@inbook{bbce129717b34176b0c7d40ba0a5686c,
title = "Approaches in anomaly-based network intrusion detection systems",
abstract = "Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffic from anomalous activity. To support our thesis, we present a comparison between different anomaly-based NIDSs, focusing in particular on the data analyzed by the detection engine to discover possible malicious activities. Furthermore, we present a comparison of two payload and anomaly-based NIDSs: PAYL and POSEIDON.",
author = "D. Bolzoni and S. Etalle",
year = "2008",
doi = "10.1007/978-0-387-77265-3_1",
language = "English",
isbn = "978-0-387-77265-3",
series = "Advances in Information Security",
publisher = "Springer",
pages = "1--16",
editor = "{Di Pietro}, R. and L.V. Mancini",
booktitle = "Intrusion Detection Systems",
address = "Germany",
}