International Journal of Innovative Technology and Exploring Engineering (IJITEE) ISSN: 2278-3075, Volume-8 Issue-10, August 2019 3705 Published By: Blue Eyes Intelligence Engineering & Sciences Publication Retrieval Number J96690881019/2019©BEIESP DOI: 10.35940/ijitee.J9669.0881019 Abstract: Intrusion Detection Systems (IDSs) have been crucial in defending intrusive attacks (both active and passive) in various application scenarios in recent trends. Over the years, many research activities have been carried out on intrusion detection systems. The IDSs have been evolved over times with various detection methodologies, approaches, and technology types. The IDSs after several evaluations and different approaches still face a major challenge-performance improvement. This improvement can be quantified in two broad ways- the detection rate and the rate of false positives. The improved performance involves the efficiency and accuracy of detection. The efficiency can be attributed to performance in case of a very high amount of attacks and the accuracy can be attributed to a significantly low amount of false positives. In the same context, we have found that the IoT networks which are in high demand in recent trends also suffer from such types of attacks in operational environments due to limited storage and processing capabilities. In order to protect the IoT application, the scenario necessitates the need of IDS that is lightweight in implementation and provides a significantly higher amount of accuracy which is at par with the IDSs implemented in conventional networks. In this work, we have proposed an improved technique for performance improvement of IDSs in IoT domain. Keywords: IDS, detection rate, false positives, IoT, performance improvement I. INTRODUCTION The growth of computing facilities has yielded a multitude of benefits to the field of computing. In earlier days, the security of computing systems was not perceived as a potential threat. The growth in the field has also given rise to threats in manifolds. Over the last few decades, attackers have been of illicit intentions to gain access to various computing networks. This kind of illegitimate access to a network can be attributed to intrusion into a network. Intrusion detections have been of critical importance as intrusions are likely to hamper the efficiency and availability along with possible instances of data theft. Till date researchers have come up with various solutions to prevent the threat of intrusion detection. The systems have been designed with various detection methodologies, detection approaches, and various technologies. Revised Manuscript Received on August 05, 2019. Debi Prasad Mishra*, Department of Information Technology, College of Engineering and Technology, Bhubaneswar, India. Email: dp.mishra.07@gmail.com Satyasundara Mahapatra, Department of Computer Science and Engineering, Pranveer Singh Institue of Technology, Kanpur, India. Email: satyasundara123@gmail.com Sateesh Kumar Pradhan, Post Graduate Department of Computer Science, Utkal University, Bhubaneswar, India. Email: sateesh1960@gmail.com Signature-based detection systems are simplest and proven to be effective while detecting known attacks and also provides the facility for detailed contextual analysis. Anomaly-based systems have been found to be effective in scenarios where the threat are not previously present in the system [4]. These systems require very less operating system resources and they possess the ability to detect abuse of privilege usages. The stateful protocol analysis systems are helpful in tracing the different states of protocols that are being used in the network. They can distinguish unexpected sequences of commands. The signature-based systems cannot detect unknown attacks. The anomaly bases systems are unavailable during the rebuilding of behavior profiles. The stateful protocol analysis systems are resource consuming and might be incompatible to dedicated operating systems and access points. However, in all such detection methodologies, the false positive rate plays a crucial role to define the accuracy of an Intrusion detection system. Along with the rate of false positives, the rate of detection of attacks needs significant improvement so as to provide timely protection against malicious attacks. II. METHODOLOGIES OF INTRUSION DETECTION The various methodologies for intrusion detection can be categorized into three major categories: Signature-based Detection (SD), Anomaly-based Detection (AD) and Stateful Protocol Analysis (SPA) [1-3] [5]. A. Signature-based detection methodology A signature in the IDS terminology is perceived as a pattern or some strings which are related to some previously known threats. SD is the process of comparison of patterns against previously captured security events to recognize possible intrusions. Due to the usage of previously-stored knowledge to analyze attacks, SD is also known as Knowledge-based Detection. B. Anomaly-based detection methodology Anomalies are typically a deviation to a known behavior and behavioral pattern derived from various regular activities on a network over a certain period of time. The various activities can include user activities within a network, network connection, and disconnection requests, etc. The generated behavioral profiles of the user data can be either static or dynamic. Each of the profile may correspond to different activities, e.g., unsuccessful attempts to log in, the usage of processors, e-mails count, etc. Thereafter, regular profiles are compared with experimental events to segregate significant attacks. In some contexts, this Performance Improvement of Intrusion Detection Systems Debi Prasad Mishra, Satyasundara Mahapatra, Sateesh Kumar Pradhan