Comprehensive Report: Intrusion Detection System Analysis

Verified

Added on 2021/06/15

AI Summary

This report provides a comprehensive overview of Intrusion Detection Systems (IDS). It begins by introducing the importance of securing computer systems and the shift to cloud-based environments, highlighting the increasing threats and the role of firewalls and IDS. The report differentiates between Host-based IDS (HIDS) and Network-based IDS (NIDS), detailing their functionalities, advantages, and disadvantages. It discusses security threats, common attacks, and how IDS works using classification techniques. The report analyzes various IDS designs, emphasizing the importance of network environment considerations and packet filtering. It examines the security offered by IDS, including classification techniques like k-mean and neural networks, and concludes by emphasizing the importance of selecting IDS based on network requirements and the effectiveness of classification techniques.

Intrusion Detection System
Student’s name
Institution Affiliation(s)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Introduction
The fear of malicious attack has made us aware of securing our computer systems.
Earlier, the information and data were stored in a central computer system, but now it has been
moved to the cloud like environment. These internet based technologies have made flexible data
access and motivated the mobile workforce, but it has also increased the danger of being
attacked. One loophole can harm your organization or breach your private data. Firewalls are
used to secure the networks, but they are not sufficient when these systems are becoming so vast
(Chen, 2013). These now can be protected using intrusion detection system (IDS) which are used
on two level- host level (HIDS) and network level ids (NIDS). HIDS aim to protect single
computer systems which are capable of detecting any malicious activity to be attacked on that
particular computer system. These are also called sensors and are required for every machine.
They increase the security as it is impossible to attack so many NIDS installed on each system.
These sensors monitor the data being passed and the events going on the system in which it is
installed. HIDS are heavily dependent on audit trails and are manufacturer dependent. HIDS are
capable of detecting who is using the system and can trace any improper activity with a specific
id. They are competent enough of working in switched topology environment and can also work
on the encrypted environment (Fung & Boutaba, 2014).
Network level IDS
NIDS works at the network level; it means they are not securing single computer but the
whole network. They monitor the data traveling on any of the network segment. Hence they are
more capable. Each of the NIDS comes with attack signatures which are the definition of attack.
These sensors alert if there are some improper activity found. Using NIDS is more appropriate as
it will not degrade the performance of the entire system. Another advantage is that monitoring

process will be transparent to all hosts. Installing HIDS needs expertise while installment of
NIDS doesn’t (Herrero & Corchado, 2011). NIDS are widely used, and they are one of the major
components in a network. These systems help to prevent the intrusion and attacks by using a
unique mechanism. Intrusion detection system detects and protects the network system from
threats and attacks. It is the essential component of the network system. It is mandatory for the
network systems to install an intrusion detection system to efficiently manage the attacks and
resolve the issues (M., 2011). There are various kinds of IDS, and they are implemented based
on the network system. These intrusion systems have been designed using multiple techniques.
The intrusion system developed with the help of classification technique is the popular ones as it
provides more security to the systems in which it is installed. The classification technique is used
to classify the type of attack the system faces. The intrusion system has the responsibility of
protecting the system and preventing the attacks (Pez, 2011). Network intrusion systems using
classification techniques are widely used, and there are many articles have been written on this
system.
Security threats and IDS
Security threats may occur at any time. Detection systems must be alert to identify and
report the risks to the administrator. Several activities take place within a network. Any abnormal
event has to be analyzed by the detection system. A user will have certain limitations in
accessing a network (Chen, 2013). User policy is maintained by the organization. Each of the
user’s activity is recorded by the system. It tracks the user’s movements and sends a report if the
user violates the policy. Security threats and attacks can be in any form and can occur even in a
highly secured network. Since the number of threats and attacks is increasing, an active IDS is
necessary. Network attacks are more natural than intruding into a standalone system. As the

