Article Preview
TopIntroduction
These adoption levels and the high e-commerce transactions happening via networks has also resulted in the increase in large number of cybercrimes in this domain. The monetary losses due to cybercrime are shown in Figure 1. It could be observed that the amount lost worldwide due to cybercrime is 1,418 million dollars. Cybercrime rates of countries are shown in Figure 2. It could be observed that USA, China, Germany occupies the top 3 slots followed closely. India ranks 11th exhibiting about 3% of the overall global crime rates. This shows the increasing necessity for intrusion detection models to provide improved security to online users. This mandates the use of better intrusion detection systems and exhibits the lack of efficiency in the existing intrusion detection systems.
Intrusion detection systems are required to handle data that are inconsistent and varying. Concept drift is a one major issue that affects the domain of network intrusion detection to a large extent. Data in a domain is considered to be affected by concept drift if the distribution of the domain data varies with time. Models trained using static data tend to get affected by concept drift to a large extent. Such models become obsolete after a period of time, as most of the trained signatures become invalid after a considerable period. Hence IDS systems that are being developed should be enabled with a continuous training mechanism that operates to update the intrusion and normal signatures keeping the system up-to-date.
IDS models have several applications and requirements in the industry scenarios. A major application is the process of intrusion detection in personal systems, or in other words distributed scenarios. Current operating systems have intrusion detection mechanisms inbuilt into their architecture. However, the handling capabilities of these systems are still in question. Hence most users tend to use commercial intrusion detection models for added security. Further, IDS for clustered environments that can be used in servers are also in demand. Several commercial IDS are available, which includes Bro intrusion detection system by Vern Paxson from Lawrence Berkeley National Labs and the International Computer Science Institute, Prelude intrusion detection system for Linux, distributed under GNU, Snort intrusion detection system, Network Protocol Analyzer, Multi Router Traffic Grapher (MRTG), etc. IDS models have several applications and requirements in the industry scenarios. A major application is the process of intrusion detection in personal systems, or in other words distributed scenarios. Current operating systems have intrusion detection mechanisms inbuilt into their architecture. However, the handling capabilities of these systems are still in question. Hence most users tend to use commercial intrusion detection models for added security. Further, IDS for clustered environments that can be used in servers are also in demand. Several commercial IDS are available, which includes Bro intrusion detection system by Vern Paxson from Lawrence Berkeley National Labs and the International Computer Science Institute, Prelude intrusion detection system for Linux, distributed under GNU, Snort intrusion detection system, Network Protocol Analyzer, Multi Router Traffic Grapher (MRTG), etc.
Intrusion detection is the process of analysing the network packets to identify if the packet is legitimate or anomalous. The major challenges involved in this domain includes the huge volume of data for training and the fast and streaming data that is to be provided for the prediction process. Further, the intrinsic data imbalance contained in the domain presents more challenges to the intrusion detection model. This work presents three major contributions for effective intrusion detection in the network domain.
Figure 1. Monetary damage due to cybercrime
Figure 2. Country wise cybercrime percentages