Analysis of Intrusion Detection System Methodologies
VerifiedAdded on 2025/05/13
|21
|4763
|411
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
Intrusion detection system
1
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Abstract
The intrusion detection system is the system for security that behaves like the layer for the
protection to the infrastructure. To keep an eye on the cybercrimes, the technology of IDS is also
exponentially increasing. Research on the IDS is being conducted by the researchers in order to
enhance the detection of attacks capability without jeopardizing the performance of the network.
With the increasing rate of the attacks and threats by the attacker, this system has been
introduced. This research report is on the research of the IDS technology which includes the
strengths and limitation of the technology along with the distinction of other researches which
provides the gap area between the areas of research. The intrusion detection system is broadly
classified into three categories like application based IDS, network-based IDS, and host-based
IDS. The report is on understanding the concepts of IDS technology and also the methodology of
the IDS. The methodology includes the way of research which will be then followed by the
research onion. From this research project and the report, one will be able to understand the
mechanism of the intrusion detection system. One will also be able to have an understanding of
the types of attacks that can affect the proper functioning of the software or the application. The
report also consists of the Gantt chart that provides detailed information about the project plan.
Keywords: intrusion detection system, machine learning, IDS, prediction, monitoring system,
forecasting, correlation, threats, attacks
2
The intrusion detection system is the system for security that behaves like the layer for the
protection to the infrastructure. To keep an eye on the cybercrimes, the technology of IDS is also
exponentially increasing. Research on the IDS is being conducted by the researchers in order to
enhance the detection of attacks capability without jeopardizing the performance of the network.
With the increasing rate of the attacks and threats by the attacker, this system has been
introduced. This research report is on the research of the IDS technology which includes the
strengths and limitation of the technology along with the distinction of other researches which
provides the gap area between the areas of research. The intrusion detection system is broadly
classified into three categories like application based IDS, network-based IDS, and host-based
IDS. The report is on understanding the concepts of IDS technology and also the methodology of
the IDS. The methodology includes the way of research which will be then followed by the
research onion. From this research project and the report, one will be able to understand the
mechanism of the intrusion detection system. One will also be able to have an understanding of
the types of attacks that can affect the proper functioning of the software or the application. The
report also consists of the Gantt chart that provides detailed information about the project plan.
Keywords: intrusion detection system, machine learning, IDS, prediction, monitoring system,
forecasting, correlation, threats, attacks
2
Table of Contents
Introduction.................................................................................................................................................2
Background.................................................................................................................................................3
Aim.............................................................................................................................................................3
Objective.....................................................................................................................................................4
Structure......................................................................................................................................................4
Requirements...............................................................................................................................................5
Deliverables.................................................................................................................................................6
Challenges...................................................................................................................................................6
Methodology...............................................................................................................................................7
Types of methodologies...........................................................................................................................8
Research methodology..........................................................................................................................16
Project plan................................................................................................................................................17
Reference...................................................................................................................................................19
3
Introduction.................................................................................................................................................2
Background.................................................................................................................................................3
Aim.............................................................................................................................................................3
Objective.....................................................................................................................................................4
Structure......................................................................................................................................................4
Requirements...............................................................................................................................................5
Deliverables.................................................................................................................................................6
Challenges...................................................................................................................................................6
Methodology...............................................................................................................................................7
Types of methodologies...........................................................................................................................8
Research methodology..........................................................................................................................16
Project plan................................................................................................................................................17
Reference...................................................................................................................................................19
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Introduction
The intrusion detection system is basically a software application or a device useful in
monitoring a system or a network for a policy violation or malicious activities. This violations
and activities are reported to an administrator and are also gathered using a SIEM system
(security information and event management). It provides the output by combining different
inputs from multiple sources. Alarm filtering techniques are used to distinguish false alarms from
malicious activities. There exist many types of IDS and the common types are host-based IDS
(HIDS) and network IDS (NIDS). Example of HIDS includes the system that helps in monitoring
the file of the operating system and the example of NIDS includes a system that is useful in
analyzing the incoming traffic of the network. Detection approach is also used for the
classification of IDS. These classifications include signature-based detection, anomaly-based
detection, and reputation-based detection. But, the broadly classified intrusion detection system
is the network-based IDS, application-based IDS, and the host-based IDS. The IDS behaves like
the tool for the risk assessment to gauge the attack effect and also it formulates the ways of
overcoming such risks. It was introduced in the year 1980 and is has gained so much importance
in the past recent years and has got developed so much in the past. The IDS system includes
three of the following components namely, sensors, console, and detection engine. Sensors are
used to sense the traffic of the network and generate events. The console is used to monitor the
alerts and events and also they control the sensors.The detection engine is used for the recording
of the logged events by the sensors in the system of database and alerts are generated using the
system rules from the security events received. The entire report consists of the points that are
helpful in making the understanding clear about the intrusion detection system. It consists the
detailed information about various intrusion detection systems and also the functional
requirements that are required at different levels of processing, technical, output, and
miscellaneous so that all the functions should be known at the end. On the basis of the sensor’s
location and type, there are several types of IDS systems and the methodologies that can be used
by the engines just for the sake of generating events. In the simple IDS systems, all these
components are combined in an appliance or in a single device.
