Host Level IDS
The fear of malicious attack has made us aware of securing our computer systems. Earlier, the information and data were stored in a central computer system, but now it has been moved to the cloud like environment. These internet based technologies have made flexible data access and motivated the mobile workforce, but it has also increased the danger of being attacked. One loophole can harm your organization or breach your private data. Firewalls are used to secure the networks, but they are not sufficient when these systems are becoming so vast (Chen, 2013). These now can be protected using intrusion detection system (IDS) which are used on two level- host level (HIDS) and network level ids (NIDS). HIDS aim to protect single computer systems which are capable of detecting any malicious activity to be attacked on that particular computer system. These are also called sensors and are required for every machine. They increase the security as it is impossible to attack so many NIDS installed on each system. These sensors monitor the data being passed and the events going on the system in which it is installed. HIDS are heavily dependent on audit trails and are manufacturer dependent. HIDS are capable of detecting who is using the system and can trace any improper activity with a specific id. They are competent enough of working in switched topology environment and can also work on the encrypted environment (Fung & Boutaba, 2014).
NIDS works at the network level; it means they are not securing single computer but the whole network. They monitor the data traveling on any of the network segment. Hence they are more capable. Each of the NIDS comes with attack signatures which are the definition of attack. These sensors alert if there are some improper activity found. Using NIDS is more appropriate as it will not degrade the performance of the entire system. Another advantage is that monitoring process will be transparent to all hosts. Installing HIDS needs expertise while installment of NIDS doesn’t (Herrero & Corchado, 2011). NIDS are widely used, and they are one of the major components in a network. These systems help to prevent the intrusion and attacks by using a unique mechanism. Intrusion detection system detects and protects the network system from threats and attacks. It is the essential component of the network system. It is mandatory for the network systems to install an intrusion detection system to efficiently manage the attacks and resolve the issues (M., 2011). There are various kinds of IDS, and they are implemented based on the network system. These intrusion systems have been designed using multiple techniques. The intrusion system developed with the help of classification technique is the popular ones as it provides more security to the systems in which it is installed. The classification technique is used to classify the type of attack the system faces. The intrusion system has the responsibility of protecting the system and preventing the attacks (Pez, 2011). Network intrusion systems using classification techniques are widely used, and there are many articles have been written on this system.
Network Level IDS
Security threats may occur at any time. Detection systems must be alert to identify and report the risks to the administrator. Several activities take place within a network. Any abnormal event has to be analyzed by the detection system. A user will have certain limitations in accessing a network (Chen, 2013). User policy is maintained by the organization. Each of the user’s activity is recorded by the system. It tracks the user’s movements and sends a report if the user violates the policy. Security threats and attacks can be in any form and can occur even in a highly secured network. Since the number of threats and attacks is increasing, an active IDS is necessary. Network attacks are more natural than intruding into a standalone system. As the systems are connected to the web, the task becomes more comfortable. IDS is selected based on the network’s complexity (Vacca, 2014). Most common attacks target on the system’s confidentiality, system’s control and the network’s integrity. An IDS can identify various types of attacks. They monitor attacks like scanning, penetration attacks and denial of service.
According to Vongpradhip & Plaimart the intrusion detection system works well only if the system is selected based on the type of network. The intrusion detection system must be chosen to suit the network. There are various types of networks, and the system must make sure that it satisfies the network’s requirements. The classification technique is used in the intrusion systems to classify and divide the attacks and threats (Vongpradhip & Plaimart, 2011). This technique is preferred by most of the network administrators due to its compatibility and efficiency. The intrusion systems work well only when the network’s requirements are satisfied. Network-based intrusion system makes use of classification technique since it offers more protection when compared to the other methods. The systems which are built using classification technique protect each layer of the network (Cole, 2011). The Ethernet of IP and the other layers are protected, and they can be free from intruders. Since the classification technique based intrusion detection systems protect the network and its layers from intrusion, it is one among the best intrusion detection systems. Though intrusion system built with classification technique offers more protection, the intruders make use of different technologies that can pose a threat to the other parts of the system. Vongpradhip & Plaimart views about the classification technique and the intrusion detection system favor only the small-scale network systems. The system is not much effective in dealing the network on a large scale.
Techniques Used in IDS
As defined by Waagsnes & Ulltveit-Moe, the intrusion systems that implements classification technique are much better than systems that are developed using other methods. Some of the systems built with classification technique classify the packets that enter into the network (Waagsnes & Ulltveit-Moe, 2018). Each network will have packet transfer within the systems in the same network and also with the systems from the other networks. The packets enter the network only after the network administrator permits the packet. Each packet is thoroughly examined for any attacks and threats. If any packet with threat is detected, they are immediately discarded by the intrusion system (Easttom, 2016). There are two types of intrusion systems, intrusion detection, and intrusion prevention systems. The intrusion detection systems detect the attacks and threats and stop them from attacking the network system. The prevention systems protect the network system from getting affected by these threats. The critical issues and concepts specified by Waagsnes & Ulltveit-Moe are applicable for systems that implement packet classification. The systems that use intrusion detection systems with an enhancement of packet classification have other disadvantages. Waagsnes & Ulltveit-Moe concept works well for systems which transfer packets frequently. The weakness of the paper is it does not concentrate on the entire working of the intrusion system. It focuses only on the inspection of the packet. It does not specify the effectiveness of the classification technique.
