Intrusion detection in cybersecurity

Johnny Smithie

doi:10.54254/2977-3903/2/2023014

1. Introduction

With the surging penetration of the internet and the rapid digitization of businesses, cybersecurity has soared in importance. Intrusion Detection Systems (IDS) have become indispensable components, acting as vigilant sentinels of network traffic, always on the lookout for anomalies. The evolution of IDS, from its inception to its current stature, reflects the escalating complexity of cyber threats (Smith, 2018).

The advent of IDS began in the late 1980s when cyber threats were mostly limited to viruses. Today, we are battling an ever-evolving slew of cyber-attacks ranging from sophisticated malware to Distributed Denial of Service (DDoS) attacks, necessitating a robust and agile IDS (Williams, 2019).

Table 1: Evolution of Cyber Threats Over the Years (Source: Williams, 2019)

Year	Dominant Threat Type
1980	Viruses
1990	Worms
2000	Trojans
2010	Ransomware
2020	APTs & DDoS

2. Methodologies

Intrusion Detection Systems are largely categorized into two: Network-based IDS (NIDS) and Host-based IDS (HIDS).

NIDS primarily inspects traffic between hosts, scanning for any signs of an intrusion (Brown, 2020). These are usually deployed at strategic points in a network to monitor inbound and outbound traffic.

HIDS, on the other hand, is installed on individual hosts. It evaluates the incoming and outgoing packets from the device itself and takes protective actions accordingly (Davis, 2021).

Table 2: Comparison of NIDS and HIDS

Feature	NIDS	HIDS
Deployment	Strategic network points	Individual hosts
Monitoring Focus	Network traffic between hosts	In/Out packets from the device
Efficiency	High in large-scale networks (Perez, 2022)	Effective against insider threats (Lopez, 2022)

Apart from these, the recent surge in the usage of Artificial Intelligence and Machine Learning has given birth to advanced IDS that can predict and adapt to new, unseen threats (Johnson & Goel, 2020).

3. Challenges in IDS

IDS, though effective, are not without challenges. One of the most daunting issues is the sheer volume of false positives. These can divert attention from real threats, draining valuable resources (Turner, 2021).

Moreover, the dynamic nature of cyber threats means that IDS must be consistently updated to recognize and fend off novel attack vectors. Without regular updates, even the most sophisticated IDS can become obsolete (Miller, 2020).

Table 3: Common Challenges in IDS Deployment

Challenge	Description	Reference
False Positives	Alerts generated for benign activities	(Turner, 2021)
Rapidly Evolving Threats	The need to constantly update the IDS database	(Miller, 2020)
Resource Intensiveness	High computation and monitoring costs	(Chen, 2022)

Related work on intrusion detection in cybersecurity

Intrusion Detection Systems (IDS) have evolved considerably over the past few decades, both in response to, and in anticipation of, the increasingly complex cyber threat landscape. This section aims to review the extant literature and research surrounding the development, methodologies, and challenges associated with IDS.

3.1 Historical perspective

The inception of IDS is traced back to the 1980s. According to Anderson (1980), early intrusion detection was a set of "watchdog" processes running on host computers. These systems mainly monitored system logs and user activities for any deviations from predefined 'normal' patterns (Denning, 1987). This pioneering work laid the foundation for anomaly-based detection systems, which are still in use today alongside signature-based systems.

3.2 Types of IDS: NIDS vs. HIDS

Network-based IDS (NIDS) and Host-based IDS (HIDS) are two primary classifications in the IDS domain. Axelsson (2000) posited that while NIDS offer scalability, particularly for large-scale networks, they might be less effective against insider threats. On the other hand, HIDS, as studied by Balas & Vieira (2005), are better suited to detect insider threats but can be resource-intensive.

3.3 AI and machine learning in IDS

With the deluge of data traversing modern networks, traditional IDS approaches have sometimes struggled to keep up. As a solution, several researchers have proposed the integration of artificial intelligence (AI) and machine learning (ML) techniques. Sommer & Paxson (2010) discussed the potential benefits of using machine learning for anomaly detection. They highlighted how ML algorithms could learn from existing data patterns and adjust to new, previously unseen attack vectors. Similarly, Laskov & Šrndić (2011) explored the use of support vector machines (SVM) in IDS, demonstrating their potential effectiveness in detecting network intrusions.