4
The intrusion detection system is basically a software application or a device useful in
monitoring a system or a network for a policy violation or malicious activities. This violations
and activities are reported to an administrator and are also gathered using a SIEM system
(security information and event management). It provides the output by combining different
inputs from multiple sources. Alarm filtering techniques are used to distinguish false alarms from
malicious activities. There exist many types of IDS and the common types are host-based IDS
(HIDS) and network IDS (NIDS). Example of HIDS includes the system that helps in monitoring
the file of the operating system and the example of NIDS includes a system that is useful in
analyzing the incoming traffic of the network. Detection approach is also used for the
classification of IDS. These classifications include signature-based detection, anomaly-based
detection, and reputation-based detection. But, the broadly classified intrusion detection system
is the network-based IDS, application-based IDS, and the host-based IDS. The IDS behaves like
the tool for the risk assessment to gauge the attack effect and also it formulates the ways of
overcoming such risks. It was introduced in the year 1980 and is has gained so much importance
in the past recent years and has got developed so much in the past. The IDS system includes
three of the following components namely, sensors, console, and detection engine. Sensors are
used to sense the traffic of the network and generate events. The console is used to monitor the
alerts and events and also they control the sensors.The detection engine is used for the recording
of the logged events by the sensors in the system of database and alerts are generated using the
system rules from the security events received. The entire report consists of the points that are
helpful in making the understanding clear about the intrusion detection system. It consists the
detailed information about various intrusion detection systems and also the functional
requirements that are required at different levels of processing, technical, output, and
miscellaneous so that all the functions should be known at the end. On the basis of the sensor’s
location and type, there are several types of IDS systems and the methodologies that can be used
by the engines just for the sake of generating events. In the simple IDS systems, all these
components are combined in an appliance or in a single device.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Background
The intrusion detection system was introduced in the early 1980s and from then it has gained so
much of the importance in the past recent years. These kinds of systems are used to monitor the
application or the software to prevent them from being hijacked or attacked by the attackers. This
monitoring is done periodically. With the increase in the cybercrimes and misuse of the system
or in technical terms, it can term as an intrusion. To detect such cases and to resolve such
problems, some mechanism was thought to be introduced. The created software was termed as
the intrusion detection system. It is used in big organizations because they have a big amount of
sensitive data which is stored in the database. Such networks of the big organizations are very
much prone to the attacks, so to detect suck kinds of attacks intrusion detection system is used in
the industries. There was a huge rise in the reputation and incorporation of the infrastructure of
network security. From the previous version of the intrusion detection system, later versions
have improved so much. In late 1980, James Anderson first published his paper on the topic of
computer security and threat monitoring and surveillance. This published paper laid down the
foundation of the development of the intrusion detection system. Peter Neumann and Dorothy
Denning in the year around 1982 to 1986, started working together on a government project
which was based on the intrusion detection system development. The very first real-time model
was also developed by them. the attacks on the sensitive data are increasing day by day and also
the online crimes are commonly known as cybercrimes are also increasing at a fast rate, therefore
this technology of detecting the attacks have gained popularity. Between the years 2006 to 2010,
the crime rates have been increased to 35000 directly from 5000 and hence to understand the
need and importance of IDS like systems and should be made applicable.
