Summary
The article by Sommer and Paxon (2003) focuses on the approaches that are applied in the detection of network intrusion. Sommer and Paxon (2003) reveal some of the measures that may be applied in the detection of intrusions such as observing network traffic, detection of anomaly through observing normal behaviours, and detecting abnormal behaviour and misuse detection. The other form of detection stated in the article is specific-based detection, where the legitimate traffic is differentiated from violation (Sommer & Paxon, 2003). Signature matching is the focus in the article where the sequence of bytes is identified in the network (Sommer & Paxon, 2003).
The authors state that this method is easier to implement in network security, with the main disadvantage being the existence of false positives that emerge because of ignoring the context of the bytes (Sommer & Paxon, 2003). They proposed the use of contextual signatures in network security. This method is more accurate in the detection of any false positives and/or prioritizing the alerts by importance (Sommer & Paxon, 2003). Examples of applications that can be used in this method are provided in the article. The authors also propose the use of operational contextual signatures as an effective method of security in networks (Sommer & Paxon, 2003).
Analysis
The article, just like the previous one, addresses internet security by pointing out the network threats in this platform. The contributions of this article to internet security are evident. The article looks at the weaknesses that exist in the current security arrangements to detect network threats. The use of bytes is the main area of focus. The authors state the advantages and disadvantages of this method (Sommer & Paxon, 2003). They propose the use of detecting contextual signatures in providing network security as an efficient technique of identifying the threats.
The strengths of this article include the simplicity with which it provides the necessary information on network security. It contributes to internet security by proposing the methods that may be used to provide this security.
The main weakness of the article is the assumptions that it makes in relation to the proposed methods of offering network security. The authors assume that security threats are easy to tackle with the proposed methods. They leave many eventualities in the case of failure of these systems. These eventualities may be challenging to the future researchers who intend to utilize the methods that are proposed in the article. The researchers do not carry out a detailed study on the use of the methods that they proposed, unlike the previous study that provided detailed results on the experiments to establish the usefulness of the interventions.
The main limitation that is evident in this article is the existence of false positives in the process of detecting threats (Sommer & Paxon, 2003). Although some of the methods used to detect network threats have different ways applications, some are better at detecting network threats compared to those discussed in the article. The presence of false positives means that the use of the form of threat detection proposed in the essay may make internet users lose vital information in the process. However, the above limitations can be overcome through the improvements that are suggested in the article (Sommer & Paxon, 2003).
Despite the above weaknesses and limitations, the suggested methods of detecting network threats can be improved in several ways. The researchers need to formulate a study that compares the various methods that are proposed in the article. The effectiveness of these methods should then be used to make conclusions in the future conferences and/or in publications of the articles. The article compares to several other articles that have been read in class so far.
Comparison with Previous Articles
One of the comparison areas is that the article is based on the measures to detect network threats before they become harmful to the users. Therefore, it is useful to the internet community at large. Previous articles have provided useful knowledge on detection and prevention of internet threats. This article, in particular, makes special contributions to internet security by proposing several means of detecting network threats before they transform into dangerous and malicious threats (Sommer & Paxon, 2003).
The current article has limitations that are similar to the ones that are present in other articles that have been discussed in class. Each of the articles that present the issue of providing internet security has its own weaknesses, thus creating vulnerabilities that may be exploited by the attackers. They all propose measures that may be applied in the prevention of the threats. However, these methods are ineffective in preventing threats from affecting users. The article is also different from most of the articles read in class because the researchers do not provide results for experiments that they performed to evaluate the proposed methods of detecting network threats.
Discussion and Conclusions
The use of bytes as the basic method of detecting threats to a network is an effective method. However, this technique has a weakness in the form of false positives that exist in detection methods. The proposed use of contextual signature detection reduces the problem of false positives. Does this mean that internet users have to frequently miss their vital information and messages from the network when using this method of detection? This question is an important one to answer. Future researches should target to provide a more effective solution.
Reference List
Sommer, R., & Paxon, V. (2003). Enhancing byte-level network intrusion detection signatures with context. Proceedings of the 10th ACM Conference on Computer and Communication Security. Web.