Hi everyone, welcome back to Aze IT Studio post. Today i am going to tell you about Intrusion Detection System (IDS).
Here we go

Fig 1. IDS Architecture
Intrusion Detection System (IDS) is combination of hardware and software which has function to monitor network or system from mallicious activity. When performing detection, IDS use three main information which are detector, system configuration, and audit information as shown in fig 1.
General method used for IDS is divided into three which are rule based, artificial intelligence, and computational method. For sub method, it will be shown in figure below.

Fig 2. General Method of IDS
Several IDS Classification :
IDS Classification Based on Deployment:
- Network-based Intrusion Detection System (NIDS)
NIDS is a system which use to monitor all traffic to host because it is located on network level which able to capture data and perform feature selection with known attack pattern.
- Host-based Intrusion Detection System (HIDS)
Host-based IDS is built with single infrastructure / single computer host. HIDS has function to monitor all host activity from log system, operating system, and application to detect intrusion. There are some of system is reactive which means when there is something worng happen it will give alert to host. But there are also some system is proactive which means it will give alert in realtime.
IDS Classification Based on System Structure :
- Centralized IDS
Centralized IDS is IDS which detect intrusion in a monitoring system / network which its analysis is performed in single location.
- Distributed IDS
IDS Classification Based on Time :
- Real Time IDS
Realtime IDS is IDS which detect intrusion when it is running on the system but in real application, the main concern is false alarm rate and accuration detection rate.
- Off-time IDS
IDS Classification Based on Detection Method :
- Knowledge-Based (Misuse Detection) IDS
- Behaviour-Based (Anomaly Detection) IDS
IDS pattern recognition process is divided into several steps. First step is data acquisition (data collection process), after that preprocessing is perform to cluster data into several groups. Next step is data extraction and data selection then classification, and the last step is determine whether this packet is categorized as normal or attack packet.

Fig 3. Pattern Recognition on IDS System
That's all for today everyone. Don't forget to stay tune in Aze IT Blog, share to your social media, and keep learning.
Thank you everyone....
[1] C. A. Winanto. Deteksi serangan Denial of Service mengunakan Artificial Immune System. Annual Research Seminar. Vol.2. No.1. Hal. 456–459. 2016.
[2] S. Akbar. Intrusion Detection System Methodologies Based on Data Analysis. International Journal Computer Application (0975 – 8887), vol. 5, no.2. Hal. 10–20, 2010.
[3] Z. Dewa and L. A. Maglaras. Data Mining and Intrusion Detection Systems. International Journal Advanced Computer Science Application. vol. 7. no. 1. Hal. 62–71. 2016.
Posting Komentar