Aim
The aim of the project is the performance evaluation of the mechanism of the intrusion detection
system with internal attacks. This research focuses on the concept learning of the intrusion
detection system and to define the standards for the usage. The aim is to research the types of
various networks that are used in the system. This system is well designed so that any application
or the software can be prevented by getting hijacked or attacked by any kind of threats. The main
aim of the project is basically to understand the IDS i.e. intrusion detection system so that these
systems can be used efficiently to protect the software and applications.
5
The intrusion detection system was introduced in the early 1980s and from then it has gained so
much of the importance in the past recent years. These kinds of systems are used to monitor the
application or the software to prevent them from being hijacked or attacked by the attackers. This
monitoring is done periodically. With the increase in the cybercrimes and misuse of the system
or in technical terms, it can term as an intrusion. To detect such cases and to resolve such
problems, some mechanism was thought to be introduced. The created software was termed as
the intrusion detection system. It is used in big organizations because they have a big amount of
sensitive data which is stored in the database. Such networks of the big organizations are very
much prone to the attacks, so to detect suck kinds of attacks intrusion detection system is used in
the industries. There was a huge rise in the reputation and incorporation of the infrastructure of
network security. From the previous version of the intrusion detection system, later versions
have improved so much. In late 1980, James Anderson first published his paper on the topic of
computer security and threat monitoring and surveillance. This published paper laid down the
foundation of the development of the intrusion detection system. Peter Neumann and Dorothy
Denning in the year around 1982 to 1986, started working together on a government project
which was based on the intrusion detection system development. The very first real-time model
was also developed by them. the attacks on the sensitive data are increasing day by day and also
the online crimes are commonly known as cybercrimes are also increasing at a fast rate, therefore
this technology of detecting the attacks have gained popularity. Between the years 2006 to 2010,
the crime rates have been increased to 35000 directly from 5000 and hence to understand the
need and importance of IDS like systems and should be made applicable.
Aim
The aim of the project is the performance evaluation of the mechanism of the intrusion detection
system with internal attacks. This research focuses on the concept learning of the intrusion
detection system and to define the standards for the usage. The aim is to research the types of
various networks that are used in the system. This system is well designed so that any application
or the software can be prevented by getting hijacked or attacked by any kind of threats. The main
aim of the project is basically to understand the IDS i.e. intrusion detection system so that these
systems can be used efficiently to protect the software and applications.
5
Objective
The main objective of this research on intrusion detection system is to gather the concepts and
theories on IDS and also to research on different types of networks. It focuses on SME network
topology and to test internal attacks. The objective is also to make the best recommendations for
industry and settings as well. The objective is to prevent applications and software from various
threats. The objective of this research is to present the methodologies and the literature review.
Structure
The structure of the report is well-defined divided into different various sections. The report
consists of five different sections. The first section includes the introduction of the topic on
which the research will be done with its aim and objectives. The section includes the background
of the research and the deliverables that will be delivered at the end of the research. It also
includes the requirements that will be involved in the research and for the completion of this
research report.
The second section involves the literature review of the research on the topic intrusion detection
system that includes various subtopics like the concept on the independent and the dependent
variable, and the detailed information and the proper understanding of different intrusion
detection systems like the network-based IDS, host-based IDS, and application-based IDS.
The third section includes the methodology that is used for the development of the intrusion
detection system for detecting and analyzing threats.
The fourth section in this report is for the challenges and risks that arise when developing an
intrusion detection system. This section also includes the ethical and professional issues.
The fifth and the last section of the report include the findings and the conclusion part. The
finding section will give the detailed information of the developed system and the understanding
of how it will detect and overcome the vulnerabilities.
Requirements
Hardware: 5 computer systems, Cisco Catalyst 3560 series, and cables
6
The main objective of this research on intrusion detection system is to gather the concepts and
theories on IDS and also to research on different types of networks. It focuses on SME network
topology and to test internal attacks. The objective is also to make the best recommendations for
industry and settings as well. The objective is to prevent applications and software from various
threats. The objective of this research is to present the methodologies and the literature review.
Structure
The structure of the report is well-defined divided into different various sections. The report
consists of five different sections. The first section includes the introduction of the topic on
which the research will be done with its aim and objectives. The section includes the background
of the research and the deliverables that will be delivered at the end of the research. It also
includes the requirements that will be involved in the research and for the completion of this
research report.
