Article Preview
Top1. Introduction
In recent days, the advancement in the technology, especially with the popularity of internet, a huge demand has been arisen for different applications related to entertainment, electronic communication etc., which are the part of daily life. However, this massive advancement in the computer networks technology increased the vulnerability of cyber-attacks (Buczak & Guven, 2016). Hence the design of cyber-security has been attracted the researchers from both academic and industry. The first line of defense methods for different applications or organizations is several types. They are namely user authentication, data encryption, malware prevention and firewalls. All these methods can ensure a secure communication and prevents the organizations and enterprises from the victims of cyber-attacks (Al-Jarrah et al., 2015). To enter into an organization, attackers exploit the vulnerabilities much deliberately over the target system and launch various types of attacks those may lead to several problems like information leakage, system rupture etc. With the progress in time, these attacks threaten the availability, integrity and confidentiality of cyber systems. Hence there is a need of an effective Cyber-attacks detection mechanism to protect the systems from different kinds of security attacks.
Intrusion Detection System (IDS) (Inayat et al., 2016; Hubballi & Suryanarayanan, 2014; Khraisat et al., 2020) is one possible solution that can protect the network actively from illegal and external attacks. The main aim of IDS is to ensure the security for systems and to detect the abnormal events phenomena. Moreover, the IDS can also enhance the security and reliability of systems by analyzing and identifying the behavior of malicious activities those enter into the system. Frankly to say, IDs are the widely employed methods in several distributed systems (Wang et al., 2016), perceiving the intrusions and then taking fast countermeasures to prevent from further spreading and infections. According to the detection mechanism, the IDSs are categorizes into two categories such as the Anomaly and Misuse Detection (Joldzic et al., 2016). In cyber-security, the anomaly is defined as an event that has a deviated behavior from normal behavior. The anomaly based IDSs perform better in the detection of novel attack types, but they could not avoid the larger false positive rate (Villalba et al., 2015). On the other hand, the misuse based IDSs (Hubballi & Suryanarayanan, 2014) can detect the legitimate activities form malicious ones because they works based on the known patterns. In this kind of system, the patterns of legitimate activities are stored and if the new activity is found to have a deviated pattern from legitimate patterns, then it is identified as attack. Though this category is reliable for the detection of know attacks, it is not effective in the detection of unknown attacks.