What Intrusion Detection System (IDS) is ?

Hi everyone, welcome back to Aze IT Studio post. Today i am going to tell you about Intrusion Detection System (IDS).

Here we go

Fig 1. IDS Architecture

Intrusion Detection System (IDS) is combination of hardware and software which has function to monitor network or system from mallicious activity. When performing detection, IDS use three main information which are detector, system configuration, and audit information as shown in fig 1.

General method used for IDS is divided into three which are rule based, artificial intelligence, and computational method. For sub method, it will be shown in figure below.

Fig 2. General Method of IDS

Several IDS Classification :

IDS Classification Based on Deployment:

• Network-based Intrusion Detection System (NIDS)

NIDS is a system which use to monitor all traffic to host because it is located on network level which able to capture data and perform feature selection with known attack pattern.

• Host-based Intrusion Detection System (HIDS)

Host-based IDS is built with single infrastructure / single computer host. HIDS has function to monitor all host activity from log system, operating system, and application to detect intrusion. There are some of system is reactive which means when there is something worng happen it will give alert to host. But there are also some system is proactive which means it will give alert in realtime.

IDS Classification Based on System Structure :

• Centralized IDS

Centralized IDS is IDS which detect intrusion in a monitoring system / network which its analysis is performed in single location.

• Distributed IDS 

Distributed IDS is system which data analysis is performed in several host in the network. On this system is also used grid computation technique as intrution pattern recognition.

IDS Classification Based on Time :

• Real Time IDS

Realtime IDS is IDS which detect intrusion when it is running on the system but in real application, the main concern is false alarm rate and accuration detection rate.

• Off-time IDS

Off–time IDS is IDS which work by log analysis mechanism by gathered log pattern into a repository and the pattern will be analyzed using recognized intrusion pattern on system.

IDS Classification Based on Detection Method :

• Knowledge-Based (Misuse Detection) IDS

Knowledge–based or Signature–Based IDS is detection method by matching the obtained pattern with attack pattern on database. The drawback of this system is hard to recognized new attack pattern which are not recorded on database. But it is also has advantage on low false alarm and resource efficiency.

• Behaviour-Based (Anomaly Detection) IDS

Behaviour based IDS is detection based on behaviour of system when normal and abnormal. To determine the result, this system is reffer to threshold which have been set to determine whether the activity on system is normal or abnormal.

IDS pattern recognition process is divided into several steps. First step is data acquisition (data collection process), after that preprocessing is perform to cluster data into several groups. Next step is data extraction and data selection then classification, and the last step is determine whether this packet is categorized as normal or attack packet.

Fig 3. Pattern Recognition on IDS System

That's all for today everyone. Don't forget to stay tune in Aze IT Blog, share to your social media, and keep learning. 

Thank you everyone.... 

Sources : 

[1] C. A. Winanto. Deteksi serangan Denial of Service mengunakan Artificial Immune System. Annual Research Seminar. Vol.2. No.1. Hal. 456–459. 2016.

[2] S. Akbar. Intrusion Detection System Methodologies Based on Data Analysis. International Journal Computer Application (0975 – 8887), vol. 5, no.2. Hal. 10–20, 2010.

[3] Z. Dewa and L. A. Maglaras. Data Mining and Intrusion Detection Systems. International Journal Advanced Computer Science Application. vol. 7. no. 1. Hal. 62–71. 2016.