Skip to main content

Table 2 Comparisons of intrusion detection methodologies

From: A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges

  Advantages Disadvantages
Detection methods SIDS • Very useful in identifying intrusions with minimum false alarms (FA).
• Promptly identifies the intrusions.
• Superior for detecting the known attacks.
• Simple design
• It needs to be updated frequently with a new signature.
• SIDS is designed to detect attacks for known signatures. When a previous intrusion has been altered slightly to a new variant, then the system would be unable to identify this new deviation of a similar attack.
• Unable to detect the zero-day attack.
• Not suitable for detecting multi-step attacks.
• Little understanding of the insight of the attacks
AIDS • It could be used to detect new attacks.
• Could be used to create intrusion signature
• AIDS cannot handle encrypted packets, so the attack can stay undetected and can present a threat.
• High false positive alarms.
• Hard to build a normal profile for a very dynamic computer system.
• Unclassified alerts.
• It needs initial training.