Intrusion detection systems (IDS) are essential for protecting computer systems and networks against a wide range of cyber threats that continue to evolve over time. IDS are commonly categorized into two main types, each with its own strengths and limitations, such as difficulty in detecting previously unseen attacks and the tendency to generate high false positive rates. This paper presents a comprehensive survey and a conceptual overview of Hybrid IDS, which integrate signature-based and anomaly-based detection techniques to enhance attack detection capabilities. The survey examines recent research on Hybrid IDS, classifies existing models into functional categories, and discusses their advantages, limitations, and application domains, including financial systems, air traffic control, and social networks. In addition, recent trends in Hybrid IDS research, such as machine learning-based approaches and cloud-based deployments, are reviewed. Finally, this work outlines potential future research directions aimed at developing more cost-effective Hybrid IDS solutions with improved ability to detect emerging and sophisticated cyberattacks.
翻译:入侵检测系统(IDS)对于保护计算机系统和网络免受持续演变的各类网络威胁至关重要。IDS通常分为两大主要类型,每种类型各有其优势与局限,例如难以检测先前未知的攻击以及易产生高误报率。本文对混合入侵检测系统进行了全面综述与概念性概述,该系统通过整合基于签名和基于异常的检测技术以提升攻击检测能力。本综述考察了混合IDS的最新研究,将现有模型按功能分类,并讨论了其优势、局限及应用领域,包括金融系统、空中交通管制和社交网络。此外,文中还回顾了混合IDS研究的最新趋势,例如基于机器学习的方法和云部署方案。最后,本文展望了未来潜在的研究方向,旨在开发更具成本效益的混合IDS解决方案,以提升对新兴复杂网络攻击的检测能力。