Article Preview
Top1. Introduction
Total internet traffic growth exponentially increased in the last five years (Cisco, 2019). Internet traffic increases in terms of using web-based applications over the past period. An application like e-commerce, social networking, and e-banking has become the most used platform for transmitting data over the internet. While using applications deal with sensitive information and procedure. They are an easy, profitable, and possible target for the attacker, take confidential data and perform illegal activities. Nowadays, web application security is one of the relevant information security problems because of continuous web attacks. According to the Internet Security Threat Report (ISTR), 2017 reported over 76% of the scanned website has been observed vulnerable. Survey reviews said that 60% of hackers attack a specific web application or use them as an attack (Agarwal et al.,2018).
A cyber-attack performed on 12 May 2017 majorly impacted the UK's National Health Service (NHS) and other hospitals in England. Many computers infect from a ransomware attack, a by-product of the Wanna Cry attack. In this attack, get installed a backdoor tool to deliver and run a ransomware package (Kamarudin et al.,2017).
Traditional strategies like data encryption, firewalls, and user authentication use to protect computer security. In Client, when a password leaks, client authentication cannot save you unauthorized access. Firewalls cannot save from masses of the various malicious activity of an attacker or intruder. In the case of a firewall, header content inspects. Intrusion Detection Systems (IDSs) utilize the unique systematic method to identify attacks, recognize the sources, and display alerts to the network manager (Lin W C et al.,2015; Tsang & Kwong,2006).
An IDS identifies activities like monitoring network traffic, collecting network packets, analyzing incidents, any policy break, and uncommon use. This event can occur because of many reasons, from malware to illegal access attacks. The primary goal of IDS is to assure the security of a network or computer system with confidentiality, integrity, and availability (CIA). The IDS works as the second layer of defense because some of the attacks/intrusion did not identify at the firewall, which works as the network's first layer. This task is not easy to identify, and IDS does not identify intrusion at all. They only find signs of intrusion, either while they are in progress or after the fact IDS can be characterized into Network-based Intrusion Detection System (NIDS) and Host-based Intrusion Detection System (HIDS) (Bul'ajoul et al.,2015; Hindy et al.,2018; Fernandes et al.,2019).
A Network-based IDS install to identify intrusion for the network in network connections and defend a network node. They have put a sensor at many network points for analysis of traffic. Each sensor work locally examination and a report action to the local administration. A network-based IDS is collecting and studying all packets broadcast with IP addresses and ports. A Host-based IDS is set to keep running on an explicit host (One PCs). The main object of that to watch the event on the host and observe native suspicious activities (Bul'ajoul et al.,2015; Fernandes et al.,2019).
Intrusion detection has two main types of misuse detection and anomaly detection. It will check the unidentified pattern with the identified pattern and recognize whether it is an attack or regular. Misuse detection can provide higher accuracy due to its predefined attack in its database (like anti-virus), but it will not give good accuracy when a new attack occurs. Anomaly detection uses a statistical method to examine the package. It will low accuracy and high false rate alarm as it identifies an unusual attack also (Baig et al.,2013).