Intrusion Detection Systems: An Overview

By: Achit Katiyar1

1International Center for AI and Cyber Security Research and Innovations, Asia University, Taiwan. Email: achitktr@gmail.com

Abstract: The IDS stands for Intrusion Detection Systems which are prominent and essential elements of contemporary security systems meant to detect unauthorized entry or other forbidden activities in a certain network or a computer. In this paper, IDS is introduced at its basic level with the major categories of Host-based intrusion detection systems (HIDS) and Network-based intrusion detection systems (NIDS) in which the common detection techniques include signature-based, anomaly-based, and hybrid detection methods. This paper also covers the basic characteristics of IDS, its advantages and disadvantages, and how it differs from an Intrusion Prevention Systems (IPS). IDS technology is therefore incorporating newer features in meeting the growing cyber threats such as launching artificial intelligence and cloud applications that improve on threat identification and minimize false alarms. The development of IDS has a great impact upon protecting information systems from the constantly advancing types of threats.

Introduction:

Intrusion Detection System (IDS) is an important element of cybersecurity that is intended to prevent unauthorized access to and malicious use of networks. They use machine learning and anomaly detection to strengthen the security to counter current and new forms of cyber threats. They must be able to identify and combat any intrusion or interfering action by an unauthorized entity within a particular network or computer. The IDS assists in the detection of threats such as viruses, hackers, and insider attackers, which would compromise data [1].

Categories of intrusion detection system:

Intrusion Detection Systems (IDS) are mandatory for protecting networks from intruders and various types of crude attacks. They can be categorized primarily into two types: The two types of Intrusion detection systems are; host-based intrusion detection systems (HIDS) and Network Intrusion detection systems (NIDS). Both use different methods to increase the detection features that it has.

  • Host-Based Intrusion Detection Systems (HIDS):

The ‘monitor’ specific devices for ‘anomalous’ behaviour. It analyses files in a system, records of activities performed within a system and processes, informing the system’s administrators of compromises [2].

  • Network Intrusion Detection Systems (NIDS):

Monitors the network traffic to look for breaches in security. So, it looks at packet traffic and attempts to identify security threats that occur over a network in real time [2].

As mentioned above, the different types of IDSs have different merits and demerit when it comes to performance. For instance, HIDS offers a comprehensive perspective of activities occurring within a host, while NIDS is effective in mapping overall network traffic that exhibits suspicious characteristics. Figure 1 shows the basic phases of intrusion detection system.

Detection techniques:

IDSs employ many detection methods:

  • Signature-Based Detection: This method focuses on identifying previously defined attack patterns or signatures. While it is very effective at identifying threats it was trained on, it performs less well when confronted with novel attack vectors [3].
  • Anomaly-Based Detection: This approach is used to recognize aberrations in behaviour. An IDS can identify what is considered to be strange events in the network infrastructure by studying the typical behaviour of the system. A strength of this method is its ability to identify zero-day attacks; however, this method can produce false results [3], [4].
  • Hybrid Detection: Some IDS solutions integrate both signature and anomaly-based technique in order to benefit from each of them [5].
  • Fuzzy Logic Systems: Combines a fuzzy logic controller to the decision tree algorithms to address the challenges of increased uncertainty in data thus enhancing the capacity of a classifier in diminishing false positives [6].

Although these systems are powerful in defending networks, such as needs for frequent updates for signature databases and high false positives of the anomaly detection system.

Figure 1: Basic Phases of Intrusion detection systems

Intrusion detection systems vs. Intrusion prevention systems:

It should first be pointed out IDS and IPS are both integral elements of a comprehensive security strategy, while differing in terms of functionality. IDS is concerned with detection of threats and IPS on the other hand prevents those threats from causing damage.

  • Intrusion Detection Systems (IDS)
  1. To control the access of any device to a network, IDS uses machine learning and anomaly detection algorithms that flag any intruder attempts and suspicious behaviours in real-time [7], [8].
  2. This creates alert for security personnel to attend to what maybe breaches while using previous data and patterns to determine suspect behaviour [8], [9].
  • Intrusion Prevention Systems (IPS): The IPS or Intrusion Prevention Systems can be defined as those devices that contain Intrusion Detection Systems (IDS), but which take more proactive approaches toward the issue at hand by actively preventing intrusions from occurring.
  1. In addition to identifying threats, IPS prescribes action that prevents these threats from occurring by analysing traffic and filtering out unauthorized access [9], [10].
  2. In this way, machine learning enriches the efficiency of IPS, increasing detection rates and avoiding false alarms, which can become significant in view of new threats [10].

