With widespread use of internet services, the network scale is expanding on daily basis and as the network scale increases so will the scale of security threats which can be applied to system connected to the network. Viruses and Intrusions are amongst most common threats that affects computer systems. Virus attacks can be controlled by proper antivirus installation and by keeping the antivirus up to date. Whereas any unauthorized access in the computer system by an intruder can be termed as Intrusion and controlled by IDS. Intruders can be grouped into two major categories which are external and internal Intruders. External intruders are individuals who are not authorized to access the system and attack it using various techniques. Internal intruders are individuals who are authorized to access the system but perform unauthorized activities on the system. An IDS watches activities performed on the network and searches for malicious …show more content…
Misuse detection is used to identify previously known attacks for which they require before hand knowledge of attack signature. the disadvantage of this method is that prior knowledge of the attack is required and hence new attacks cannot be identified until new attacks signature have been developed for them. In anomaly detection system monitors activity to detect any significant deviation from normal user behavior compared to known user standard behavior, this type of intrusion detection can effectively protect against both well known and new attacks since no prior knowledge about intrusion is required.
One of the most significant aspects of Intrusion Detection System is the use of Artificial Intelligence techniques[39] to train the IDS about possible threats and gather information about the various traffic patterns to infer rules based on these patterns to distinguish between to differentiate between normal and intrusive