Approaches in anomaly-based network intrusion detection systems

D. Bolzoni, S. Etalle

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureHoofdstukAcademic

9 Citaten (Scopus)


Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffic from anomalous activity. To support our thesis, we present a comparison between different anomaly-based NIDSs, focusing in particular on the data analyzed by the detection engine to discover possible malicious activities. Furthermore, we present a comparison of two payload and anomaly-based NIDSs: PAYL and POSEIDON.
Originele taal-2Engels
TitelIntrusion Detection Systems
RedacteurenR. Di Pietro, L.V. Mancini
Plaats van productieLondon
ISBN van geprinte versie978-0-387-77265-3
StatusGepubliceerd - 2008

Publicatie series

NaamAdvances in Information Security
ISSN van geprinte versie1568-2633

Vingerafdruk Duik in de onderzoeksthema's van 'Approaches in anomaly-based network intrusion detection systems'. Samen vormen ze een unieke vingerafdruk.

Citeer dit