While IDS is very useful in threat identification, IPS is another key layer added to minimize risks. However, being relatively new, the cyber threats evolve constantly, and that makes advancements in these two systems significant and ongoing.

Advantages and Disadvantages:

Intrusion Detection Systems (IDS) are the key security tool mainly used for detecting possible threats and preventing them. There are some advantages and disadvantages of IDS:

  • Advantages of Intrusion Detection Systems
  1. Enhanced Detection Capabilities: IDS based on ML surpass the traditional ones based on signature detection with high accuracy rates, (for example, XGBoost 99.49%) in the detection of new malicious activities [8].
  2. Anomaly Detection: IDS protocols can identify hitherto unseen attacks that would have otherwise gone unnoticed because they look for strange patterns in the traffic taking place on the network hence enhancing general security status [11].
  3. Real-time Alerts: IDS send alerts to the security personnel immediately after identifying any risk in the system making it easier to counter threats [11].
  • Disadvantages of Intrusion Detection Systems
  1. False Positives: Anomaly-based systems, for instance, can produce many alerts that must be addressed and are often false [11].
  2. Data Dependency: Deep learning, at the core of IDS, finds its performance to be highly dependent on the training data; datasets laden with prejudice or insufficient information will in turn yield prejudice and incomplete detections [11].
  3. Performance Challenges: In particular, as the quantity of data grows, it becomes significantly more challenging to maintain the optimal rates of detection while preserving accuracy [12].

Although IDS are critical components of contemporary security, their drawbacks prove that the development of security systems needs to continue with the growth of threats.

Current trends in Intrusion Detection Systems:

There are new directions in the IDS system based on ML and DL technology as primary key elements to improving detection that exists in cyber threats. This shift involves the use of better algorithms the expansion of the way methodologies has been implemented.

  • AI, ML and DL adoption:
  1. Deep learning algorithms and the general use of machine learning methods are gaining prominence in the creation of IDS, especially convolutional neural networks and support vector machines [13].
  2. The intricacies of such models, however, present issues like the augmented demand for resources as well as overlearning problems [14].
  • Dimensionality Reduction Techniques:
  1. This can become a problem with conventional methods in ML, as these techniques are expensive with large data sets. Attempts to overcome them are made through the utilization of dimensionality reduction procedures that improve the detection relevance but retain crucial information [15].
  • Graph Neural Networks:
  1. A newer concept is called graph neural networks (GNNs) which improves the detection rate and utilises the relationship within communication data structures [16].

However, it is challenging, and the field is still in its development stage that requires updated datasets and efficient resource management, especially in Cloud computing environment [17]. Solving these problems will be important for further effective functioning of IDS [18].

Conclusion:

Intrusion Detection Systems have become significant components of security solutions to the current complex computer networks. It offers important event and intrusion detection and prevention, which is essential to guard an organization against intruders and cyber attackers. With new threats emerging all the time, IDS technology is adapting, and now can include complex algorithms and the use of cloud technology.

References:

