Table 5 Comparisons of IDS technology types, using examples from the literature. “P” indicates pre-defined attacks and “Z” indicates zero-day attacks
From: Survey of intrusion detection systems: techniques, datasets and challenges
Detection Source | HIDS | NIDS | Capability | ||
|---|---|---|---|---|---|
Detection methods | SIDS | Wagner and Soto (2002) | Hubballi and Suryanarayanan (2014) | P | |
AIDS | Statistics based | Ara, Louzada & Diniz (2017) | Z | ||
Knowledge-based | Mitchell and Chen (2015) Creech and Hu (2014b) | Hendry and Yang (2008) Shakshuki, et al. (2013) Zargar, et al. (2013) | |||
Machine learning | Du, et al. (2014) Wang, et al. (2010) | Elhag, et al. (2015); | |||
SIDS+ AIDS | Alazab, et al. (2014); Stavroulakis and Stamp (2010); Liu, et al. (2015) | P + Z | |||