Research Advances in Intrusion Detection Systems: A Survey

Dr. Yingbing Yu , Art and Dr. Art Shindhelm

Department of Computer Science, Western Kentucky University,

Intrusion detection systems (IDSs) attempt to monitor computer networks and systems for violations of security policy. IDSs can be classified, from the detection point of view, into two main approaches: misuse detection and anomaly detection. Misuse (knowledge or signature-based) IDSs look for specific patterns that define a known attack. Anomaly (behavior-based) IDSs assume the deviation of normal activities under attacks and perform abnormal detection compared with a predefined system or user behavior reference model. This paper is to provide s an in-depth survey of current trends in both misuse and anomaly intrusion detection together with a survey of techniques in the academic research. It presents a review about of the evolution of intrusion detection systems over the past two decades. It mainly focuses on recent research advances and trends in anomaly IDSs, including the application of statistics, machine learning, fuzzy logic, neural network, computer immunology, and data mining techniques in this area.