Skip to main content

Table 2 Comparisons of intrusion detection methodologies

From: A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges




Detection methods


• Very useful in identifying intrusions with minimum false alarms (FA).

• Promptly identifies the intrusions.

• Superior for detecting the known attacks.

• Simple design

• It needs to be updated frequently with a new signature.

• SIDS is designed to detect attacks for known signatures. When a previous intrusion has been altered slightly to a new variant, then the system would be unable to identify this new deviation of a similar attack.

• Unable to detect the zero-day attack.

• Not suitable for detecting multi-step attacks.

• Little understanding of the insight of the attacks


• It could be used to detect new attacks.

• Could be used to create intrusion signature

• AIDS cannot handle encrypted packets, so the attack can stay undetected and can present a threat.

• High false positive alarms.

• Hard to build a normal profile for a very dynamic computer system.

• Unclassified alerts.

• It needs initial training.