Indicator of Intrusion is the indicator that an intruder had gained or made attempts to gain un-authorized access to a system.
Types of Indicator of Intrusion
File System Intrusion
By observing and assessing files in the system, we can detect intrusion by the following ways:
- There is an new unknown file.
- Change in file persmission compared to earlier permissions.
- Change in size of the file.
- Change in the hash value of the file.
- Missing file.
- Change in the location of the file.
- Change in the file type extension.
Network Intrusion Indicator
By monitoring the network activity, we can detect intrusion by the following ways:
- Increase in volume of network traffic.
- High volume of unidirectional network traffic.
- High drops of packets in the firewall.
- Network traffic from malicious IPs.
System Intrusion Indicator
By monitoring the system activity and logs, we can detect intrusion by the following ways:
- Increase in CPU and Memory usage,
- Abnormal and high failed login and un-successful attempts.
- System low performance.
- Unknown processes and services running.
- System crash and reboots.