systems are connected to the web, the task becomes more comfortable. IDS is selected based on
the network’s complexity (Vacca, 2014). Most common attacks target on the system’s
confidentiality, system’s control and the network’s integrity. An IDS can identify various types
of attacks. They monitor attacks like scanning, penetration attacks and denial of service.
How IDS works
According to Vongpradhip & Plaimart the intrusion detection system works well only if
the system is selected based on the type of network. The intrusion detection system must be
chosen to suit the network. There are various types of networks, and the system must make sure
that it satisfies the network’s requirements. The classification technique is used in the intrusion
systems to classify and divide the attacks and threats (Vongpradhip & Plaimart, 2011). This
technique is preferred by most of the network administrators due to its compatibility and
efficiency. The intrusion systems work well only when the network’s requirements are satisfied.
Network-based intrusion system makes use of classification technique since it offers more
protection when compared to the other methods. The systems which are built using classification
technique protect each layer of the network (Cole, 2011). The Ethernet of IP and the other layers
are protected, and they can be free from intruders. Since the classification technique based
intrusion detection systems protect the network and its layers from intrusion, it is one among the
best intrusion detection systems. Though intrusion system built with classification technique
offers more protection, the intruders make use of different technologies that can pose a threat to
the other parts of the system. Vongpradhip & Plaimart views about the classification technique
and the intrusion detection system favor only the small-scale network systems. The system is not
much effective in dealing the network on a large scale.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IDS classification technique
As defined by Waagsnes & Ulltveit-Moe, the intrusion systems that implements
classification technique are much better than systems that are developed using other methods.
Some of the systems built with classification technique classify the packets that enter into the
network (Waagsnes & Ulltveit-Moe, 2018). Each network will have packet transfer within the
systems in the same network and also with the systems from the other networks. The packets
enter the network only after the network administrator permits the packet. Each packet is
thoroughly examined for any attacks and threats. If any packet with threat is detected, they are
immediately discarded by the intrusion system (Easttom, 2016). There are two types of intrusion
systems, intrusion detection, and intrusion prevention systems. The intrusion detection systems
detect the attacks and threats and stop them from attacking the network system. The prevention
systems protect the network system from getting affected by these threats. The critical issues and
concepts specified by Waagsnes & Ulltveit-Moe are applicable for systems that implement
packet classification. The systems that use intrusion detection systems with an enhancement of
packet classification have other disadvantages. Waagsnes & Ulltveit-Moe concept works well for
systems which transfer packets frequently. The weakness of the paper is it does not concentrate
on the entire working of the intrusion system. It focuses only on the inspection of the packet. It
does not specify the effectiveness of the classification technique.
IDS designs
According to Ciampa the intrusion detection system must be designed by keeping in
mind the environment of the network. If the network is prone to more traffic than the intrusion
detection system must be more efficient. The detection system must minimize the ambiguities
created by the network traffic. It should protect the system from the traffic generated by the

hackers and intruders (Ciampa, 2015). The classification technique in intrusion detection systems
is built in the path of the network. This helps in packet filtering. Packet filtering is an important
concept since the incoming and outgoing packets carry information that needs protection. If
packet filtering technique is applied, the vulnerability of the security attacks can be minimized.
Handley’s paper emphasizes the safety of the packet (Fung & Boutaba, 2014). The safety of the
network system should be managed by implementing a system that protects the network from
intruders and hackers. The strength of the paper is the due emphasize and concentration on the
flow of packet. Even though packets play a significant part in the network system, the other
components of the system are equally important.
As defined by Kizza, the wireless network system is the most onerous task. Instead of
developing intrusion detection systems for standard network systems, companies can design and
build intrusion detection systems for wireless networks. Wireless network systems are more
prone to attacks and threats. Thus it requires an intrusion detection system that is of more
efficiency. The system must be able to handle the attack and risks and make sure the system is
not vulnerable to such intrusions (Kizza, 2013). As wireless networks rely more on these
intrusion detection systems, detection system must be selected with utmost care. The denial of
service attacks is the remarkable improvement in the network systems. Kizza emphasizes more
on the vulnerability of wireless systems and how to overcome it. Even though wireless systems
are being used, it has not gained much popularity like the standard network systems (Kizza,
2015). The paper does not give due importance to the classification techniques used in the
intrusion detection systems that are used in wireless network systems. The documents that
explain the various intrusion detection systems concentrate more and the working of the system
rather than the design and development of intrusion detection systems. Most of the detection

