Approaches in Anomaly-based Network Intrusion Detection Systems


Share/Save/Bookmark

Bolzoni, D. and Etalle, S. (2008) Approaches in Anomaly-based Network Intrusion Detection Systems. In: Intrusion Detection Systems. Advances in Information Security, 38 . Springer Verlag, London, pp. 1-15. ISBN 9780387772653

[img]PDF
Restricted to UT campus only

179Kb
Abstract:Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffic from anomalous activity. To support our thesis, we present a comparison between different anomaly-based NIDSs, focusing in particular on the data analyzed by the detection engine to discover possible malicious activities. Furthermore, we present a comparison of two payload and anomaly-based NIDSs: PAYL and POSEIDON.
Item Type:Book Section
Faculty:
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/62246
Official URL:http://www.springer.com/978-0-387-77265-3
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page

Metis ID: 250953