Intrusion Detection System in Networks Employing a Double-Layer Architecture Using Machine Learning Algorithms

Abstract

Monitoring both the activities of the system itself and the traffic on the network is the job of an intrusion detection system, which is more commonly referred to by its acronym, IDS. The IDS works by analyzing the network traffic or system logs, looking for patterns and signatures of known threats, or deviations from normal behavior that may indicate an attack. This may be done in response to the activity or traffic being deemed suspicious or destructive. IDS can take many different shapes, but regardless of its appearance, their primary purpose is to identify potentially harmful traffic in a number of different ways. There are primarily two types of intrusion detection systems: those that monitor networks and those that monitor individual computers. The anti - virus program and the firewall are two examples of defensive mechanisms used by the systems that detects intrusion. IDS plays a major role in providing protection to systems and computer networks out of various types of attacks, such as malware infections, hacking attempts, and unauthorized access. It alerts security administrators to potential threats, provide detailed information about the attack, and help to prevent or mitigate the damage caused by the attack. © 2023 IEEE.