Designing Intrusion Detection Systems: Architectures, Challenges and Perspectives

Abstract

Computer security is defined as the protection of computing systems against threats to confidentiality, integrity, and availability. There are two types of intruders: the external intruders who are unauthorized users of the machines they attack, and internal intruders, who have permission to access the system with some restrictions. Due to increasing incidents of cyber attacks, building effective intrusion detection systems are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. We present the state-of-the-art of the evolution of intrusion detection systems and address some of the research challenges to design efficient and effective intrusion detection systems. Further distributed intrusion detection systems are presented which could be used to detect and prevent attacks that would be invisible to any single system or whose significance would be missed if information from only a single system were available. We finally illustrate how a data mining approach could reduce abundant/redundant and noisy data and design effective intrusion detection systems