A Survey and Taxonomy of Lightweight Intrusion Detection Systems

 

Sang Min Lee^1*, Dong Seong Kim², and Jong Sou Park¹

 

¹Korea Aerospace University

Goyang, South Korea

{minuri33, jspark}@kau.ac.kr

 

²University of Canterbury

Christchurch, New Zealand

dongseong.kim@canterbury.ac.nz

 

 

Abstract

 

Internet and computer networks are exposed to an ever increasing number of security threats that can damage computer systems and communication channels. Firewalls are used to defend systems but still they are not enough to provide full protection to the systems. Then, the concern with Intrusion Detection Systems (IDSs) has been growing for network security over the past years. Due to the increasing of networks’ speed and the amount of network traffic, it is essential that IDSs need to be lightweight to cope with it. Therefore, two representative methodologies have been applied to make IDSs lightweight, feature selection and parameter optimization. In this paper, we introduce concepts and algorithms of them and survey existing approaches which have used them. In particular, we review the previous approaches according to three broad categories: spam, Denial-of-Service (DoS) and Distributed Denial-of-Servive (DDoS) attacks detection since they are the most threatening intrusions these days. Finally, we conclude the survey by identifying trends and open challenges of lightweight IDSs research and development. Our hope is that this paper sheds some light on a fruitful direction of future research for lightweight IDSs.

.

 

Keywords: Intrusion detection system, parameters optimization, feature selection

 

*Corresponding author: Computer Engineering Department, Korea Aerospace University,

200-1, Hwajeon-dong, Dukyang-gu, Goyang-city, Gyeonggi-do, South Korea

 

Journal of Internet Services and Information Security (JISIS), 2(1/2): 119-131, February 2012 [pdf]