Table 4.
The difference between intrusion detection systems (IDSs) and network security situational awareness (NSSA).
| IDSs | NSSA |
|---|---|
| Focus on the presence or occurrence of attacks (anomaly events) | Concerned with a network's overall security |
| Collect data on network core elements | Requires information collection of all network elements |
| Main function: detection of abnormal/misuse cases | Core function: prediction of the security situation |
| Can perform behaviour analysis, which is part of fusion analysis | Can perform fusion analysis and decision support |
| Alarm sounds after the attack occurs; thus, real-time network security is difficult to ensure | Detection and alarm occur before the attack to keep the network safe |
| Detection efficiency is high rate of false alarms and low rate of real-time responses | Detection of large data in real time based on flow data improves timeliness; data fusion on multiple levels produces overall perception |