Host-based Intrusion Detection Using Signature-based and AI-driven Anomaly Detection Methods

Abstract

[...]the survey concludes with a discussion of future IDS research directions and broader observations. [...]the NIDS is frequently completely transparent to the systems it is monitoring, allowing for excellent isolation and making NIDSs significantly less susceptible to interference from an attacker. The signature-based approach involves searching the received events for well-known attack patterns, whereas the anomaly-based approach seeks to detect new and unknown attacks by modelling the activities that are considered normal within a system and identifying potential attacks from behaviours that deviate from the known normal behaviour patterns.5 2.2.1 Signature-based Signature intrusion detection systems (SIDS) use pattern matching techniques to detect a known attack; these are also referred to as Knowledge-based Detection or Misuse Detection.6 Matching methods are used in SIDS to locate a previous intrusion triggering an alarm signal whenever an intrusion signature matches one from a previous intrusion existing in the signature database. [...]Windows registry and file systems have also been used as sources of information, although more seldom.