From Packet-Based Towards Hybrid Packet-Based and Flow-Based Monitoring for Efficient Intrusion Detection: An Overview
Network-based Intrusion Detection Systems (NIDSs) aim at the detection of attacks by an inspection of network traffic. With the increase in network speed and number and types of attacks, existing NIDSs face challenges. This paper presents an overview of how the performance and detection accuracy of the payload-based, flow-based NIDSs are affected by the threats and attacks within the high-speed networks environment. A hybrid method of both flow-based and packet-based is also presented and discussed. The packet-based NIDSs process every packet received. Since it is very time consuming, it is hard to perform this approach at the speed of multiple Gigabits per second.