Comparing Intrusion Detection Systems in the Smart Home Environment
Abstract
Over the recent years, malware has been on the rise. Propelled by several factors,
Malware spread has not only grown exponentially but also, it has been damaging devices
ranging from office systems to home-based devices. In homesteads, the major affected devices
are the ones that are linked to smart home systems. This, in turn, tends to lead to increased
security polarization as well as home privacy breaches. In response to these threats, various
security systems have been developed in the past to help mitigate such problems. Among the
major ones include the Intrusion Detection system, and firewalls have been devised to work
against and reduce this problem. Focusing on the Intrusion Detection system, it works
monitoring the network traffic of a given system from which it analyses and focuses on alerting
any type of suspicious activities. In other words, detection and reporting of unusual activity is
a major function of the Intrusion Detection system. Much more, other IDS system has an ability
to deal with any suspicious activity head on. For example, when a suspicious IP address is
detected, an IDS might decide to filter it out of the system or block it. Much more, while it
might allow it, the system may decide to totally lock out any traffic from such an IP address.
Nonetheless, even with its useful feature, it strikes one that at times, various limitations do set
in. For instance, at times and IDS might detect a safe IP address as being wrong and hence,
causing a false alarm. In line with this, an IDS need to be fine-tuned to ensure that it can
differentiate between normal traffic and malicious traffic on a given network. For this reason,
Intrusion Prevention Systems have come out as a major way to ensure that they fix this
downside. Denoted as an IPS, Intrusion Prevention Systems do monitor network packets from
which they can seek to establish any malicious links. Much more, if an IDS detects that there
is a possible intrusion, it works to rejects packet which is potentially malicious. Of importance
to note, there are four types of intrusion detection systems. To be precise, there is the Signaturebased
intrusion detection system, HIDS-Host intrusion detection system, Anomaly-based
intrusion detection system and the NIDS-Network intrusion detection system. The Signaturebased
intrusion detection system monitors every packet on the network and compares it to the
known threats such as Snort, Security onion and Suricata, Bro IDS, etc. The HIDS runs on all
the devices in the network. It could find the malicious packets which may have originated from
inside the suspicious traffic. It is also able to find the traffic which may originate from the host
of the network. Here, a host which is affected by malware can spread such type of traffic over
a network. The Anomaly-based intrusion detection system is a system which monitoring
network traffic and comparing it to the normal traffic with respect to ports, bandwidth, and
protocols. On the network, the Network intrusion detection system is monitoring outbound
traffic and inbound traffic to and from all the devices. On the light of all these types and in
order to detect malware in a smart home environment, this proposal presents a framework with
three different IDS/IPS that can be used to prevent intrusion. Form the model, data will be
collected, and their results will be compared in order to find the best IDS/IPS. Furthermore,
Docker technology is used, so that implement all these instruction detection systems