The second section involves the literature review of the research on the topic intrusion detection
system that includes various subtopics like the concept on the independent and the dependent
variable, and the detailed information and the proper understanding of different intrusion
detection systems like the network-based IDS, host-based IDS, and application-based IDS.
The third section includes the methodology that is used for the development of the intrusion
detection system for detecting and analyzing threats.
The fourth section in this report is for the challenges and risks that arise when developing an
intrusion detection system. This section also includes the ethical and professional issues.
The fifth and the last section of the report include the findings and the conclusion part. The
finding section will give the detailed information of the developed system and the understanding
of how it will detect and overcome the vulnerabilities.
Requirements
Hardware: 5 computer systems, Cisco Catalyst 3560 series, and cables
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Software: Linux, Windows, Kali Linux, open source applications
Processing requirements
o Monitoring
o Managing
o Assessing
Functional requirements
o Gathering and collecting
o Processing
o Processing and evaluating
o Reporting
o Warning
o Displaying
o Reacting
o Controlling
o Storing
o Interacting
Technical requirements
o Network
o General
o Security
Output requirements
o Security profile
o Attacker profile
o System profile
Miscellaneous requirements
o Configuration
o Architecture
o Interfaces
o Evolution
7
Processing requirements
o Monitoring
o Managing
o Assessing
Functional requirements
o Gathering and collecting
o Processing
o Processing and evaluating
o Reporting
o Warning
o Displaying
o Reacting
o Controlling
o Storing
o Interacting
Technical requirements
o Network
o General
o Security
Output requirements
o Security profile
o Attacker profile
o System profile
Miscellaneous requirements
o Configuration
o Architecture
o Interfaces
o Evolution
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Deliverables
This research will be able to evaluate and investigate the performance of the security of the IDS
(intrusion detection system) mechanism against the threats and attacks. This will provide a
detailed understanding and concepts on internal attacks. This report will also provide the
guidelines on security and also a report of evaluation on internal attacks. This report will be
helpful in having an understanding of the network topology of IDS (intrusion detection system)
infrastructure. At the end of the report, one will have full knowledge of the intrusion detection
system and will learn how to detect the attacks by using such a system.
Challenges
The intrusion detection systems play a significant role in the organizations and especially the
network-based and host-based intrusion detection systems as they ensure the security and notifies
the organizations if any threat occurs. To use this technology efficiently, organizations must
know about the challenges that they might suffer.
The following are the main challenges which manage the network-based IDS and host-based IDS
to get more from this technology that claims to be more powerful in detecting the attacks and
threats done by the attackers and hijackers.
To ensure effective employment:
Organizations must ensure the correct installation of the intrusion detection system in
order to gain the visibility of threats at a high level. The installation must be optimized
and should be installed in the correct way. Due to the constraints of budgets and
monitoring, it becomes quite difficult for placing the HIDS and NIDS sensors in the
entire IT environment. Many organizations lack in understanding the environment of IT
and hence they find difficulty in developing effective IDS and if it is not correctly done
then it will leave a high level of a critical asset.
To manage the alerts that are of high volume
NIDS and HIDS both use the combination of the anomaly based and signature-based
detection techniques. This is used for generating alerts whenthe sensor detects matching
pattern activities or flags the traffic that is something unusual. Such activities include the
consumption of high bandwidth and DNS traffic or irregular web. Many IDS are loaded
8
This research will be able to evaluate and investigate the performance of the security of the IDS
(intrusion detection system) mechanism against the threats and attacks. This will provide a
detailed understanding and concepts on internal attacks. This report will also provide the
guidelines on security and also a report of evaluation on internal attacks. This report will be
helpful in having an understanding of the network topology of IDS (intrusion detection system)
infrastructure. At the end of the report, one will have full knowledge of the intrusion detection
system and will learn how to detect the attacks by using such a system.
Challenges
The intrusion detection systems play a significant role in the organizations and especially the
network-based and host-based intrusion detection systems as they ensure the security and notifies
the organizations if any threat occurs. To use this technology efficiently, organizations must
know about the challenges that they might suffer.
