Intrusion Detection Systems: A Cross-Domain Overview
share
The cybersecurity ecosystem continuously changes with the growth of cyber threats. Threat actors exploit different tactics, techniques, and procedures against the confidentiality, integrity, and availability of sensitive information. To protect the network perimeters, Intrusion Detection Systems (IDSs) allow taking defensive courses of actions by providing real-time, proactive and operational insights about cyber threat activities. They use different intrusion detection techniques to transform unbounded events into actionable information for counter-measures. These techniques are often limited when processing huge amounts of event streams. Event stream processing (ESP) approaches are potential solutions that leverage multiple event streams to provide a holistic view of network security postures and faster detection. In this context, the paper describes domains (including their vulnerabilities) on which recent work is based. The paper also surveys standards for vulnerability assessment and attack classification. Next, the paper provides a classification of IDSs, evaluation metrics, and datasets. The paper also presents the technical details of IDS and ESP approaches followed by an evaluation of recent work relying on these approaches. The evaluation covers different axes: domains, architectures, and local communication technologies. Finally, the paper discusses challenges and strategies to improve IDS in terms of accuracy, performance, and robustness.
READ FULL TEXT