Study of Intrusion Detection Systems

Modern network systems have much trouble in security vulnerabilities such as buffer overflow, bugs in Microsoft Internet, sensor network routing protocol too simple, security flaws of applications, and operating systems. Moreover, wireless devices such as smart phones, personal digital assistants (PDAs), and sensors have become economically feasible because of technological advances in wireless communication and manufacturing of small and low-cost sensors. There are typologies of vulnerabilities to be exploited in these devices. In order to improve securities, many mechanisms are adopted, including authentication, cryptography, access control, and intrusion detection systems (IDS). In general, intrusion detection techniques can be categorized into two groups: misuse detection and anomaly detection. The misuse detection systems use patterns of well-known attacks or weak spots of the systems to identify intrusions. The weakness of misuse detection systems is unable to detect any future (unknown) intrusion until corresponding attack signatures are intruded into the signature database. Anomaly detection methods try to determine whether the deviation is from the established normal usage patterns or not. The critical success of anomaly detection relies on the model of normal behaviors.