A survey of intrusion detection and prevention systems

Ahmed Patel, Qais Qassim, Christopher Wills

    Research output: Contribution to journalArticle

    42 Citations (Scopus)

    Abstract

    Purpose: The problem of protecting information and data flows has existed from the very first day of information exchange. Various approaches have been devised to protect and transfer such information securely. However, as technology and communications advance and information management systems become more and more powerful and distributed, the problem has taken on new and more complex dimensions and has become a major challenge. The widespread use of wired and wireless communication networks, internet, web applications and computing has increased the gravity of the problem. Organizations are totally dependent on reliable, secure and fault-tolerant systems, communications, applications and information bases. Unfortunately, serious security and privacy breaches still occur every day, creating an absolute necessity to provide secure and safe information security systems through the use of firewalls, intrusion detection and prevention systems (ID/PSs), encryption, authentication and other hardware and software solutions. This paper aims to address these issues. Design/methodology/approach: This survey presents an up-to-date comprehensive state of the art overview of ID/PSs based on risk analysis, a description of what ID/PSs are, the functions they serve, its two primary types and different methods of ID that may employ. Findings: As security incidents are increasing and are more aggressive, ID/PSs have also become increasingly necessary, they compliment the arsenal of security measures, working in conjunction with other information security tools such as malware filters and firewalls. Because of a growing number of intrusion events and also because the internet and local networks together with user applications have become so ubiquitous, the need arises to use sophisticated advanced techniques from autonomic computing, machine learning, artificial intelligence and data mining to make intelligent/smart ID/PSs. Originality/value: This paper perceives the requirements of developing a new detection mechanism to detect known and unknown threats, based on intelligent techniques such as machine learning and autonomic computing.

    Original languageEnglish
    Pages (from-to)277-290
    Number of pages14
    JournalInformation Management and Computer Security
    Volume18
    Issue number4
    DOIs
    Publication statusPublished - 2010

    Fingerprint

    Intrusion detection
    Security of data
    Learning systems
    Internet
    Arsenals
    Computer system firewalls
    Communication
    Risk analysis
    Security systems
    Information management
    Authentication
    Computer hardware
    Telecommunication networks
    Cryptography
    Artificial intelligence
    Data mining
    Gravitation
    information exchange
    artificial intelligence
    information management

    Keywords

    • Data security
    • Information management
    • Risk management

    ASJC Scopus subject areas

    • Business and International Management
    • Management Information Systems
    • Management Science and Operations Research
    • Library and Information Sciences

    Cite this

    A survey of intrusion detection and prevention systems. / Patel, Ahmed; Qassim, Qais; Wills, Christopher.

    In: Information Management and Computer Security, Vol. 18, No. 4, 2010, p. 277-290.

    Research output: Contribution to journalArticle

    Patel, Ahmed ; Qassim, Qais ; Wills, Christopher. / A survey of intrusion detection and prevention systems. In: Information Management and Computer Security. 2010 ; Vol. 18, No. 4. pp. 277-290.
    @article{bf5fe6af3abb47d99a518a2269b490a6,
    title = "A survey of intrusion detection and prevention systems",
    abstract = "Purpose: The problem of protecting information and data flows has existed from the very first day of information exchange. Various approaches have been devised to protect and transfer such information securely. However, as technology and communications advance and information management systems become more and more powerful and distributed, the problem has taken on new and more complex dimensions and has become a major challenge. The widespread use of wired and wireless communication networks, internet, web applications and computing has increased the gravity of the problem. Organizations are totally dependent on reliable, secure and fault-tolerant systems, communications, applications and information bases. Unfortunately, serious security and privacy breaches still occur every day, creating an absolute necessity to provide secure and safe information security systems through the use of firewalls, intrusion detection and prevention systems (ID/PSs), encryption, authentication and other hardware and software solutions. This paper aims to address these issues. Design/methodology/approach: This survey presents an up-to-date comprehensive state of the art overview of ID/PSs based on risk analysis, a description of what ID/PSs are, the functions they serve, its two primary types and different methods of ID that may employ. Findings: As security incidents are increasing and are more aggressive, ID/PSs have also become increasingly necessary, they compliment the arsenal of security measures, working in conjunction with other information security tools such as malware filters and firewalls. Because of a growing number of intrusion events and also because the internet and local networks together with user applications have become so ubiquitous, the need arises to use sophisticated advanced techniques from autonomic computing, machine learning, artificial intelligence and data mining to make intelligent/smart ID/PSs. Originality/value: This paper perceives the requirements of developing a new detection mechanism to detect known and unknown threats, based on intelligent techniques such as machine learning and autonomic computing.",
    keywords = "Data security, Information management, Risk management",
    author = "Ahmed Patel and Qais Qassim and Christopher Wills",
    year = "2010",
    doi = "10.1108/09685221011079199",
    language = "English",
    volume = "18",
    pages = "277--290",
    journal = "Information and Computer Security",
    issn = "2056-4961",
    publisher = "Emerald Group Publishing Ltd.",
    number = "4",