systems that are built with classification techniques are the ones that are more effective in
dealing with the intrusion attacks (Yu, Tsai, & J. J.-P, 2011). The limitations and the
disadvantages are more in the systems that deal with more significant network systems.
Security offered by IDS
According to Moskowitz, intrusion detection systems act as a security to the network for
which it is installed. Malicious users intrude the network, and this poses a high-security threat to
the network system. The intrusion detection systems are designed with the help of classification
techniques. The critical issue and the basis of research are to find out which classification
technique works well when combined with the intrusion detection system. The classification
techniques like k-mean method and neural networks are used in designing intrusion detection
systems (Moskowitz, 2015). Anyone of these classification techniques is implemented in the
intrusion detection systems. By using these methods, the systems become more secure. There are
certain limitations in developing an intrusion detection system with the help of classification
technique. Neural network technique is of high efficiency, and it has the capability of exhibiting
high accuracy when compared to the other classification techniques (Jackson, Reagan, & Sak,
2010). The disadvantage of neural networks is it takes more time in executing the intrusion
detection. Still, it is preferred due to its accuracy. Another classification technique is support
vector, and this gives minimal accuracy within a short period. Though Moskowitz specifies the
advantages of the classification technique, this paper has certain limitations. The efficiency of
the intrusion system is the critical aspect. If the accuracy is less, then the system does not yield
good results. The paper must have included more details regarding the classification techniques
and their limitations.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Conclusion
In conclusion, the network systems must ensure that the intrusion detection systems are
selected according to the network. The working of the intrusion detection system depends on the
network and the functionalities within the network. The intrusion detection systems built with
classification technique are more effective as compared to the other intrusion detection systems.

References
Chen, Y. (2013). HPNAIDM: The High-Performance Network Anomaly/Intrusion Detection
and Mitigation System. doi:10.2172/1108982
Ciampa, M. D. (2015). Security+ guide to network security fundamentals. Boston, MA: Course
Technology, Cengage Learning.
Cole, E. (2011). Network Security Bible. Hoboken: John Wiley & Sons, Inc.
Easttom, C. (2016). Computer security fundamentals.
Fung, C., & Boutaba, R. (2014). Intrusion detection networks: A key to collaborative security.
Herrero, A., & Corchado, E. (2011). Mobile hybrid intrusion detection: The MOVICAB-IDS
system. Berlin: Springer.
Jackson, C., Reagan, T., & Sak, B. (2010). Network security auditing: The complete guide to
auditing network security, measuring risk, and promoting compliance. Indianapolis, IN: Cisco
Press.
Kizza, J. M. (2013). Guide to computer network security. London: Springer.
Kizza, J. M. (2015). Guide to computer network security.
M., K. (2011). Intrusion Detection System and Artificial Intelligent. Intrusion Detection
Systems. doi:10.5772/15271
Moskowitz, J. (2015). Group Policy: Fundamentals, Security, and the Managed Desktop.
Wiley.

Pez, R. (2011). An Agent Based Intrusion Detection System with Internal Security. Intrusion
Detection Systems. doi:10.5772/14516
Vacca, J. R. (2014). Network and system security. Amsterdam: Syngress.
Vongpradhip, S., & Plaimart, W. (2011). A Sustainable Component of Intrusion Detection
System using Survival Architecture on Mobile Agent. Intrusion Detection Systems.
doi:10.5772/15450
Waagsnes, H., & Ulltveit-Moe, N. (2018). Intrusion Detection System Test Framework for
SCADA Systems. Proceedings of the 4th International Conference on Information Systems
Security and Privacy. doi:10.5220/0006588202750285
Yu, Z., Tsai, & J. J.-P. (2011). Intrusion detection: A machine learning approach. London:
Imperial College Press.