Computers are under attack. Nation-states use cyber-attacks to gain an upper hand. Criminals use cyber-attacks to make a profit. Cybersecurity is essential for businesses and individuals to protect their data and computer systems. Detecting attacks is an important objective in cybersecurity, since it raises a red flag and enables rapid response.

Intrusion detection is one method to detect attacks against computer networks. Intrusion detection systems monitor information from networks or from individual computers to alert responders to cyber-attacks. Intrusion detection systems are generally divided into the categories of network-based and host-based, but network-based systems are most common.

As cyber-adversaries adapt their attacks, it is challenging to produce signatures to detect them.

Intrusion detection can also be categorized into signature-based and anomaly-based systems. Signature-based systems rely on a catalog of known patterns that represent attacks. Anomaly-based detection systems, on the other hand, look for patterns that are inconsistent with normal activity.

Traditional intrusion detection systems are signature-based and rely on people to create rules, generally based on attacks that they have experienced. As cyber-adversaries adapt their attacks, it is challenging to produce signatures to detect them. These systems will rarely find a novel attack, since they are built upon predefined rules.

#intrusion-detection #imbalanced-data #cybersecurity #machine-learning