|IDS deployment strategies||Distributed IDS||
• HIDS can check end-to-end encrypted communications behaviour.|
• No extra hardware is required.
• Detects intrusions by checking the host file system, system calls or network events.
• Every packet is reassembled
• Looks at the entire item, not streams only
• Delays in reporting attacks|
• Consumes host resources
• It needs to be installed on each host.
• It can monitor attacks only on the machine where it is installed.
|• Audits records, log files, Application Program Interface (API), rule patterns, system calls.|
• Do not impose an additional overhead on the sensor nodes.|
• Detects attacks by checking network packets.
• Not required to install on each host.
• Can check various hosts in the same period.
• Capable of detecting the broadest ranges of network protocols
• IoT can be exposed if the centralized IDS is compromised.|
• Challenge is to identify attacks from encrypted traffic.
• Dedicated hardware is required.
• It supports only the identification of network attacks.
• Difficult to analysis a high-speed network.
• The most serious threat is the insider attack.
• Not applicable
For a large scale IoT ecosystem.
• Simple Network Management Protocol (SNMP)|
• Network packets (TCP/UDP/ICMP),
• Management Information Base (MIB)
• Router NetFlow records
• It uses NIDS, HIDS and wireless intrusion detection system (WIDS) presenting success in interoperability across heterogeneous Network types.|
• IDS is likely to be extremely deployable across big and heterogeneous IoT networks,
|• the complexity of the IDS||Various|