Efficacy of Attack detection capability of IDPS based on it's deployment in wired and wireless environment

TL;DR

This paper examines how the deployment location of IDPS affects its effectiveness in detecting and preventing attacks, highlighting that host-level deployment offers superior performance with fewer false positives.

Contribution

The study categorizes IDPS deployment types and demonstrates that host-level deployment improves detection accuracy and reduces false positives compared to other deployment strategies.

Findings

Host-level deployment reduces false positives.

Host-based IDPS improves detection accuracy.

Deployment location significantly impacts IDPS performance.

Abstract

Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks. In this paper, we present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks. We categorize IDPS based on deployment as Network-based, host-based, and Perimeter-based and Hybrid. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level to give better performance in terms of reduced rate of false positives and accurate detection and prevention.