Читать книгу Intelligent Network Management and Control - Badr Benmammar - Страница 15

Intrusion detection is defined as the process of intelligent monitoring of events occurring in a computer system or network and their analysis in search for signs of security policy breach (Bace 2000). The main objective of intrusion detection systems is to protect network availability, confidentiality and integrity. Intrusion detection systems are defined both by the method used to detect the attacks and by their location in the network. The intrusion detection system can be deployed as a network- or host-based system in order to detect the anomalies. Abusive use is detected based on the correspondence between known models of hostile activities and the database of previous attacks. These models are very effective for identifying known attacks and vulnerabilities, but less relevant in identifying new security threats. Anomaly detection looks for something rare or uncommon, applying statistical or intelligent measurements to compare the current activity to previous knowledge. Intrusion detection systems rely on the fact that they often need many data for the artificial learning algorithms. They generally require more computer resources, as several metrics are often preserved and must be updated for each system activity (Ahmad et al. 2016). The intrusion detection expert system (IDES) (Lunt 1993) developed by Stanford Research Institute (SRI) formulates expert knowledge on the known models of attack and vulnerabilities of the system in the form of if–then rules. The time-based inductive machine (Teng and Chen 1990) learns several sequential models to ensure the detection of anomalies in a network. Several approaches using the artificial neural networks for intrusion detection systems have been proposed (Kang and Kang 2016; Kim et al. 2016; Vinayakumar et al. 2017; Hajimirzaei and Navimipour 2019). AI-based techniques are categorized in various classes (Mukkamala and Sung 2003a; Novikov et al. 2006).