A Review of Intrusion Detection Systems

Shaikha, Hawkar Kh.; Abduallah, Wafaa Mustafa

doi:10.25007/ajnu.v6n3a90

Cited by 5 publications

(7 citation statements)

References 12 publications

(14 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Denning introduced the technique of detecting intrusion, and since then researchers have worked hard to automatically detect intrusions in network systems [6]. Intrusion detection systems have been defined as the technique of using artificial intelligence, machine learning, and database systems to uncover malicious patterns in large datasets [2]. IDS can be broadly classified into two major categories, anomaly-based IDS and misuse-based IDS.…”

Section: Intrusion Detection Systemsmentioning

confidence: 99%

“…ey monitor the normal operations of the system, and if they detect an anomaly, a flag is raised. Instead of keeping all patterns of well-known malicious dataset and updating as new patterns emerge, anomaly detection systems outline "normal" operations of a system and flag anything that deviates from the outline [2]. According to [7], anomaly IDS contains three stages: parameterization, training stage, and detection stage.…”

Section: Anomaly-based Intrusion Detection Systemsmentioning

confidence: 99%

“…We have two major categories of intrusion detection systems, which include misuse based and anomaly based. Misuse-based IDSs are developed to flag known attacks using patterns of the known attacks [2]. Misuse detection systems use patterns of well-known attacks or weak spots of the system to match and identify known intrusions.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Systematic Review on Hybrid Intrusion Detection System

Maseno

Wang

Xing

2022

Security and Communication Networks

View full text Add to dashboard Cite

As computer networks keep growing at a high rate, achieving confidentiality, integrity, and availability of the information system is essential. Intrusion detection systems (IDSs) have been widely used to monitor and secure networks. The two major limitations facing existing intrusion detection systems are high rates of false-positive alerts and low detection rates on zero-day attacks. To overcome these problems, we need intrusion detection techniques that can learn and effectively detect intrusions. Hybrid methods based on machine learning techniques have been proposed by different researchers. These methods take advantage of the single detection methods and leverage their weakness. Therefore, this paper reviews 111 related studies in the period between 2012 and 2022 focusing on hybrid detection systems. The review points out the existing gaps in the development of hybrid intrusion detection systems and the need for further research in this area.

show abstract

Section: Intrusion Detection Systemsmentioning

confidence: 99%

Section: Anomaly-based Intrusion Detection Systemsmentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Review on Hybrid Intrusion Detection System

Maseno

Wang

Xing

2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Traditional cybersecurity methods (e.g., firewalls, user authentication, and data encryption) cannot handle the complex attacks that take place online. Intrusion detection systems (IDSs) are designed to detect a variety of anomalous patterns that serve as the attack signatures of new and known attacks [3], using advanced database systems with machine learning [4]. When an IDS reports potential malicious activities in an information system [5], it kicks off various analytical and alerting processes to confirm the nature of the attack and launch protection measures.…”

Section: Introductionmentioning

confidence: 99%

“…(3) To improve data-level class balancing, we provide an ingenious combination of random undersampling (RUS) and synthetic minority oversampling to adjust the data distribution structure and improve minority class detection. (4) To improve algorithm-level class balancing, we apply a hybrid convolutional neural network (CNN) and a Transformer model to adopt new detection performance efficiencies over contemporary models. Our model's performance is compared with that of state-ofthe-art IDS models, demonstrating that our innovations have clear advantages in terms of accuracy, FP rate, and recall.…”

Section: Introductionmentioning

confidence: 99%

Hybrid Intrusion Detection System Based on Data Resampling and Deep Learning

Chen,

You,

Shiue

2024

IJACSA

View full text Add to dashboard Cite

The growth of the internet has advanced information-sharing capabilities and vastly increased the importance of global network security. However, because new and inconspicuous abnormal behaviors are nearly impossible to detect in massive network access environments, modern intrusion detection systems have identified a high rate of false-positive (FP) and false-negative (FN) attacks. To overcome this, this paper proposes a hybrid deep learning model that significantly mitigates the disadvantages of consistently imbalanced sample attack data. First, it resolves imbalanced data using random undersampling and synthetic minority oversampling techniques. Then, convolutional neural networks (CNNs) extract local and spatial features, and a transformer encoder extracts global and temporal features. The novelty of this combination increases recognition accuracy at the algorithm level, which is crucial to reducing FPs and FNs. The model was subjected to multiclassification testing on the NSL-KDD and CICIDS2017 benchmark datasets, and the results show that our model has higher classification accuracy and lower FP rates than state-ofthe-art intrusion detection models. Moreover, it significantly improves the detection rate of low-frequency attacks.

show abstract