The following are the main challenges which manage the network-based IDS and host-based IDS
to get more from this technology that claims to be more powerful in detecting the attacks and
threats done by the attackers and hijackers.
To ensure effective employment:
Organizations must ensure the correct installation of the intrusion detection system in
order to gain the visibility of threats at a high level. The installation must be optimized
and should be installed in the correct way. Due to the constraints of budgets and
monitoring, it becomes quite difficult for placing the HIDS and NIDS sensors in the
entire IT environment. Many organizations lack in understanding the environment of IT
and hence they find difficulty in developing effective IDS and if it is not correctly done
then it will leave a high level of a critical asset.
To manage the alerts that are of high volume
NIDS and HIDS both use the combination of the anomaly based and signature-based
detection techniques. This is used for generating alerts whenthe sensor detects matching
pattern activities or flags the traffic that is something unusual. Such activities include the
consumption of high bandwidth and DNS traffic or irregular web. Many IDS are loaded
8
with pre-defined alerts but sometimes these are also insufficient for the organizations.
Some systems give false positive but organizations do not have for the screening of every
alert.
Investigating and understanding the alerts:
The alerts of the IDS consist the base level information security. It is when viewed in
isolation has a very little impact. The investigation of IDS can be very time consuming
and resource intensive. It requires supplementary information from other systems to
determine the seriousness of the alarm.
Should know the way of responding to threats:
The organization which is responsible for implementing IDS have the common problem
that they lack the response capability. To have the response capability, the GDPR
(general data protection regulation) is required by the organizations. It processes the data
of any type to report the security breaches to the authority within seventy-two hours.
Methodology
Intrusion detection is termed as the method of checking the actions occurring in a network or
computer system in which the detection of security threats is being examined for their effective
prevention. Intrusion Detection System can be defined as the security tools which are used for
securing the information system and storing the data present in it safely. The Intrusion Detection
System is used in analyzing, monitoring, and responding to the vulnerabilities present in the
information system or is trying to intrude the system. Intrusion Detection System, in order to be
efficient, must follow certain processes and parameters so as to effectively prevent attacks and
security breaches. The key parameters include-
Accuracy- This parameter helps in effectively detecting attacks and eliminating the
occurrence of false alarms.
Completeness- This parameter states the properties of the Intrusion Detection System in
evaluating all the attacks and threats present in a network or computer system.
Timeliness- This parameter states that the Intrusion Detection System must always respond
quickly in order to provide safety to the computer system or network. This property enhances
9
Some systems give false positive but organizations do not have for the screening of every
alert.
Investigating and understanding the alerts:
The alerts of the IDS consist the base level information security. It is when viewed in
isolation has a very little impact. The investigation of IDS can be very time consuming
and resource intensive. It requires supplementary information from other systems to
determine the seriousness of the alarm.
Should know the way of responding to threats:
The organization which is responsible for implementing IDS have the common problem
that they lack the response capability. To have the response capability, the GDPR
(general data protection regulation) is required by the organizations. It processes the data
of any type to report the security breaches to the authority within seventy-two hours.
Methodology
Intrusion detection is termed as the method of checking the actions occurring in a network or
computer system in which the detection of security threats is being examined for their effective
prevention. Intrusion Detection System can be defined as the security tools which are used for
securing the information system and storing the data present in it safely. The Intrusion Detection
System is used in analyzing, monitoring, and responding to the vulnerabilities present in the
information system or is trying to intrude the system. Intrusion Detection System, in order to be
efficient, must follow certain processes and parameters so as to effectively prevent attacks and
security breaches. The key parameters include-
Accuracy- This parameter helps in effectively detecting attacks and eliminating the
occurrence of false alarms.
Completeness- This parameter states the properties of the Intrusion Detection System in
evaluating all the attacks and threats present in a network or computer system.
Timeliness- This parameter states that the Intrusion Detection System must always respond
quickly in order to provide safety to the computer system or network. This property enhances
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
the system to quickly blocks passage to the threats and risks by creating a barrier and
blocking the network, computer system as well as the detection system.
Fault forbearance- This parameter states the property of the Intrusion Detection System of
being resistant to threats and attacks such as DoS attacks.
Performance- This parameter states the rate of processing ability of the Intrusion Detection
System to perform audit proceedings within the network or computer system.