  1. N. S. Sulaiman et al., “Intrusion Detection System Techniques : A Review,” J. Phys. Conf. Ser., vol. 1874, no. 1, p. 012042, May 2021, doi: 10.1088/1742-6596/1874/1/012042.
  2. V. Sidharth and C. R. Kavitha, “Network Intrusion Detection System Using Stacking and Boosting Ensemble Methods,” in 2021 Third International Conference on Inventive Research in Computing Applications (ICIRCA), Sep. 2021, pp. 357–363. doi: 10.1109/ICIRCA51532.2021.9545022.
  3. S. Parhizkari, “Anomaly Detection in Intrusion Detection Systems,” in Anomaly Detection – Recent Advances, AI and ML Perspectives and Applications, IntechOpen, 2023. doi: 10.5772/intechopen.112733.
  4. W. Taylor, A. Hussain, M. Gogate, K. Dashtipour, and J. Ahmad, “Intrusion Detection Systems Using Machine Learning,” in Decision Making and Security Risk Management for IoT Environments, W. Boulila, J. Ahmad, A. Koubaa, M. Driss, and I. R. Farah, Eds., Cham: Springer International Publishing, 2024, pp. 75–98. doi: 10.1007/978-3-031-47590-0_5.
  5. M. Amar and B. Ouahidi, “Hybrid intrusion detection system using machine learning,” Netw. Secur., vol. 2020, pp. 8–19, May 2020, doi: 10.1016/S1353-4858(20)30056-8.
  6. S. M. Čisar, P. Čisar, and R. Pinter, “Fuzzy-Based Intrusion Detection Systems,” in Security-Related Advanced Technologies in Critical Infrastructure Protection, T. A. Kovács, Z. Nyikes, and I. Fürstner, Eds., Dordrecht: Springer Netherlands, 2022, pp. 205–215. doi: 10.1007/978-94-024-2174-3_18.
  7. Aishwarya Londhe, Sahil Gawathe, Prathamesh Pandey, Gajanan Date, and Sameer Meshram, “Intrusion Detection System,” Int. J. Adv. Res. Sci. Commun. Technol., pp. 31–35, Apr. 2024, doi: 10.48175/IJARSCT-17606.
  8. A. Singh, J. Prakash, G. Kumar, P. K. Jain, and L. S. Ambati, “Intrusion Detection System: A Comparative Study of Machine Learning-Based IDS,” J. Database Manag. JDM, vol. 35, no. 1, pp. 1–25, 2024, doi: 10.4018/JDM.338276.
  9. J. M. Kizza, “System Intrusion Detection and Prevention,” in Guide to Computer Network Security, J. M. Kizza, Ed., Cham: Springer International Publishing, 2024, pp. 295–323. doi: 10.1007/978-3-031-47549-8_13.
  10. “IIPSeries – Conferences & Edited Books.” Accessed: Sep. 19, 2024. [Online]. Available: https://iipseries.org/
  11. k. Azarudeen, S. H. Kumar, T. V. Aswin Vijay, P. Thirukumaran, and V. S. B. Balaji, “Intrusion Detection System based on Pattern Recognition using CNN,” in 2023 International Conference on Sustainable Computing and Smart Systems (ICSCSS), Jun. 2023, pp. 567–574. doi: 10.1109/ICSCSS57650.2023.10169670.
  12. H. Lafta, “Network Intrusion Detection Using Optimal Perception with Cuckoo Algorithm,” Wasit J. Pure Sci., vol. 3, no. 1, Art. no. 1, Mar. 2024, doi: 10.31185/wjps.326.
  13. M. M. Issa, M. Aljanabi, and H. M. Muhialdeen, “Systematic literature review on intrusion detection systems: Research trends, algorithms, methods, datasets, and limitations,” J. Intell. Syst., vol. 33, no. 1, Jan. 2024, doi: 10.1515/jisys-2023-0248.
  14. R. Utekar and A. Phapale, “Intrusion Detection Systems Using Machine Learning.,” Int. J. Appl. Adv. Multidiscip. Res., vol. 2, no. 1, Art. no. 1, Jan. 2024, doi: 10.59890/ijaamr.v2i1.550.
  15. U. A. Baba, E. Joshua Garba, and A. S. Ahmadu, “Emerging Trends in the Application of Machine Learning in Network Intrusion Detection Systems,” in 2024 International Conference on Science, Engineering and Business for Driving Sustainable Development Goals (SEB4SDG), Apr. 2024, pp. 1–6. doi: 10.1109/SEB4SDG60871.2024.10629749.
  16. M. Zhong, M. Lin, C. Zhang, and Z. Xu, “A survey on graph neural networks for intrusion detection systems: Methods, trends and challenges,” Comput. Secur., vol. 141, p. 103821, Jun. 2024, doi: 10.1016/j.cose.2024.103821.
  17. P. K and P. Sudhakar, “A Comprehensive Survey: Exploring Current Trends and Challenges in Intrusion Detection and Prevention Systems in the Cloud Computing Paradigm,” in 2024 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT), Jan. 2024, pp. 351–358. doi: 10.1109/IDCIoT59759.2024.10467700.
  18. M. Rahaman, S. S. Bakkireddygari, S. Chattopadhyay, A. L. Gomez, V. Arya, and S. Bansal, “Infrastructure and Network Security,” in Metaverse Security Paradigms, IGI Global, 2024, pp. 108–144. doi: 10.4018/979-8-3693-3824-7.ch005.
  19. Gupta, B. B., & Narayan, S. (2021). A key-based mutual authentication framework for mobile contactless payment system using authentication server. Journal of Organizational and End User Computing (JOEUC), 33(2), 1-16.
  20. Vajrobol, V., Gupta, B. B., & Gaurav, A. (2024). Mutual information based logistic regression for phishing URL detection. Cyber Security and Applications, 2, 100044.

Cite As

Katiyar A. (2024) Intrusion Detection Systems: An Overview, Insights2Techinfo, pp1.

78260cookie-checkIntrusion Detection Systems: An Overview
Share this:

Leave a Reply

Your email address will not be published.