Article Preview
TopIntroduction And Motivation
The proliferation of telecommunication infrastructures, along with affordable computing devices and smartphones, has spearheaded a significant expansion of the Internet, leading to a substantial increase in internet bandwidth and users over the past few years. With this digital evolution, the internet has increasingly become a cornerstone of our daily activities, making it a lucrative target for cybercriminals.
This unprecedented growth of internet usage in recent years has triggered a corresponding surge in cyber threats and attacks (Mijwil et al., 2023). The rise in internet usage is well-documented, from approximately 413 million users at the start of the twenty-first century to almost 4.7 billion users by 2022, signifying that nearly 60% of the world's population actively use the internet (Li & Liu, 2021), Also in 2021, Positive technologies specialists (Cybersecurity Threatscape: Year 2021in Review Positive Technologies, n.d.) recorded more than 2,400 attacks, that is 6.5 percent more than 2020 attacks stating that this huge increase is due to the corona virus and the heavy use of the internet and working from home. This expansion in internet usage has inevitably increased the number of potential targets for cybercriminals, leading to a sharp rise in cyberattacks as it has a huge impact on the economy (Gulyás & Kiss, 2023) and as a result, cyber-attacks drive investment in cybersecurity systems (Fernandez De Arroyabe et al., 2023), all of that proves that a NIDS is crucial for any device.
The critical role of Network Intrusion Detection Systems (NIDS) cannot be overemphasized in today's hyperconnected world as shown in the risk analysis research published in the International Journal of Advanced Computer Science and Applications (Jakim et al., n.d.). As technological advancements continue to expand, so does the complexity and size of network infrastructure, creating more opportunities for attackers to exploit vulnerabilities as stated in the neural Computing and Applications survey (Keserwani et al., 2023). The variety and increasing frequency of cyber-attacks necessitate reliable and robust NIDS that can efficiently mitigate these security risks.
Recent studies illustrate the vital part played by NIDS in ensuring network security. A systematic study published in the European Transactions on Telecommunications (Ahmad et al., 2021) highlighted how NIDS scrutinizes network traffic to ensure its confidentiality, integrity, and availability, effectively thwarting potential intrusions. In the realm of intrusion detection, two fundamental strategies are employed: Anomaly-based IDS and Signature-based IDS (Liao et al., 2013). Signature-based IDS focuses on identifying intrusion occurrences through pre-defined “signature” patterns of known attacks. To remain effective, it regularly updates its signature database to detect the latest trends and zero-day attack patterns where the quality of those signatures influences the overall effectiveness of the NIDS as stated by a study published in the Information Security Journal (Sommestad et al., 2022) that demonstrated the popular Snort signature-based solution which proved to be a very effective ruleset as its latest release of Snort 3 which showed better performance than the earlier version (Boukebous et al., 2023). Conversely, the anomaly-based intrusion detection system (also known as Behavior-based Detection) works by comparing normal behavioral patterns with new activities, continuously monitoring network activities to flag potential intrusions.
Creating a successful NIDS remains a crucial challenge in the realm of network security. Although significant progress has been made in NIDS, the predominant focus lies on signature-based methods, largely neglecting anomaly detection techniques. Several factors contribute to the reluctance to embrace anomaly detection, such as the intricate behavioral dynamics of systems, the need for reliable training data collection, high associated costs, and error rates arising from the dynamic nature of the data whereas the signature-based NIDS proved to be resilient against Distributed Denial of Service Attack (DDOS) (Chen & Lai, 2023), (Sardar et al., n.d.).