EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


12278 Approaches in Anomaly-based Network Intrusion Detection Systems
Home Policy Brochure Browse Search User Area Contact Help

Bolzoni, D. and Etalle, S. (2008) Approaches in Anomaly-based Network Intrusion Detection Systems. In: Intrusion Detection Systems. Advances in Information Security 38. Springer Verlag, London, pp. 1-16. ISBN 978-0-387-77265-3

Full text available as:

PDF
- Univ. of Twente only
180 Kb

Official URL: http://dx.doi.org/10.1007/978-0-387-77265-3_1

Exported to Metis

Abstract

Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffic from anomalous activity. To support our thesis, we present a comparison between different anomaly-based NIDSs, focusing in particular on the data analyzed by the detection engine to discover possible malicious activities. Furthermore, we present a comparison of two payload and anomaly-based NIDSs: PAYL and POSEIDON.

Item Type:Book Section
Research Group:EWI-DIES: Distributed and Embedded Security
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:IPID: Integrated Policy-based Intrusion Detection
ID Code:12278
Status:Published
Deposited On:22 April 2008
Refereed:No
International:Yes
More Information:statisticsmetis

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item