WHAT IS NETWORK INTRUSION DETECTION?

NETWORK INTRUSION DETECTION  

 

What is Network Intrusion Detection?

The advancement of networking technology has increased the Internet's importance in several fields of human civilization. While the Internet expands its worldwide reach, hackers become more adept at using the benefits of Internet openness to accelerate their attacks at an alarming rate. The increased scope and severity of cyberattacks than ever before is causing internet companies and organizations to panic in order to keep ahead of thieves. Intrusion detection is merely the first stage of an industrial control system's security system.

 Professionals continue to make the most significant security judgments due to the criticality of the industrial control system. As a result, a basic intrusion alert has a relatively restricted role in the security system, and deep learning intrusion detection models fail to give more information due to a lack of explanation. Deep learning approaches can only be used to identify intrusions in industrial control networks as a result of this limitation. 

We examined the deep neural network (DNN) model and the interpretable classification model from the standpoint of information, and we explained the relationship between the DNN model's calculation process and the classification process. The anomalies that arise during the computation of the DNN model compared to the normal samples might be discovered by comparing the normal samples with the abnormal samples. Based on this, a layer-wise relevance propagation approach was developed to translate the irregularities in the calculation process to attribute anomalies. 

Simultaneously, because the data collection may already contain some important information, we established filtering criteria for a low-cost data set, so that the calculation result is given in a more accurate manner, which should help professionals lock and handle infiltration risks more rapidly.

Recent technological advances in deep learning capabilities for feature representation with vast volumes of data have triggered a revolution in creating effective IDS to attain new performance levels and protect computer networks from assaults resulting from an ever-changing threat landscape. Despite the fact that these approaches have made progress in the field of intrusion detection, the bulk of improvement has been seen on supervised tasks, which require appropriate and varied labeled data for training.

Network-based intrusion detection systems (NIDS) monitor and analyze all traffic on the target network using strategically placed probes. While host-based detection cannot detect a ping sweep or a port scan across numerous hosts, network-based intrusion detection systems can. When these reconnaissance assaults are detected, network-based sensors produce an alarm. The capabilities of intrusion detection probes must grow in tandem with network speeds. More probes can be added as the network expands to guarantee optimal coverage and security. None of these technologies were particularly good in promptly identifying assaults; instead, they were mostly employed as forensic tools to investigate security events after the fact.

Network by checking multiple hosts' audit trails. Because attempted attacks might occur through the network, network-based IDS must monitor numerous events created on many hosts in order to combine adequate evidence. Because most hosts are networked and assaults may be initiated remotely, this research focuses on network-based intrusion detection systems (IDS). Anomaly and abuse are two detection approaches that are utilized in both network-based and host-based intrusion detection systems.

However, in a real-world network setting, identifying a huge volume of network traffic data is time-consuming and error-prone. Given these constraints, the development of IDS-based unsupervised deep learning techniques is gaining momentum, with critical practical implications. These methods do not require labeled data for training and have the ability to detect intrusion activities in network traffic without previous knowledge of the intrusion behavior.

People all around the world use many internet-connected gadgets in their personal and professional lives on a daily basis. Because of the growing usage of the internet, there has been an increase in internet security concerns, such as network assaults. These attacks are damaging to device functionality since they can access the system's permitted data. An Intrusion Detection System (IDS) is intended to protect a network against network assaults and threats.

The Intrusion Detection System (IDS) monitors network traffic for suspicious activity and recognized threats and sends warnings when such actions are detected in the network system. The most vital and concerning parameter regarding one's data in a network is the security guarantee that the critical data will be protected from third-party intrusion attackers. As technology advances, new ways are being developed to attain this purpose. As we've seen, the same technology that was developed to defend cyberspace is now being utilized to commit security breaches.

                 Type of Attacks 

Denial of Service (DOS): DOS attacks primarily flood the server, system, or network with unnecessary packets. As a result, the system's buffer gets filled, rendering it impossible to react to and return to the legitimate request. This type of attack causes a network or system to shut down, rendering it inaccessible to the intended users. The primary goal of this attack is to devour the target's memory or other resources.

Remote to Local (R2L): Unauthorized access is described as intruding into a distant machine and gaining local access to the target machine. The attacker exploits existing weaknesses to get access to the target account, such as password guessing, IMAP, and FTP write.

User to Root (U2R): In this assault, the attacker gained access to the target system through legitimate user authentication and was able to exploit some weakness or problem to get root access [13]. The intruder gains access to a normal user account before progressing to root-user status by exploiting numerous system vulnerabilities. The most popular U2R vulnerabilities are buffer overflow attacks, load-module assaults, and Perl.

Probing: A probe is described as an attack that scans a network to obtain information or to uncover known vulnerabilities. An intruder with a map of accessible machines and services on a network might use the information to seek for exploits. The attacker gains access to the security frame in order to gather important data from the target machine, such as port scanning.