Survey on Updating IDSs’ Signatures Databases

With the rapid development and growth of the internet and networking, greater numbers of attacks are arising that threaten networks and information security alike. Thus, different types of intrusion detection systems (IDSs) have been introduced: either signature-based IDSs, anomaly-based IDSs, or a hybrid of both. Many IDSs that have adopted the signature-based method suffer from many challenges, one of these challenges is how to detect a new attack in the incoming traffic that its signature doesn’t stored in the known signatures database, while at the same time keeping the rate of false-positive alarms low. Many IDSs update their signatures databases from time to time through the internet or by relying on the network administrator to manually update the database with new attack signatures. Manual updating is a labour-intensive process, can be prone to errors, and is not always practical. This is a survey paper on the various studies regarding the updating process for known IDSs’ signatures databases over time.