A Comprehensive Literature Review on Intrusion Detection Systems

1. Introduction

Despite all the continuous improvements in computer and network security, detecting intrusions is still disputable. this is due to cyber attacks being more sophisticated and hackers disguising attacks to evade Detection systems.

With new devices, products and services added daily to the huge computer network new security issues are raised continuously. And malware can cause serious damage as demonstrated in many past attacks that spread globally, like the WannaCry attack in 2017 (Ehrenfeld, 2017).

Intrusion detection systems (IDSs) are widely used nowadays to detect both known and unknown attacks on networks from internal and external attackers due to their various types and configurations.

But the current state of (IDSs) needs to be examined and investigated to categorize and determine methodologies suitable for different situations to ensure the right and effective management of the huge data flow, especially its security. 

2. Scope 

IDSs collect information from a computer or a computer network to detect attacks and misuse of the system. Many IDSs only analyse the attacks and some of them try to stop the attack at the time of the intrusion. Three types of data are used by IDSs. These are network traffic data, system-level test data and system status. (Denning)

There are two techniques to utilise IDSs to analyse events. These are tactics based on misuse and anomalies. Misuse-based intrusion detection systems seek to identify occurrences that break system policy. Anomaly-based intrusion detection systems attempt to identify odd behaviours and signal them as assaults. When compared to one another, both systems offer advantages and downsides.

There are some important factors for an effective attack resolution when applying IDS technologies:

• System durability/reliability.
• Fast detection.
• Minimal false positives.
• Maximum detection rate.
• Usage minimum software/hardware.
• Ability to accurately detect the location of intrusion.
• Ability to work with other technologies.

In summary, an IDS must provide the above-mentioned features for high accuracy and timely detection of attacks. (Barbara)

When used with other security products, IDSs can form a layered security architecture. Many organisations, for example, use intrusion detection systems in conjunction with firewalls and anti-virus software. IDSs can thus be used to detect assaults that other security products are unable to detect.

Despite the variety and flexibility that IDSs offer, each type of system has its benefits and drawbacks which need to be considered while planning to insure effective implementation.

 Another way to overcome IDSs challenges is hybrid IDS, a hybrid model can optimize the benefits and minimize the drawbacks of the two systems. 

3. Conclusion

The current state and deficiencies of intrusion detection systems, as well as new technological breakthroughs, need to be investigated deeper.

There is an increasing urge for intrusion detection systems (IDSs) to detect new activities, identify new threats, and avoid tactics as soon as possible. Some recommendations in this aspect are as follows:

• Next-generation attacks employ some strategies for concealment. A hybrid system that combines signature-based and anomaly-based approaches can be built to identify these attacks with better accuracy and speed.
• Creating a system capable of detecting real-time attacks is key as most of the previous research is utilising available datasets and is not ideal for real-time monitoring
• A list of well-known and widely used intrusion detection tools is provided.
• Existing issues and problems, as well as recommendations for intrusion detection systems to use.
• Continuous update of Datasets used to evaluate IDSs.