Approaches in Anomaly-based Network Intrusion Detection Systems


Bolzoni, D. and Etalle, S. (2008) Approaches in Anomaly-based Network Intrusion Detection Systems. In: Intrusion Detection Systems. Advances in Information Security, 38 . Springer Verlag, London, pp. 1-15. ISBN 9780387772653

[img] PDF
Restricted to UT campus only

Abstract:Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffic from anomalous activity. To support our thesis, we present a comparison between different anomaly-based NIDSs, focusing in particular on the data analyzed by the detection engine to discover possible malicious activities. Furthermore, we present a comparison of two payload and anomaly-based NIDSs: PAYL and POSEIDON.
Item Type:Book Section
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:
Official URL:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page

Metis ID: 250953