Table 2 Comparisons of intrusion detection methodologies
From: Survey of intrusion detection systems: techniques, datasets and challenges
| Â | Advantages | Disadvantages | |
|---|---|---|---|
Detection methods | SIDS | • Very effective in identifying intrusions with minimum false alarms (FA). • Promptly identifies the intrusions. • Superior for detecting the known attacks. • Simple design | • Needs to be updated frequently with a new signature. • SIDS is designed to detect attacks for known signatures. When a previous intrusion has been altered slightly to a new variant, then the system would be unable to identify this new deviation of the similar attack. • Unable to detect the zero-day attack. • Not suitable for detecting multi-step attacks. • Little understanding of the insight of the attacks |
AIDS | • Could be used to detect new attacks. • Could be used to create intrusion signature | • AIDS cannot handle encrypted packets, so the attack can stay undetected and can present a threat. • High false positive alarms. • Hard to build a normal profile for a very dynamic computer system. • Unclassified alerts. • Needs initial training. | |