Back to University of Twente portal
Approaches in Anomaly-based Network Intrusion Detection Systems
Bolzoni, D. and Etalle, S. (2008) Approaches in Anomaly-based Network Intrusion Detection Systems. In: Intrusion Detection Systems. Advances in Information Security, 38 . Springer Verlag, London, pp. 1-15. ISBN 9780387772653
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png) | PDF Restricted to UT campus only 179Kb |
| Abstract: | Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffic from anomalous activity. To support our thesis, we present a comparison between different anomaly-based NIDSs, focusing in particular on the data analyzed by the detection engine to discover possible malicious activities. Furthermore, we present a comparison of two payload and anomaly-based NIDSs: PAYL and POSEIDON. |
| Item Type: | Book Section |
| Faculty: | Electrical Engineering, Mathematics and Computer Science (EEMCS) |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/62246 |
| Official URL: | http://www.springer.com/978-0-387-77265-3 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page
Metis ID: 250953