According to Ciampa the intrusion detection system must be designed by keeping in mind the environment of the network. If the network is prone to more traffic than the intrusion detection system must be more efficient. The detection system must minimize the ambiguities created by the network traffic. It should protect the system from the traffic generated by the hackers and intruders (Ciampa, 2015). The classification technique in intrusion detection systems is built in the path of the network. This helps in packet filtering. Packet filtering is an important concept since the incoming and outgoing packets carry information that needs protection. If packet filtering technique is applied, the vulnerability of the security attacks can be minimized. Handley’s paper emphasizes the safety of the packet (Fung & Boutaba, 2014). The safety of the network system should be managed by implementing a system that protects the network from intruders and hackers. The strength of the paper is the due emphasize and concentration on the flow of packet. Even though packets play a significant part in the network system, the other components of the system are equally important.
Classification Technique
As defined by Kizza, the wireless network system is the most onerous task. Instead of developing intrusion detection systems for standard network systems, companies can design and build intrusion detection systems for wireless networks. Wireless network systems are more prone to attacks and threats. Thus it requires an intrusion detection system that is of more efficiency. The system must be able to handle the attack and risks and make sure the system is not vulnerable to such intrusions (Kizza, 2013). As wireless networks rely more on these intrusion detection systems, detection system must be selected with utmost care. The denial of service attacks is the remarkable improvement in the network systems. Kizza emphasizes more on the vulnerability of wireless systems and how to overcome it. Even though wireless systems are being used, it has not gained much popularity like the standard network systems (Kizza, 2015). The paper does not give due importance to the classification techniques used in the intrusion detection systems that are used in wireless network systems. The documents that explain the various intrusion detection systems concentrate more and the working of the system rather than the design and development of intrusion detection systems. Most of the detection systems that are built with classification techniques are the ones that are more effective in dealing with the intrusion attacks (Yu, Tsai, & J. J.-P, 2011). The limitations and the disadvantages are more in the systems that deal with more significant network systems.
According to Moskowitz, intrusion detection systems act as a security to the network for which it is installed. Malicious users intrude the network, and this poses a high-security threat to the network system. The intrusion detection systems are designed with the help of classification techniques. The critical issue and the basis of research are to find out which classification technique works well when combined with the intrusion detection system. The classification techniques like k-mean method and neural networks are used in designing intrusion detection systems (Moskowitz, 2015). Anyone of these classification techniques is implemented in the intrusion detection systems. By using these methods, the systems become more secure. There are certain limitations in developing an intrusion detection system with the help of classification technique. Neural network technique is of high efficiency, and it has the capability of exhibiting high accuracy when compared to the other classification techniques (Jackson, Reagan, & Sak, 2010). The disadvantage of neural networks is it takes more time in executing the intrusion detection. Still, it is preferred due to its accuracy. Another classification technique is support vector, and this gives minimal accuracy within a short period. Though Moskowitz specifies the advantages of the classification technique, this paper has certain limitations. The efficiency of the intrusion system is the critical aspect. If the accuracy is less, then the system does not yield good results. The paper must have included more details regarding the classification techniques and their limitations.
Conclusion
In conclusion, the network systems must ensure that the intrusion detection systems are selected according to the network. The working of the intrusion detection system depends on the network and the functionalities within the network. The intrusion detection systems built with classification technique are more effective as compared to the other intrusion detection systems.
References
Chen, Y. (2013). HPNAIDM: The High-Performance Network Anomaly/Intrusion Detection and Mitigation System. doi:10.2172/1108982
Ciampa, M. D. (2015). Security+ guide to network security fundamentals. Boston, MA: Course Technology, Cengage Learning.
Cole, E. (2011). Network Security Bible. Hoboken: John Wiley & Sons, Inc.
Easttom, C. (2016). Computer security fundamentals.
Fung, C., & Boutaba, R. (2014). Intrusion detection networks: A key to collaborative security.
Herrero, A., & Corchado, E. (2011). Mobile hybrid intrusion detection: The MOVICAB-IDS system. Berlin: Springer.
Jackson, C., Reagan, T., & Sak, B. (2010). Network security auditing: The complete guide to auditing network security, measuring risk, and promoting compliance. Indianapolis, IN: Cisco Press.
Kizza, J. M. (2013). Guide to computer network security. London: Springer.
Kizza, J. M. (2015). Guide to computer network security.
M., K. (2011). Intrusion Detection System and Artificial Intelligent. Intrusion Detection Systems. doi:10.5772/15271
Moskowitz, J. (2015). Group Policy: Fundamentals, Security, and the Managed Desktop. Wiley.
Pez, R. (2011). An Agent Based Intrusion Detection System with Internal Security. Intrusion Detection Systems. doi:10.5772/14516
Vacca, J. R. (2014). Network and system security. Amsterdam: Syngress.
Vongpradhip, S., & Plaimart, W. (2011). A Sustainable Component of Intrusion Detection System using Survival Architecture on Mobile Agent. Intrusion Detection Systems. doi:10.5772/15450
Waagsnes, H., & Ulltveit-Moe, N. (2018). Intrusion Detection System Test Framework for SCADA Systems. Proceedings of the 4th International Conference on Information Systems Security and Privacy. doi:10.5220/0006588202750285
Yu, Z., Tsai, & J. J.-P. (2011). Intrusion detection: A machine learning approach. London: Imperial College Press.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
