The community is moving towards the cloud, and its security is important. An old vulnerability known by the attacker can be easily exploited. Security issues and intruders can be identified by the IDS (intrusion detection systems). Some of the solutions consist of network firewall, anti-malware. Malicious entities and fake traffic are detected through packet sniffing. This chapter surveys different approaches for IDS, compares them, and presents a comparative analysis based on their merits and demerits. The authors aim to present an exhaustive survey of current trends in IDS research along with some future challenges that are likely to be explored. They also discuss the implementation details of IDS with parameters used to evaluate their performance.
TopIntroduction To Intrusion Detection System
Now a day cyber-attacks are increasing rapidly in the network or internet which leads financial loss to the business. IDS is playing a significant role in today network to detect any malicious activities by internal or external intruders.
In today network IDS is play an important role in security architecture. Intrusion detection is a software or hardware that analyze the events which occurred in information systems or in network with sign of intrusions. IDS help to increase the Confidentiality, Integrity, and Availability of systems or network. Signature and patterns matching techniques for analysis the various files present in the network and systems which analyze and detect by IDS. Cyber security plays an important role in today’s technology. Some IDS are designed based on behavior on detection, audit source location and frequency of usage.
With rapid growth of cyber space for Information sharing also attract intruder to perform illegal activity over cyber space for capturing, tempering or other misuse of private and confidential information available over cyber space. Intruder can attack over the system whereas client based, or network-based firewall are not enough capable to resist these attacks over cyber space (Hatcher & Yu, 2018).
To establish a self-observe defense scheme in order to prevent the confidentially of modern organization, IDS systems play a vital role. IDS identify illegal movement over cyber space that compromises the truthfulness, privacy and accessibility of confidential information (Barbara et al., 2001; Hoque et al., 2012).
Traditional instruction deduction system (TIDS) collect the deep knowledge of intruder by constantly monitoring the intruder activity over cyberspace. TIDS system is grounded on pattern recognition of different source of auditing and intrusion by matching the rule offers the humanoid system expert. The model is done manually for a fresh style of intrusion ever discovered. The method of elementary restriction of this model is cannot be recognized by existing cyber space (Hosseinpour & Abu Bakar, 2010).
IDS is classified as per the method used and the basis of the detection. NIDS is used for the network monitor traffic and network analyze. It is used to protect the Local area network from the intrusion that has been caused by the host. HIDS are placed on the host in the network. It takes action and detects the malicious traffic. It collects the traffic which are incoming and outgoing in the network and identify attacks.
Component of IDS
- 1.
Information Collection blade: This blade is responsible for collecting the events which will be used by next blade analysis engine to detect.
- 2.
Analysis Engine: This is the core component of IDS called Sensor. Machine learning, Pattern matching, data mining can be used in intrusion detectors. This component is capable of the analyzer to detect an attack. Three type of detection: Misuse detection, Anomaly Detection, Hybrid Detection.
- 3.
Response Component: This is responsible to control the reaction that how to respond if anything attacks detected by Analysis Engine. Response can be Active response and Passive Response.
Figure 1. Components of Intrusion Detection System