    }

    TY - JOUR

    T1 - A survey of intrusion detection and prevention systems

    AU - Patel, Ahmed

    AU - Qassim, Qais

    AU - Wills, Christopher

    PY - 2010

    Y1 - 2010

    N2 - Purpose: The problem of protecting information and data flows has existed from the very first day of information exchange. Various approaches have been devised to protect and transfer such information securely. However, as technology and communications advance and information management systems become more and more powerful and distributed, the problem has taken on new and more complex dimensions and has become a major challenge. The widespread use of wired and wireless communication networks, internet, web applications and computing has increased the gravity of the problem. Organizations are totally dependent on reliable, secure and fault-tolerant systems, communications, applications and information bases. Unfortunately, serious security and privacy breaches still occur every day, creating an absolute necessity to provide secure and safe information security systems through the use of firewalls, intrusion detection and prevention systems (ID/PSs), encryption, authentication and other hardware and software solutions. This paper aims to address these issues. Design/methodology/approach: This survey presents an up-to-date comprehensive state of the art overview of ID/PSs based on risk analysis, a description of what ID/PSs are, the functions they serve, its two primary types and different methods of ID that may employ. Findings: As security incidents are increasing and are more aggressive, ID/PSs have also become increasingly necessary, they compliment the arsenal of security measures, working in conjunction with other information security tools such as malware filters and firewalls. Because of a growing number of intrusion events and also because the internet and local networks together with user applications have become so ubiquitous, the need arises to use sophisticated advanced techniques from autonomic computing, machine learning, artificial intelligence and data mining to make intelligent/smart ID/PSs. Originality/value: This paper perceives the requirements of developing a new detection mechanism to detect known and unknown threats, based on intelligent techniques such as machine learning and autonomic computing.

    AB - Purpose: The problem of protecting information and data flows has existed from the very first day of information exchange. Various approaches have been devised to protect and transfer such information securely. However, as technology and communications advance and information management systems become more and more powerful and distributed, the problem has taken on new and more complex dimensions and has become a major challenge. The widespread use of wired and wireless communication networks, internet, web applications and computing has increased the gravity of the problem. Organizations are totally dependent on reliable, secure and fault-tolerant systems, communications, applications and information bases. Unfortunately, serious security and privacy breaches still occur every day, creating an absolute necessity to provide secure and safe information security systems through the use of firewalls, intrusion detection and prevention systems (ID/PSs), encryption, authentication and other hardware and software solutions. This paper aims to address these issues. Design/methodology/approach: This survey presents an up-to-date comprehensive state of the art overview of ID/PSs based on risk analysis, a description of what ID/PSs are, the functions they serve, its two primary types and different methods of ID that may employ. Findings: As security incidents are increasing and are more aggressive, ID/PSs have also become increasingly necessary, they compliment the arsenal of security measures, working in conjunction with other information security tools such as malware filters and firewalls. Because of a growing number of intrusion events and also because the internet and local networks together with user applications have become so ubiquitous, the need arises to use sophisticated advanced techniques from autonomic computing, machine learning, artificial intelligence and data mining to make intelligent/smart ID/PSs. Originality/value: This paper perceives the requirements of developing a new detection mechanism to detect known and unknown threats, based on intelligent techniques such as machine learning and autonomic computing.

    KW - Data security

    KW - Information management

    KW - Risk management

    UR - http://www.scopus.com/inward/record.url?scp=78049513508&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=78049513508&partnerID=8YFLogxK

    U2 - 10.1108/09685221011079199

    DO - 10.1108/09685221011079199

    M3 - Article

    AN - SCOPUS:78049513508

    VL - 18

    SP - 277

    EP - 290

    JO - Information and Computer Security

    JF - Information and Computer Security

    SN - 2056-4961

    IS - 4

    ER -