Articles

A Literary Review of Pattern Matching Techniques in Network Intrusion Detection

With the exponential growth in devices and services being added to networks, we are also witnessing an increase in the volume and complexity of threats, urging an increased efficiency in network intrusion detection systems which primarily rely on pattern matching to identify malicious activity on the network. In this literary review of pattern matching techniques in network intrusion detection, we explore the limitations and the research carried out in both signature-based and anomaly-based intrusion detection systems to overcome them. It focuses on the performance improvements in signature-based intrusion detection systems achieved through methodologies and technologies like regular expressions, Hyperscan, RE2, Flashtext, a generalized Aho-Corasick algorithm, usage of Bloom filters and payload sampling. It also covers the usage of machine learning techniques, including genetic algorithms, Support Vector Machines (SVM) and Improved Self-Adaptive Bayesian Algorithm (ISABA), which are used to detect anomalous behavior and identify potential threats in a network in anomaly-based network intrusion detection to assist the security analysts carry out their job functions. Additionally, this review explores the integration of the MITRE ATT&CK framework and Security Information and Event Management (SIEM) systems in network intrusion detection as this framework provides a structured and standardized approach for analyzing the tactics and techniques used by attackers to classify them, while SIEM systems enable the correlation of threat activity across multiple sources, allowing for a more comprehensive and accurate view of the network security. Overall, this literary review provides insights into the state-of-the-art techniques and frameworks used in Network Intrusion Detection based on Pattern Matching, highlighting the significant improvements in performance and detection capabilities.

A Review on Machine Learning Based Approaches of Network Intrusion Detection Systems

The rapid growth of using the Internet raises the possibility of network attacks. In order to secure internal networks, intrusion detection systems are widely employed to address a major research challenge in network security, which aims to efficiently detect unusual access or attacks. To do so, various intrusion detection systems approaches based on the concepts of machine learning algorithms have been developed in the literature to tackle computer security threats. These IDs approaches can be broadly classified into Signature-based Intrusion Detection Systems and Anomaly-based Intrusion Detection Systems. This review paper presents a taxonomy of current intrusion detection systems (IDs), a comprehensive review of significant recent works, and a variety of recent attacks that can be detected in the network environment.