Intrusion Detection

• Intrusion Detection System
  • Intrusion Detection
  • Intrusion Detection System
  • Classifications and Pros and Cons
• References and Recommended Readings

Intrusion Detection System

Intrusion Detection

• Intrusion detection is the process of monitoring a network or systems for malicious activity or policy violations

Intrusion Detection System

• Intrusion Detection System (IDS), a system that combines hardware and software to detect intrusion
• Raise the alarm when possible intrusion happens

Classifications and Pros and Cons

• Misuse based (signature based)
  • Designed to detect known attacks by signatures
  • Less false alarms
  • Frequently manual update signatures dataset
  • Cannot detect novel (Zero-day) attacks
• Anomaly based
  • Identifies the anomalies from normal behavior
  • Able to detect Zero-Day Attack
  • Profiles of normal activity are customized for every system
  • More false alarms
• Hybrid
  • Combination of misuse and anomaly detection
  • Increases the detection rate and decreases the false alarm generation

References and Recommended Readings

• Network Anomaly Detection: Methods, Systems and Tools
• A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection
• [Lecture] A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection by Pradip Kumar Sharma
• The Use of Computational Intelligence in Intrusion Detection Systems: A Review
• To use the concept of Data Mining and machine learning concept for Cyber security and Intrusion detection