Hybrid IDS Using Signature-Based and Anomaly-Based Detection

TL;DR

This paper reviews hybrid intrusion detection systems that combine signature-based and anomaly-based methods to improve cyberattack detection, discussing recent research, classifications, advantages, limitations, and future directions.

Contribution

It provides a comprehensive survey and conceptual overview of hybrid IDS, classifies existing models, and discusses recent trends and future research directions.

Findings

Hybrid IDS improve detection capabilities over individual methods.

Recent trends include machine learning and cloud deployment.

Hybrid IDS face challenges like false positives and cost.

Abstract

Intrusion detection systems (IDS) are essential for protecting computer systems and networks against a wide range of cyber threats that continue to evolve over time. IDS are commonly categorized into two main types, each with its own strengths and limitations, such as difficulty in detecting previously unseen attacks and the tendency to generate high false positive rates. This paper presents a comprehensive survey and a conceptual overview of Hybrid IDS, which integrate signature-based and anomaly-based detection techniques to enhance attack detection capabilities. The survey examines recent research on Hybrid IDS, classifies existing models into functional categories, and discusses their advantages, limitations, and application domains, including financial systems, air traffic control, and social networks. In addition, recent trends in Hybrid IDS research, such as machine learning-based approaches and cloud-based deployments, are reviewed. Finally, this work outlines potential future research directions aimed at developing more cost-effective Hybrid IDS solutions with improved ability to detect emerging and sophisticated cyberattacks.