web\|last1=Beaver\|first1=K\|title=Host-based IDS vs. network-based IDS: Which is better?\|website=Tech Target, Search Security}}</ref> <ref name="Perdisci2008">{{cite journal\|last=Perdisci\|first=Roberto\|author2=Davide Ariu \|author3=Prahlad Fogla \|author4=Giorgio Giacinto \|author5=Wenke Lee \|title=McPAD : A Multiple Classifier System for Accurate Payload-based Anomaly Detection\|journal=Computer Networks, Special Issue on Traffic Classification and Its Applications to Modern Networks\|year=2009\|volume=5\|issue=6\|pages=864–881\|url=http://roberto.perdisci.com/publications/publication-files/McPAD-revision1.pdf?attredirects=0}}</ref> }} {{DEFAULTSORT:Anomaly-Based Intrusion Detection System}} [[Category:Computer network security]] {{compu-network-stub}}'
New page wikitext, after the edit (`new_wikitext`)	'sunny leone'
Whether or not the change was made through a Tor exit node (`tor_exit_node`)	false
Unix timestamp of change (`timestamp`)	1537266551