Comprehensive Literature Review: Network Intrusion Detection Systems

Verified

Added on 2020/05/28

AI Summary

This literature review provides an overview of network intrusion detection systems (NIDS), encompassing various methodologies, attack classifications, and tools. It examines research on both network-based and host-based intrusion detection systems, including comparisons, neural network applications, and anomaly detection techniques. The review explores the use of Self-Organizing Maps (SOM) in real-time NIDS, the integration of host-based context to enhance accuracy, and the role of anomaly detectors in mitigating HTTP attacks. The TCP/IP model, common network security attacks, and the application of tools like TCPDump and Snort are also discussed, highlighting architectural and organizational considerations for effective NIDS implementation. The review references several key publications and research papers in the field, providing a comprehensive understanding of current research and developments in intrusion detection.

Literature Review on Networking Intrusion Detection Systems
1 / 1 6 / 2 0 1 8

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Literature Review: Networking Intrusion Detection Systems
Table of Contents
1. Network Based Intrusion Detection and Prevention Systems: Attack Classification,
Methodologies and Tools......................................................................................................................2
2. Survey on Host and Network Based Intrusion Detection System..................................................2
3. NSOM: A Real-Time Network-Based Intrusion Detection System Using Self-Organizing Maps.2
4. Enhancing the Accuracy of Network-based Intrusion Detection with Host-based Context...........3
5. Host and Network based Anomaly Detectors for HTTP Attacks...................................................3
6. Network Intrusion Detection.........................................................................................................3
References.............................................................................................................................................5
1

Literature Review: Networking Intrusion Detection Systems
1. Network Based Intrusion Detection and Prevention Systems: Attack
Classification, Methodologies and Tools
The authors, Harale and Meshram have described the attack classification, methodologies and
tools associated with network-based intrusion detection (NIDS) and prevention systems in the
journal. Some of the NIDS include SNORT, Cisco NIDS, Suricata and Bro, and many more.
These can work on large networks without any interruptions and are not detectable by the
malevolent entities. However, these may have issues in the detection of encrypted or
fragmented packets. Open source and commercial are the modern NIDS that have been
developed that may be signature-based or anomaly-based and have anti-evasion capabilities
along with enhanced stability and reliability compatibility. Security effectiveness is also
offered by NIDS vendors in the form of policy and alert handling, reporting, security
management and configurations [1].
2. Survey on Host and Network Based Intrusion Detection System
Two of the most popular types of intrusion detection systems are host-based and network-
based systems. The authors, Das and Sarkar have provided the comparison and description of
both of these systems in the journal. NIDS are the active systems that are deployed on small,
medium or large networks to track and monitor the network traffic. These are usually OS
independent and do not impact the functionality of other systems unlike host-based IDS.
Neural networks and data mining techniques are being widely used and integrated in the
modern age NIDS to understand the attack patterns and trends. These systems usually
identify the attacks using signature-based identification method and may also include
anomaly-based detection [2].
3. NSOM: A Real-Time Network-Based Intrusion Detection System Using Self-
Organizing Maps
Self-Organizing Maps (SOM) and their application in the network-based intrusion detection
systems has been explored by the authors, Labib and Vemuri in the research paper. SOM
have the ability to classify the real-time data sets in a quicker, accurate and reliable manner.
In the network-based intrusion detection systems, the technique may be applied on the
Ethernet packets by extracting the IP addresses of destination, source and protocol type. After
the data collection and pre-processing, data normalization and scaling followed by time
2

Literature Review: Networking Intrusion Detection Systems
representation can be carried out. The results represented that neuron clustering had a lot of
difference in the normal traffic and the one simulated with the denial of service attack in the
network [3].
4. Enhancing the Accuracy of Network-based Intrusion Detection with Host-based
Context
Network-based intrusion detection systems suffer from the challenge of evasion which can be
resolved by integrating it with the host0based techniques for intrusion detection. Dreger and
fellow authors have recommended and describe this amalgamated approach to deal with
network and information security attacks. Bro is a distributed event-based intrusion detection
system that separates detection mechanisms from the event processing. The architecture also
includes policy configuration in the policy layer and supports the serialization and
transmission of varied states. The involvement of host-based IDS in NIDS can overcome the
issue of encrypted packets and evasion attacks. These will also enhance protocol analysis,
adaptive security and IDS hardening [4].
5. Host and Network based Anomaly Detectors for HTTP Attacks
The publication is a book written by Davide Ariu and comprises of six chapters to explain the
role of host and network-based anomaly detectors for controlling and prevention of HTTP
attacks. There may be several anomalies in network traffic on the basis of user behaviour,
bug exploits, response anomalies, bugs in the attack, and evasion. Payload based anomaly
detection across the networks can detect and control such conditions. PAYL is one of the
most reliable network-based payload anomaly detectors that have been developed. Some of
the other network-based anomaly detector methods include evading payload-based IDS,
Multiple Classifiers Payload Anomaly Detector (McPAD), and HMM for Payload Analysis
(HMMPayl). Web servers can be protected with the implementation of such detectors in the
networks [5].
6. Network Intrusion Detection
The TCP/IP model is used in most of the connections that have been established for the
transmission and sharing of information from one place to the other. There are several
network security attacks that take place in the process. The authors, Northcutt and Novak
have explained the elements of network intrusion detection for network monitoring and
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Literature Review: Networking Intrusion Detection Systems
control. TCPDump filters are used by the enterprises for the detection of abnormal network
activity. Snort is a network-based intrusion detection system that has been successful in the
detection and prevention of the attacks. One of the popular attacks is Mitnick or man-in-the-
middle attack that can also be detected by the application of NIDS. There may be
architectural and organizational issues that may be required to be resolved to experience
benefits from the implementation of NIDS [6].
4

Literature Review: Networking Intrusion Detection Systems
References
[1]N. Harale and D. Meshram, "Network Based Intrusion Detection and Prevention
Systems: Attack Classification , Methodologies and Tools", International Journal of
Engineering And Science, vol. 6, no. 5, 2016.
[2]N. Das and T. Sarkar, "Survey on Host and Network Based Intrusion Detection System",
Int. J. Advanced Networking and Applications, vol. 6, no. 2, pp. 2266-2269, 2014.
[3]K. Labib and R. Vemuri, "NSOM: A Real-Time Network-Based Intrusion Detection
System Using Self-Organizing Maps", Web.cs.ucdavis.edu, 2018. [Online]. Available:
http://web.cs.ucdavis.edu/~vemuri/papers/som-ids.pdf. [Accessed: 16- Jan- 2018].
[4]H. Dreger, C. Kreibich, V. Paxson and R. Sommer, "Enhancing the Accuracy of
Network-based Intrusion Detection with Host-based Context", Icir.org, 2017. [Online].
Available: http://www.icir.org/vern/papers/dimva05.pdf. [Accessed: 16- Jan- 2018].
[5]D. Ariu, Host and Network based Anomaly Detectors for HTTP Attacks. Cagliari: Dept. of
Electrical and Electronic Engineering University of Cagliari, 2010.
[6]S. Northcutt and J. Novak, Network intrusion detection. Indianapolis, Ind.: New Riders,
2009.
5