Intrusion Detection Systems: A Cross-Domain Overview

by   LionelTidjon, et al.

The cybersecurity ecosystem continuously changes with the growth of cyber threats. Threat actors exploit different tactics, techniques, and procedures against the confidentiality, integrity, and availability of sensitive information. To protect the network perimeters, Intrusion Detection Systems (IDSs) allow taking defensive courses of actions by providing real-time, proactive and operational insights about cyber threat activities. They use different intrusion detection techniques to transform unbounded events into actionable information for counter-measures. These techniques are often limited when processing huge amounts of event streams. Event stream processing (ESP) approaches are potential solutions that leverage multiple event streams to provide a holistic view of network security postures and faster detection. In this context, the paper describes domains (including their vulnerabilities) on which recent work is based. The paper also surveys standards for vulnerability assessment and attack classification. Next, the paper provides a classification of IDSs, evaluation metrics, and datasets. The paper also presents the technical details of IDS and ESP approaches followed by an evaluation of recent work relying on these approaches. The evaluation covers different axes: domains, architectures, and local communication technologies. Finally, the paper discusses challenges and strategies to improve IDS in terms of accuracy, performance, and robustness.


Assessment of Cyber-Physical Intrusion Detection and Classification for Industrial Control Systems

The increasing interaction of industrial control systems (ICSs) with pub...

An overview of Intrusion Detection and Prevention Systems

Cyber threats are increasing not only in their volume but also in their ...

Network intrusion detection systems for in-vehicle network - Technical report

Modern vehicles are complex safety critical cyber physical systems, that...

Evaluation of Network Based IDS and Deployment of multi-sensor IDS

Cloud-based and network-based technology has witnessed an exponential ri...

A Holistic Approach to Evaluating Cyber Security Defensive Capabilities

Metrics and frameworks to quantifiably assess security measures have ari...

Cyberattack Action-Intent-Framework for Mapping Intrusion Observables

The techniques and tactics used by cyber adversaries are becoming more s...

Modern Problems Require Modern Solutions: Hybrid Concepts for Industrial Intrusion Detection

The concept of Industry 4.0 brings a disruption into the processing indu...