Abstract: Intrusion detection and prevention systems (IDPS) are an essential tool in protecting modern networks against cyber threats. They monitor network traffic and detect malicious activity, such as malware infections, unauthorized access, and network intrusions. When an IDPS detects such activity, it can take a variety of actions to prevent or mitigate the threat. IDPS systems can be configured to operate at various points within a network, including at the perimeter, at key servers, or on individual devices, allowing for a multi-layered approach to security. There are several types of IDPS technologies available, including signature-based systems and anomalybased systems, which use machine learning to identify deviations from normal network behavior. IDPS systems are an important part of a comprehensive network security strategy, but they are not foolproof and must be carefully configured and maintained to ensure optimal performance. It is also important to use IDPS in conjunction with other security measures, such as firewalls and user training.
Keywords: SOC (Security Operation Center), IDPS (Intrusion Detection and Prevention System), IDS (Intrusion Detection System), NIC (Network Interface Controller), G-IDS (Generative adversarial network – IDS), CPS (cyber-physical system)
|
DOI:
10.17148/IJARCCE.2023.12212
