摘要 |
A network intrusion detection system (IDS) employs a method which looks at network traffic data and determines for each address external to the monitored network the number of communications or attempted communications with an address allocated to the monitored network. If this number exceeds a threshold within a predetermined period of time this may be indicative of an attempt to probe or scan the network and therefore the external address is flagged as a potential security threat or source of attack. The system may also utilise a predetermined list of trusted external device addresses which the operator does not consider potential sources of attack and these addresses may be excluded from the method. |