Article Preview
TopIntroduction
The cyber security of IT infrastructure is becoming increasingly important. Computer and network security has become increasingly popular as a result of increased and innovative cyber attacks (CERT, 2018). An adversary, either internal or external to the system, can launch an attack on IT infrastructure. Insider attacks have recently emerged as a major threat to network security (ClearSwift, 2017; HayStax, 2017). Before an attack on a computer or network occurs, adversaries investigate vulnerabilities to exploit the system. Vulnerabilities can exist at any level of the IT infrastructure, including application software, operating systems, and hardware. Vulnerabilities discovered can be exploited to compromise data and render services inaccessible. Despite the fact that network perimeters are well fortified to protect IT resources, adversaries discover novel ways to attack and penetrate networks. Attacks such as Phishing, DDoS, and intrusion are the major cyber-attack contributors (Alomari, Manickam, Gupta, Karuppayah, & Alfaris, 2012; Yu, 2014; Zargar, Joshi, & Tipper, 2013).
Network Vulnerabilities
Vulnerabilities can be defined as a bug or misconfiguration in a software system that is exploited by adversaries to attack a host or a network system (Bazaz & Arthur, 2007; Benton, Camp, & Small, 2013; Bishop & Bailey, 1996). Given the importance of cyber attacks, the Computer Emergency Response Team (CERT) maintains a dedicated portal to notify advanced vulnerabilities and recommend remedial action to plug the vulnerabilities. (CERT, 2018).
An attack on a host or network can be exercised only if a vulnerability exists. Once a vulnerability is exploited, an adversary can intrude into the computer or a network system and is likely to cause huge damage. The attacker exploits the vulnerabilities and succeeds in attacking the target (Wang, Jajodia, Singhal, Cheng, & Noel, 2014). For instance, vulnerabilities in Adobe Flash, and Adobe Acrobat Reader has caused several attacks. To fix the vulnerabilities, Adobe released a series of patches.
Intrusion Detection System
The intrusion detection system is a software that is developed to detect intrusions in a computer or network system. The working principle involves tracing the malicious software demonstrating distinct behaviour relative to the ordinary traffic. Indeed, the need for intrusion prevention was more stressed instead of being limiting to intrusion detection by authors (Cai, Mei, & Zhong, 2018). Ordinary anti-virus software fails to detect such types of advance malicious behaviour (SentinelOne, 2018). Seamless connectivity coupled with accelerated growth in PCs, smartphones, tablets, and internet connectivity offers a great opportunity for adversaries to creep from one device to another (Shelke, Sontakke, & Gawande, 2012; Shakshuki, Kang, & Sheltami, 2013). This leads to a compromise in security and causes the expansion of malicious software. In a network, resources such as nodes or a host can be compromised by intruder on the periphery. Accordingly, IDS can be categorized into: a) host-based b) network-based, and c) periphery-based.
To trace the intrusion, IDS primarily employs either statistical or data mining methods. Usage of data mining techniques is not new in IDS and rigorously employed by authors(Berson & Smith, 1997). In order to combat the new features in malicious software, several new techniques were proposed to thwart intrusion (Aburomman & Reaz, 2016; Altwaijry & Algarny, 2012). To keep IDS usage costs low, authors (Alharkan & Martin, 2012) have proposed a public cloud-based approach to detect intrusion. As a result, the user can gain access to advanced and updated IDS while paying for limited usage.