ANALYSIS OF MACHINE LEARNING ALGORITHM FOR NETWORK INTRUSION DETECTION

 

NETWORK INTRUSION DETECTION 

Network intrusion detection methods are based on both network and host-based detection techniques.

Network-Based Detection

The primary role of network-based IDS is to monitor and analyze network traffic for potential intrusions. Intrusions are generally manifested as aberrant patterns. To discover trends, the network-based intrusion detection system (NIDS) examines all network packets or net flows. The data is high-dimensional, having qualities that are both categorical/discrete and continuous/numerical. Microsoft Network Monitor, Cisco Secure IDS, and Snort are a few examples. This is simple to set up, and there are fewer performance difficulties on the monitored host. Because these NIDS run on a distinct system from the targeted system, they are more resistant to manipulation.

A Network Interface Device (NIDS) is a network device that has a Network Interface Card (NIC) and a separate management interface. It is set at a single or several important locations within the network to monitor incoming and outgoing traffic to and from all network devices. HIDS continually analyses the network system's incoming and outgoing packets; system files are audited, and alarms are given to the system administrator if any dangers are detected. It has the benefit of not requiring any hardware installation because IDS is implemented within the current system components.

Host-based Detection

The intrusion detection system (IDS) is installed on the end host, Web servers, and database servers, and the data from the host is utilized to identify signals of infiltration. Instead of external interfaces, the internals of computer systems such as CPU activity, memory usage, file I/O activity, network activity, and Operating System events are examined. It keeps track of the computer system's dynamic behavior. To determine valid access, the internal resource access pattern is tracked. Host-based intrusion detection systems (HIDS) may be thought of as an agent that runs on the end host and monitors events. HIDS examples include EMERALD, NFR, and others. HIDS monitors the audit record of activity rather than the action itself. After the attacker has accessed the system, the intrusion is noticed. The HIDS makes use of host resources, which may have an impact on the host's real function.