The methodologies used in the Intrusion Detection System include various types which help in
the detection of the changes that occur in the system which is being monitored using the
detection methodologies. The changes within the system can be due to various processes such as
external attacks performed by malicious programmers that obtains the access to the system and
performs their desired changes including the stealing of crucial system data, manipulation of
system data and deleting of system data or internal attacks which can be performed by internal
employees that involved in performing illegal activities in order to misuse the system and benefit
themselves. During the recent advancements in the technological aspects, Intrusion Detection
System has also been constantly updated to perform their task efficiently and keep the network
or the computers system secured from the imminent threats but the methodologies used in the
development of Intrusion Detection System is still the same as used in the earlier versions.
Though merging of the various methodologies has been performed to increase the performance
and level of complexity of the detection system design. This promoted advancements to the
Intrusion Detection Systems to some extent making it more usable to resist the intrusion and
elimination of bugs and other vulnerable attacks in a network or computer system.
Types of methodologies
There are four main types of Intrusion Detection System which are mostly used among all the
available methodologies. They are termed as anomaly based methodology, analysis of stateful
protocol based methodology, signature methodology. These methodologies process similar
actions but the main difference arises in their process of performing the actions required in
determining the potential vulnerabilities presented in a network or computer system that is being
monitored.
Anomaly-based Intrusion Detection Methodology
10
blocking the network, computer system as well as the detection system.
Fault forbearance- This parameter states the property of the Intrusion Detection System of
being resistant to threats and attacks such as DoS attacks.
Performance- This parameter states the rate of processing ability of the Intrusion Detection
System to perform audit proceedings within the network or computer system.
The methodologies used in the Intrusion Detection System include various types which help in
the detection of the changes that occur in the system which is being monitored using the
detection methodologies. The changes within the system can be due to various processes such as
external attacks performed by malicious programmers that obtains the access to the system and
performs their desired changes including the stealing of crucial system data, manipulation of
system data and deleting of system data or internal attacks which can be performed by internal
employees that involved in performing illegal activities in order to misuse the system and benefit
themselves. During the recent advancements in the technological aspects, Intrusion Detection
System has also been constantly updated to perform their task efficiently and keep the network
or the computers system secured from the imminent threats but the methodologies used in the
development of Intrusion Detection System is still the same as used in the earlier versions.
Though merging of the various methodologies has been performed to increase the performance
and level of complexity of the detection system design. This promoted advancements to the
Intrusion Detection Systems to some extent making it more usable to resist the intrusion and
elimination of bugs and other vulnerable attacks in a network or computer system.
Types of methodologies
There are four main types of Intrusion Detection System which are mostly used among all the
available methodologies. They are termed as anomaly based methodology, analysis of stateful
protocol based methodology, signature methodology. These methodologies process similar
actions but the main difference arises in their process of performing the actions required in
determining the potential vulnerabilities presented in a network or computer system that is being
monitored.
Anomaly-based Intrusion Detection Methodology
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
It is a type of Intrusion Detection System which is used in the detection of intrusion in both the
computer system and networks. It detects the anomalies present within a system by monitoring
its activities and classifying according to its detection status. This methodology uses a baseline
profile which is compared when the system is being monitored. This baseline is the neutral
behavior of the system which is being monitored using the Anomaly-based Intrusion Detection
System. The detection system first analyzes the system in which it is being introduced and then
stores a frame of the system phase in which it is performing normally with no vulnerabilities
present in it. This baseline or the normal environment serves as the control measure for the
Intrusion Detection System in monitoring the status of the system during its operation period.
This methodology profiles can either be dynamic or fixed type according to the selection of the
user (Aljawarneh, Aldwairi, and Yassein, 2018).
In the dynamic type profile, the Intrusion Detection System is continuously updated along with
the system in which it is present. This process no doubt keeps the detection system updated
according to the monitored system but also poses a threat to the system due to the constant
changes made in the baseline of the system. The infiltrators can easily break into such system by
using long term period process to introduce the vulnerability which gets registered into the
baseline of the updated system as a normal process when the monitored system and the Intrusion
Detection System is being updated. To mitigate such intrusion, the updates and changes can be
predefined into the Intrusion Detection System so that after the update/ changes are being made,
no threats and vulnerabilities enter the system without the notice of the detection system. In the
fixed type profile, the Intrusion Detection System is never updated hence is named fixed. This
profile is more advantageous as in this system, all the updates performed in a network or
computer system is defined as an anomaly as it is not updated in the baseline that is saved in the
initial analyzing of the system.
