Nowadays, due to the extended use of Internet of Things (IoT) concept, there are huge numers of networked physical devces whict not onlu cosist of computers but also vehichles, digital services sensors, etc. Due to this huge size of the network and incontrolled/anonymous structure of the Internet, preserving both information and communication of the company has emerged as a challenging issue for researchers. Although, most of the systems use the firewalls for this prevention, Intrusion detection systems (IDSs), which are accepted as the second line of defense, plau a crucial role to increase the security level of the system. Attackers are continously trying to find new ways to bypass the prevention mechanism of the systems. Therefore, IDSs become an inevitable component of security systems.
The evolution of intrusion detection systems is motivated by some important fact as:
- New networked systems are so complex and therefore they are very prone to errors and these errors can be exploited by the intruders/hackers.
- Current network systems have some critical security deficiencied which put them s a target for the attackers. Although there are some additional tools and works, which are trying to find and fix these deficiencies, closing all of them is not possible mostly.
- Although there exist some intrusion prevention systems, absolute prevention cannot be possible. As a result, IDS emerged as an execellent mechanism to catch and identify the intrusions. After this step, a prevention mechanism can be automatically updated.
- Most of the prevention mechanism preserve the system from the outsider attackers. However, lots of the attacks are carried out by the authorized users in the company, who are hard to detect. This type of attacks can be more harmful.
- New attack types are developed to cross these prevention and detection mechanism. Therefore, security solutions should be upgraded by using some learning of update mechanism in a dynamic structure.
Intrusion is cyber attack incidents are increasing with the increasing use of internet. Cyber attack is the virtual life of the bullying in normal life. In this attack person encounters such situations as harrasment, threats and blackmail. The attack may be in the form of the capture of the persons passwords or psychological pressure.
Intrusion detection system are very important software or hardware security tools to remove threats that would otherwise occur when carrying information, to prevent unauthorized access or abuse, and to report attacks to those responsible for security. Intrusion detection is to monitor network traffic and computer system activity information, and analyze the data to find out whether there are malicious attacks by hackers or damage the behaviour of computers and network resources. An unstable system with many loopholes is the main victims of these intrusions which attemps to access or manipulate information and make the system non usable or unreliable. Denial of Service (DoS) make the machine unavailable for the user, worms and viruses over the network exploits information of users and take advantage of privileged access of host systems vulnerabilities. The intrusion detection system IDS is a combination of hardware and software that can implement intrusion detection. An intrusion detection system basically protects and make them ready to handle attacks. Attack detection was first introduced in Computer security threat monitoring and surveillance, survey published in 1980.
Intrusion detection systems are classified according to several different criteria. IDSs can be classified; the architectural structure, the type of system it protects, and the processing time of the data. According to their location there are two types of intrusion detection systems, Host-based and Network-Based. Also IDSs can be classified according to their techniques; Signature-Based and Anomaly Based.
- Host-Based IDS; server tries to detect attacks by listening to the traffic, registration files, and transactions.
- Network-Based IDS; listening to all the traffic directed to the network, recording the content of each data packet passing through the network, cutting off attacks when necessary and creating reports.
- Signature-Based IDS; is used to detect known attack types.
- Anomaly-Based IDS; is used to detect unseen attacks.
Deep learning is an improved machine learning technique for feature extration, perception and learning of machines.an deep learning based method for the detection of distributed attack in fog-to-thing computing is proposed in. This work illustrates the drawback of cloud computing got IoT network as it is centralized processing which is not appropiate for large IoT neetwork as it require the processing for cybersecurity at the edge of the network. Deep learning has been proven in the field of big data areas, so for IoT networka fog-to-node method is appropiate for the massive IoT network generating huge data. Deep learning algorithm performs their operations using multiple consecutive layers. The layers are interlinked and each layer receives the output of the previous layer as input. It is great advantage to use efficient algorithms for extracting hierrarchial features that best represent data rather than manual features in deep learning methods. There are many application areas for Deep Learning, which covers such as Image Processing, Natural Language Processing, biomedical, Customer Relationship Management automation, Vehicle autonomous systems and others.
Experts in machine learning and deep learning have not yet reached consensus on these concepts. In this context, almost everyday new ideas are being dicussed. Machine learning is an older concept than Deep Learning. Deep learning can also be called a technique that performs machine learning. The differences are listed below;
- I deep learning, too much data is needed ti bring the algorithm structure to the ideal. In machine learning, the problem can be solved with muchless data because the person gives specific features to the algorithm.
- Deep learning algorithms try to extract features form data. In machine learning, the features are determined by the expert.
- While Deep Learning algorithm worl on high performance machines, Machine learning algorithms can work on ordinary CPUs.
- In machine learning, the problemis usually divided into pieces, these parts are solved one by one and then the solutions are formed as a result of the solutions. In deep learning, the problem is solved end-to-end.
- It takes a long time to train deep learning algorithms.