Article Preview
Top1. Introduction
Because of the Covid-19 pandemic, individuals stayed at home and avoided physical gatherings, and social separation has become the new normal. The usage of new paradigms in corporate transactions, work-from-home culture, and online educational delivery has increased people's reliance on mobile and electronic devices. The use of communication networks and cloud-based processing systems have increased manifold. This change in the pandemic era promotes new threats and lures intruders to exploit vulnerabilities in the data communication network. Organizations usually use diversified protocols to encrypt their data and maintain confidentiality. Volume, heterogeneity of protocols, and encryption have posed several new challenges before the IDS system in detecting malicious activities (Resende & Drummond, 2018; Senthilkumar et al., 2021). An intruder attempts to gain unauthorized access to a system or network with malafide intentions and disrupt the normal execution (Butun et al., 2014; Liao et al., 2013; Low, 2005; Mitchell & Chen, 2014). Several times intruders aim to steal or corrupt sensitive data. In 2020, Emsisoft reported that local governments, universities, and private organizations had spent $144 million in response to the worst ransomware attack (Novinson, 2020). The WHO reported that cyber-attack increased five-fold during the Covid-19 pandemic (WHO, 2020). According to the McAfee quarterly threat report 2020, fraudsters are taking advantage of the pandemic by using Covid-19-themed malicious apps, phishing campaigns, and malware (McAfee, 2020). The report also highlights that in quarter one (Q1), new malware targeting mobile devices surged by 71%, with overall malware increasing by roughly 12% over the previous four quarters (McAfee, 2020).
IDS provides security solutions against malicious attacks or security breaches. It can be a software or hardware device that detects harmful activity to maintain system security (Babu et al., 2023; Liao et al., 2013). It identifies all forms of suspicious network traffic and malicious computer activity that a firewall might miss. Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS) are two popular categories of IDS that have widely been used to provide security solutions (Axelsson, 2000; Baskerville & Portougal, 2003; Hodo et al., 2017). The SIDS relies on previously known signatures and faces challenges in identifying an unknown and obfuscated malicious attack (Amouri et al., 2020; Atli, 2017; Khraisat et al., 2019; Lin et al., 2015; Low, 2005; Vinayakumar et al., 2019; Wu & Banzhaf, 2010). Therefore, SIDS cannot prevent every intruder based on previously learned indicators of compromises; however, they can detect and prevent similar attacks from happening in the future. As the number of cyber-attacks has increased exponentially and attackers are using evolved techniques to conceal attack patterns, it becomes almost infeasible to identify intruders using SIDS (Amouri et al., 2020; Khraisat et al., 2019; Vimala et al., 2019; Warsi & Dubey, 2019; Wu & Banzhaf, 2010).