Feature Selection Based on Cross-Correlation for the Intrusion Detection System
Table 1
Comparison of the performance of the previous methods.
Method
Advantage
Disadvantage
Anomaly-based
(1) Practicability against new attacks (2) Finds network power abuse
(1) Poor accuracy due to the continuous change of events under observation (2) Unavailability of rebuilding profiles (3) The severity of the timely announcement
Signature-based
(1) The easiest and best way to find known problems (2) Detailed analysis of information
(1) Against unspecified attacks, known attacks will change (2) Low understanding of the state and protocols (3) It is hard to keep up-to-date signatures and patterns (4) Time-consuming knowledge preservation
Specification-based
(1) Knowing and tracking the status of protocols (2) Detects the sequence of unexpected commands
(1) Needs to have a lot of resources to follow and test protocols (2) Unreliable attacks that are like as harmless protocols (3) Incompatibility with any operating system
