ABSTRACT
Throughout the years, many different methods were introduced for computer protection. Antiviruses were developed, host and network based firewalls, content filtering software, sand-boxing software, behavior analysis software and Intrusion Detection System (IDS) were implemented. The aim is to maintain the confidentiality, availability and integrity of our most valuable asset which is information. From the many choices of security software, IDS is considered as one of the best security method to protect a computer or a computer network at large. It operates as a secondary defense layer prior to the conventional security technique such as authentication and access control. IDS is an application that resides in a device or a server that is used to sniff the traffic that passes a network infrastructure and log in any activity that is suspected or considered as malicious. This is done without any interference to the monitored environment. Although there have been efforts in enhancing the technology, but there are many issues related to the implementation of IDS technologies; technical and operational issues which are closely related. Issues and limitations of each detection approach were discussed in many previous researches and because of these weaknesses (Mohamed et al., 2012b), alert processing technique has to be given ample importance in dealing with the enhancement of IDS technology.
