Pre-lab

Learning Objectives:

After completing this module, students will be able to:

Describe Intrusion Detection Systems (IDS)
Describe the impact of Generative AI in IDS
Identify the machine-learning algorithms that demonstrate IDS
Use Google Colab to implement code segments to demonstrate the benefits of IDS
Apply IDS to solve different problems than neural network

What are Intrusion Detection Systems?

An Intrusion Detection System (IDS) is a type of security mechanism for network traffic. It detects harmful activities that may be "malicious or are policy violations [such as] unauthorized access, potential threats, and abnormal activities" (GeeksforGeeks, 2024). It is commonly known to be interrelated with the Anomaly Detection algorithms to create synthetic data. The usual steps of an IDS are as follows:

An IDS regularly monitors network traffic on a computer
It analyzes the data flowing in and out of the network to look for patterns of suspicious behavior
- These patterns can be based on pre-defined rules
If the IDS detects something out of the ordinary, it will send an alert to the system administrator and appropriate actions would commence

How does AI affect IDS?

Generative AI can be an optimal solution for both generating realistic network traffic as well as anomaly detection. It is a powerful tool for advancing the capabilities of IDS, allowing systems to handle more complex attacks and improve detection accuracy.

What are the algorithms that implement IDS?

Recall in the Getting Started module, the basic example of a neural network was demonstrated in Google Colab. For this system to implement IDS for network traffic, there are some algorithms that may work.

There are two traditionally known network algorithms, Signature-based IDS and Anomaly-based IDS.

Signature-based IDS:

Signature-based IDS "operates by using a pre-programmed list of known threats and their indicators of compromise" to detect suspicious packets (N-able, 2024). It usually relies on a fixed database of known attack signatures. Figure 1 displays this concept as a diagram.

Figure 1: Signature-based intrusion detection system (ResearchGate)

For the generative AI component to enhance this limited algorithm, new attack signatures may be simulated in real-time. When the system encounters novel attacks, generative models can help in automatically generating rules without the manual intervention. They will monitor live network traffic, and upon detecting patterns resembling malicious behavior, create new signatures and update the database. This would reduce the reliance on the current manual process.

Anomaly-based IDS:
On the other hand, anomaly-based IDS involves alerting a user when an unknown problem is encountered. Unlike the signature-based IDS, "instead of searching for known threats [in a database], [anomaly-based IDS] utilizes machine learning to train the detection system to recognize a normalized baseline" (N-able, 2024). This means that the system would be looking out for "out-of-the ordinary" behaviors to trigger alarms.

When involving generative AI in this algorithm, it may detect novel attacks by identifying deviations from the learned normal patterns. It can also learn more complex baseline patterns for better anomaly detection.

Notice that this topic is closely, if not, the same as the information provided in the Anomaly Detection Module. The only difference lies in its application. Anomaly detection is a general technique used to find unusual patterns in data, while anomaly-based IDS is a specialized use of this technique for detecting network intrusions and attacks. Please refer to the first module for further implementation approaches in this subject.

Key Terms:

AI (Artificial Intelligence): The simulation of human intelligence processes by machines, particularly computer systems, including learning, reasoning, and self-correction.
Anomaly-based IDS: This IDS detects attacks by learning what "normal" behavior looks like on the network and flagging anything that deviates from this normal behavior as suspicious. It is the same as anomaly detection.
Generative AI: A type of artificial intelligence that can generate new data that mimics the data it was trained on, often used in applications like content creation, data synthesis, and simulation.
IDS (Intrusion Detection System): A security system that monitors network traffic for suspicious activity and issues alerts when such activity is detected.
Signature-based IDS: This IDS detects attacks by comparing network traffic to a database of known attack patterns or "signatures."

References:

GeeksforGeeks. "Intrusion detection system (IDS)." (June 18, 2024). https://www.geeksforgeeks.org/intrusion-detection-system-ids/
"Intrusion detection system (IDS): Signature vs. anomaly based." N-able. (March 4, 2024). https://www.n-able.com/blog/intrusion-detection-system
"A hybrid machine learning model for intrusion detection in VANET - Scientific Figure on ResearchGate." Available from: https://www.researchgate.net/figure/Signature-based-intrusion-detection-system_fig3_354083895

Page updated

Google Sites

Report abuse