Anomaly-based Intrusion Detection System methodologies are very efficient as they have the
ability to identify Zero-day infiltrations or attacks to the network or the computer system without
the requirement of updating the system and uses the three basic techniques used in order to detect
anomalies. The three techniques are statistical inconsistency detection technique, machine
learning technique, and data-mining technique.
In statistical inconsistency detection technique, two types of profiles are developed i.e. the
baseline profile for control measures and the current profile for determining the present state of
11
computer system and networks. It detects the anomalies present within a system by monitoring
its activities and classifying according to its detection status. This methodology uses a baseline
profile which is compared when the system is being monitored. This baseline is the neutral
behavior of the system which is being monitored using the Anomaly-based Intrusion Detection
System. The detection system first analyzes the system in which it is being introduced and then
stores a frame of the system phase in which it is performing normally with no vulnerabilities
present in it. This baseline or the normal environment serves as the control measure for the
Intrusion Detection System in monitoring the status of the system during its operation period.
This methodology profiles can either be dynamic or fixed type according to the selection of the
user (Aljawarneh, Aldwairi, and Yassein, 2018).
In the dynamic type profile, the Intrusion Detection System is continuously updated along with
the system in which it is present. This process no doubt keeps the detection system updated
according to the monitored system but also poses a threat to the system due to the constant
changes made in the baseline of the system. The infiltrators can easily break into such system by
using long term period process to introduce the vulnerability which gets registered into the
baseline of the updated system as a normal process when the monitored system and the Intrusion
Detection System is being updated. To mitigate such intrusion, the updates and changes can be
predefined into the Intrusion Detection System so that after the update/ changes are being made,
no threats and vulnerabilities enter the system without the notice of the detection system. In the
fixed type profile, the Intrusion Detection System is never updated hence is named fixed. This
profile is more advantageous as in this system, all the updates performed in a network or
computer system is defined as an anomaly as it is not updated in the baseline that is saved in the
initial analyzing of the system.
Anomaly-based Intrusion Detection System methodologies are very efficient as they have the
ability to identify Zero-day infiltrations or attacks to the network or the computer system without
the requirement of updating the system and uses the three basic techniques used in order to detect
anomalies. The three techniques are statistical inconsistency detection technique, machine
learning technique, and data-mining technique.
In statistical inconsistency detection technique, two types of profiles are developed i.e. the
baseline profile for control measures and the current profile for determining the present state of
11
the network or system. The difference, if found in the analyzing of the network or system is
marked as an intrusion in the system and is processed accordingly. This level of detection can be
managed and tuned using the threshold point which can be adjusted in the process of
environment monitoring. In the machine learning technique, the evaluation of anomalies in the
network or the system is performed using the calls of the system which are analyzed accordingly
to determine the presence of anomalies in the network or system. It is the most widely used
technique due to its enhanced properties of using machine learning techniques in the analyzation,
evaluation, and termination of the anomalies in the monitored network or the system. In the
data-mining technique, all the evaluations performed by the techniques are automated, hence
no manual requirements required in its processing. This technique is very less preferred as it does
not provide an accurate result and outputs various false (positive and negative) reports due to the
presence of high overheads (Javaid et al., 2016).
12
marked as an intrusion in the system and is processed accordingly. This level of detection can be
managed and tuned using the threshold point which can be adjusted in the process of
environment monitoring. In the machine learning technique, the evaluation of anomalies in the
network or the system is performed using the calls of the system which are analyzed accordingly
to determine the presence of anomalies in the network or system. It is the most widely used
technique due to its enhanced properties of using machine learning techniques in the analyzation,
evaluation, and termination of the anomalies in the monitored network or the system. In the
data-mining technique, all the evaluations performed by the techniques are automated, hence
no manual requirements required in its processing. This technique is very less preferred as it does
not provide an accurate result and outputs various false (positive and negative) reports due to the
presence of high overheads (Javaid et al., 2016).
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 21
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.