Introduction
Intrusion detection and prevention systems (IDPS) are security tools that are often utilized to mitigate potential security violations and ensure that the computers and the whole network are safe. Most cases of intrusion occur when hackers intend to compromise the system and gain access to the most sensitive areas of the network (Baykara & Das, 2018). Therefore, it may be rather important to look at how the existing evidence aligns against the future challenges and opportunities to see how the IDPSs could be enhanced in the most reasonable way.
State-of-The-Art
The deployment of IDPSs lays down the foundation for networks that are adequately protected against a variety of threats based on abnormal behavior and data breach attempts. The first models required the system to react to misfeasance, internal attacks, and external infiltrations (Wang, 2017). Initially, an anomaly-based methodology was developed to protect networks in real-time and limit the number of system penetrations with the aid of identification and monitoring logs. Birkinshaw et al. (2019) mention that some of the current frameworks are in use for decades, proving that network security grows around the initial developments and the majority of innovations serve the general purpose. Detection and prevention instruments are intended to ensure a collaborative approach to network security and enrich the pool of algorithms required to establish an alert correlation. According to Wang (2017), the accuracy of detection activities and investigation of false positives are recurrently enhanced via the deployment of combinations of IDPSs.
Comparison of Methodologies
The anomaly-based methodology requires a baseline profile to be developed and applied in order to help network security staff identify and remove threats. This methodology can be defined as an essential means of establishing the sample of ‘normal’ behavior of the network that can be utilized later to monitor the system and spot suspicious activity (Aljawarneh et al., 2018). The environment in question may include user behaviors, network particularities, and numerous other variables that could affect the outcomes of interacting with the system. Anomaly-based methodologies offer both dynamic and fixed profiles for coping with network breaches.
The signature-based methodology is based on the process of comparing signatures traveling through the network to the ones that are already present in the network files. As it is put by Li et al. (2019), signature-based methods represent one of the fastest ways of highlighting a known attack or spotting irregular behavior. Violations of the given security policy are always reported to the network officials, as the environment is monitored relentlessly to help the team inspect all kinds of activities within the system (Khraisat et al., 2019). The key difference between the signature-based and the anomaly-based methodologies is that the former is not required to learn the environment to protect the network.
The stateful protocol analysis-based methodology also functions on the basis of comparing an existing security profile to the internal and external network activity. Each of the profiles functions in accordance with protocols that define the behavior that may be required against the detected behavior (Mighan & Kahani, 2021). The only party that is responsible for developing and deploying profiles for the stateful protocol analysis-based methodology are the vendors. The key benefit of this methodology is that it possesses a deeper understanding of the system than the signature-based alternative, which makes it more result-oriented.
The hybrid-based methodology can be established by combining two or more methodologies discussed above. This is the most advantageous means of addressing network security because it unites the most evident strengths of those and overpowers the weaknesses by mutually excluding them (Velliangiri & Karthikeyan, 2020). In other words, hybrid systems establish communication among different elements of the network and instantly respond to any changes occurring within the system. The hybrid-based methodology is the best for the most up-to-date networks because it nurtures constant learning and persistent analysis.
Future Research Challenges
The biggest research challenge that will have to be addressed by scholars is the inherent accuracy of the IDPS tools. In the case of using a signature-based IDPS, end-users might have rather high chances of achieving accurate verdicts and predictions regarding potential threats (Li et al., 2019). Nevertheless, it may be expected that the anomaly-based method is going to gain more traction in the future and motivate more network security specialists to appeal to methodologies that go beyond mere identification of threats. In accordance with Modi and Acha (2017), the overall accuracy rate of hybrid-based IDPSs should be replicated in order to increase the inherent level of protection available to the respective network security staff.
Another question that yet has to be answered by researchers is how the scalability rate could be improved with the help of IDPSs. The challenges of deploying a preventive system and maintaining it cannot be compared to the need to increase the effectiveness ratio of the methodology and then deploy it to protect the whole network environment (Birkinshaw et al., 2019). Signature-based IDPSs could be one of the easiest to scale, so researchers should gain more insight into their setups in order to adopt similar techniques for other systems as well. Aljawarneh et al. (2018) state that anomaly-based and hybrid-based methodologies are hardly scalable due to the limitations inherent in the need to build a baseline profile and rely on all the underlying variables.
The presence of false positives is another challenge that cannot go unnoticed in the case of IDPSs. The inability to differentiate between viable threats and their harmless counterparts creates numerous issues for network security specialists because they cannot contribute to an actual classification of possible cyberattacks (Umer et al., 2017). Signature-based methodologies have to be studied further since they produce the least false positives. Also, Aljawarneh et al. (2018) noted that the combination of the hybrid-based and anomaly-based methodologies has to be studied further in order to reduce the number of potential false positives.
The same may also be stated about false negatives because networks that are incapable of perceiving threats as threats may be expected to experience security breaches from time to time. Accordingly, it may be necessary to address the high occurrence of false negatives within the framework of anomaly-based methods since other IDPSs are not as prone to incorrect decision-making (Sicato et al., 2020). Another reason why the anomaly-based method is so important in the discussion on the topic of false negatives is the inherent impact on hybrid-based tools. It is highlighted by Velliangiri & Karthikeyan (2020) that the anomaly-based method brings inconsistency and has to be researched in order to develop network security systems where the number of similar errors is minimal.
Conclusion
The evidence presented within the framework of the current paper showed that the IDPS techniques serve as the foundation for proper cybersecurity because they include vital protocols and response scenarios. Irrespective of which one of the four may be considered the most effective against hacker activities, the idea should be to combine these tools effectively to protect the network from malicious external activities. In the future, the list of evaluation criteria will have to be expanded in order to make the process of comparison even easier.
References
Aljawarneh, S., Aldwairi, M., & Yassein, M. B. (2018). Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computational Science, 25, 152-160. Web.
Baykara, M., & Das, R. (2018). A novel honeypot-based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications, 41, 103-116. Web.
Birkinshaw, C., Rouka, E., & Vassilakis, V. G. (2019). Implementing an intrusion detection and prevention system using software-defined networking: Defending against port-scanning and denial-of-service attacks. Journal of Network and Computer Applications, 136, 71-85. Web.
Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity, 2(1), 1-22. Web.
Li, W., Tug, S., Meng, W., & Wang, Y. (2019). Designing collaborative blockchained signature-based intrusion detection in IoT environments. Future Generation Computer Systems, 96, 481-489. Web.
Mighan, S. N., & Kahani, M. (2021). A novel scalable intrusion detection system based on deep learning. International Journal of Information Security, 20(3), 387-403. Web.
Modi, C. N., & Acha, K. (2017). Virtualization layer security challenges and intrusion detection/prevention systems in cloud computing: A comprehensive review. The Journal of Supercomputing, 73(3), 1192-1234. Web.
Sicato, J. C. S., Singh, S. K., Rathore, S., & Park, J. H. (2020). A comprehensive analyses of intrusion detection system for IoT environment. Journal of Information Processing Systems, 16(4), 975-990. Web.
Umer, M. F., Sher, M., & Bi, Y. (2017). Flow-based intrusion detection: Techniques and challenges. Computers & Security, 70, 238-254. Web.
Velliangiri, S., & Karthikeyan, P. (2020). Hybrid optimization scheme for intrusion detection using considerable feature selection. Neural Computing and Applications, 32(12), 7925-7939. Web.
Wang, L. (2017). Big Data in intrusion detection systems and intrusion prevention systems. Journal of Computer Networks, 4(1), 48-55. Web.