Approaches in anomaly-based network intrusion detection systems

D. Bolzoni, S. Etalle

Research output: Chapter in Book/Report/Conference proceedingChapterAcademic

9 Citations (Scopus)


Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffic from anomalous activity. To support our thesis, we present a comparison between different anomaly-based NIDSs, focusing in particular on the data analyzed by the detection engine to discover possible malicious activities. Furthermore, we present a comparison of two payload and anomaly-based NIDSs: PAYL and POSEIDON.
Original languageEnglish
Title of host publicationIntrusion Detection Systems
EditorsR. Di Pietro, L.V. Mancini
Place of PublicationLondon
ISBN (Print)978-0-387-77265-3
Publication statusPublished - 2008

Publication series

NameAdvances in Information Security
ISSN (Print)1568-2633


Dive into the research topics of 'Approaches in anomaly-based network intrusion detection systems'. Together they form a unique fingerprint.

Cite this