A Comparative Analysis of Signature-Based and Anomaly-Based Intrusion Detection Systems
Article Sidebar
Main Article Content
Abstract: This paper presents a comprehensive comparative analysis of Signature-Based and Anomaly-Based Intrusion Detection Systems (IDS) using key performance metrics such as detection accuracy, false positive rate, adaptability to new threats, computational overhead, maintenance effort, scalability, and real-time performance. By examining these metrics, the study highlights the strengths and limitations of each IDS approach in handling both known and emerging cybersecurity threats. Signature-Based IDS demonstrates high accuracy and low false positives but struggles with adaptability and maintenance demands, while Anomaly-Based IDS offers better adaptability and threat detection versatility at the cost of increased false positives and resource consumption. The analysis emphasizes that an optimal IDS solution should consider the specific security needs and operational context of the deployment environment. The findings suggest that a hybrid approach, leveraging the complementary advantages of both techniques, can provide a more robust and resilient defense against the growing complexity of cyberattacks in modern networks.
Downloads
References
Axelsson, S. (2000). Intrusion detection systems: A survey and taxonomy. Technical Report, Department of Computer Engineering, Chalmers University of Technology.
Denning, D. E. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, SE-13(2), 222–232. [https://doi.org/10.1109/TSE.1987.232894] (https://doi.org/10.1109/TSE.1987.232894)
Liao, H. J., Lin, C. H. R., Lin, Y. C., & Tung, K. Y. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1), 16–24. [https://doi.org/10.1016/j.jnca.2012.09.004] (https://doi.org/10.1016/j.jnca.2012.09.004)
Scarfone, K., & Mell, P. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800-94. National Institute of Standards and Technology.
Patcha, A., & Park, J. M. (2007). An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51(12), 3448–3470. [https://doi.org/10.1016/j.comnet.2006.09.001] (https://doi.org/10.1016/j.comnet.2006.09.001)
Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey of intrusion detection techniques in cloud. Journal of Network and Computer Applications, 36(1), 42–57. [https://doi.org/10.1016/j.jnca.2012.05.003] (https://doi.org/10.1016/j.jnca.2012.05.003)
Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153–1176. [https://doi.org/10.1109/COMST.2015.2494502] (https://doi.org/10.1109/COMST.2015.2494502)
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., & Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1–2), 18–28. [https://doi.org/10.1016/j.cose.2008.08.003] (https://doi.org/10.1016/j.cose.2008.08.003)
Roesch, M. (1999). Snort - Lightweight Intrusion Detection for Networks. Proceedings of the 13th USENIX Conference on System Administration, 229–238.
Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. 2010 IEEE Symposium on Security and Privacy, 305–316. [https://doi.org/10.1109/SP.2010.25] (https://doi.org/10.1109/SP.2010.25)
Tsai, C. F., Hsu, Y. F., Lin, C. Y., & Lin, W. Y. (2009). Intrusion detection by machine learning: A review. Expert Systems with Applications, 36(10), 11994–12000. [https://doi.org/10.1016/j.eswa.2009.05.029] (https://doi.org/10.1016/j.eswa.2009.05.029)
Ahmed, M., Mahmood, A. N., & Hu, J. (2016). A survey of network anomaly detection techniques. Journal of Network and Computer Applications, 60, 19–31. [https://doi.org/10.1016/j.jnca.2015.11.016] (https://doi.org/10.1016/j.jnca.2015.11.016)
Debar, H., Dacier, M., & Wespi, A. (2000). A revised taxonomy for intrusion-detection systems. Annales des Télécommunications, 55(7–8), 361–378. [https://doi.org/10.1007/BF02994709] (https://doi.org/10.1007/BF02994709)
Lee, W., & Stolfo, S. J. (1998). Data mining approaches for intrusion detection. Proceedings of the 7th USENIX Security Symposium, 79–93.
Kim, G., Lee, S., & Kim, S. (2014). A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Systems with Applications, 41(4), 1690–1700. [https://doi.org/10.1016/j.eswa.2013.08.066] (https://doi.org/10.1016/j.eswa.2013.08.066)
This work is licensed under a Creative Commons Attribution 4.0 International License.
All articles published in our journal are licensed under CC-BY 4.0, which permits authors to retain copyright of their work. This license allows for unrestricted use, sharing, and reproduction of the articles, provided that proper credit is given to the original authors and the source.