Table 2 Comparisons of intrusion detection methodologies
Advantages | Disadvantages | ||
|---|---|---|---|
Detection methods | SIDS | • Very useful in identifying intrusions with minimum false alarms (FA). • Promptly identifies the intrusions. • Superior for detecting the known attacks. • Simple design | • It needs to be updated frequently with a new signature. • SIDS is designed to detect attacks for known signatures. When a previous intrusion has been altered slightly to a new variant, then the system would be unable to identify this new deviation of a similar attack. • Unable to detect the zero-day attack. • Not suitable for detecting multi-step attacks. • Little understanding of the insight of the attacks |
AIDS | • It could be used to detect new attacks. • Could be used to create intrusion signature | • AIDS cannot handle encrypted packets, so the attack can stay undetected and can present a threat. • High false positive alarms. • Hard to build a normal profile for a very dynamic computer system. • Unclassified alerts. • It needs initial training. | |