Systematic Literature Review over IDPS, Classification and Application in its Different Areas

Abstract

Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). Network security is vital for any organization connected to the Internet. Rock solid network security is a major challenge that can be overcome by strengthening the network against threats such as hackers, malware, botnets, data thieves, etc. Firewalls, antivirus, and intrusion detection systems are used to protect the network. The firewall can control network traffic, but reliance on this type of security alone is not enough. Attackers use open ports such as port 80 of the web server (http) and port 110 of the POP server to infiltrate networks. The Intrusion Detection System (IDS) minimizes security breaches and improves network security by scanning network packets to filter out malicious packets. Real-time detection with prevention using Intrusion Detection and Prevention Systems (IDPS) has elevated network security to an advanced level by strengthening the network against malicious activities. In this Survey paper focuses on Classifying various kinds of IDS with the major types of attacks based on intrusion methods. Presenting a classification of network anomaly IDS evaluation metrics and discussion on the importance of the feature selection. Evaluation of available IDS datasets discussing the challenges of evasion techniques.