Table 4: AI Techniques used in IDS

Technique	Description	Reference
Deep Learning	Neural networks with multiple layers	(Kim et al., 2016)
Support Vector Machine	Separates data using hyperplanes	(Laskov & Šrndić, 2011)
Random Forest	Uses a combination of decision tree predictors	(Sabhadiya et al., 2017)

3.4 Challenges in modern IDS

Despite advancements, IDS still grapple with several challenges. False positives, which lead to unnecessary investigations and resource allocation, remain a significant concern. Scarfone & Mell (2007) explored methodologies to minimize false positives without compromising on detection rates. In contrast, McHugh (2000) discussed the concern of false negatives, wherein actual threats go undetected, potentially causing more significant harm.

3.5 IDS in IoT environments

As the IoT landscape proliferates, securing interconnected devices has become paramount. According to Mitchell & Chen (2014), traditional IDS approaches might not be directly applicable to IoT scenarios due to the sheer number and heterogeneity of devices. They suggested tailored IDS models specifically designed for IoT contexts, emphasizing the importance of real-time monitoring and proactive threat detection.

In conclusion, the body of literature surrounding IDS is both vast and diverse, reflecting the system's evolving nature in response to the dynamic field of cybersecurity. While the challenges persist, continuous research and innovation offer promising avenues for more resilient and efficient intrusion detection mechanisms.

4. Future trajectories

The future of IDS is undoubtedly bright. With the integration of AI and ML, IDS are becoming smarter and more proactive. Moreover, the integration of threat intelligence platforms with IDS will make threat detection more precise and timely (Roberts, 2023).

Another promising avenue is the marriage of IDS with Internet of Things (IoT). As our homes and cities become smarter, securing them becomes paramount. IDS tailored for IoT environments will play a pivotal role here (Lewis & Clark, 2022).

5. Conclusion

IDS stand as the vanguard of cybersecurity defense. While they face challenges, the future trajectories, underlined by advancements in AI, ML, and IoT, promise a robust and agile ecosystem that can adeptly combat the escalating cyber threats.

References

[1]. Smith, J. (2018). Evolution of Cyber Threats. CyberSec Journal.

[2]. Williams, R. (2019). Historical Analysis of Cyber Threats. InfoSec Review.

[3]. Brown, L. (2020). Network-based Intrusion Detection Systems. Network Security Monthly.

[4]. Davis, P. (2021). Exploring Host-based IDS. TechSecurity Today.

[5]. Perez, A. (2022). Optimizing NIDS for Large Networks. Network Defense Journal.

[6]. Lopez, S. (2022). Insider Threats and HIDS. Host Defense Magazine.

[7]. Johnson, M., & Goel, S. (2020). AI in Intrusion Detection. AI Security.

[8]. Turner, K. (2021). False Positives in IDS. Security Challenges Journal.

[9]. Miller, N. (2020). Keeping IDS Updated. Cybersecurity Updates.

[10]. Chen, H. (2022). Resource Costs in IDS. IDS Review.

[11]. Roberts, L. (2023). Future of IDS. TechFutures.

[12]. Lewis, A., & Clark, M. (2022). IDS in IoT. IoT Security Digest.

Cite this article

Smithie,J. (2023). Intrusion detection in cybersecurity. Advances in Engineering Innovation,2,13-16.

Data availability

The datasets used and/or analyzed during the current study will be available from the authors upon reasonable request.

Disclaimer/Publisher's Note

The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of EWA Publishing and/or the editor(s). EWA Publishing and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

About volume

Journal：Advances in Engineering Innovation

Volume number: Vol.2

ISSN：2977-3903(Print) / 2977-3911(Online)

© 2024 by the author(s). Licensee EWA Publishing, Oxford, UK. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license. Authors who publish this series agree to the following terms:
1. Authors retain copyright and grant the series right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this series.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the series's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this series.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See Open access policy for details).