Approaches in Anomaly-based Network Intrusion Detection Systems

D. Bolzoni; Sandro Etalle

doi:10.1007/978-0-387-77265-3_1

Approaches in Anomaly-based Network Intrusion Detection Systems

D. Bolzoni, Sandro Etalle

Research output: Chapter in Book/Report/Conference proceeding › Chapter › Academic

10 Citations (Scopus)

3 Downloads (Pure)

Abstract

Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffic from anomalous activity. To support our thesis, we present a comparison between different anomaly-based NIDSs, focusing in particular on the data analyzed by the detection engine to discover possible malicious activities. Furthermore, we present a comparison of two payload and anomaly-based NIDSs: PAYL and POSEIDON.

Original language	Undefined
Title of host publication	Intrusion Detection Systems
Place of Publication	London
Publisher	Springer
Pages	1-16
Number of pages	15
ISBN (Print)	978-0-387-77265-3
DOIs	https://doi.org/10.1007/978-0-387-77265-3_1
Publication status	Published - Jun 2008

Publication series

Name	Advances in Information Security
Publisher	Springer Verlag
Number	4952/38
Volume	38

Keywords

EWI-12278
IR-62246
METIS-250953
SCS-Cybersecurity

Access to Document

10.1007/978-0-387-77265-3_1

Cite this

@inbook{ca5a9db70ff640698a6f1d930f0e5610,

title = "Approaches in Anomaly-based Network Intrusion Detection Systems",

abstract = "Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffic from anomalous activity. To support our thesis, we present a comparison between different anomaly-based NIDSs, focusing in particular on the data analyzed by the detection engine to discover possible malicious activities. Furthermore, we present a comparison of two payload and anomaly-based NIDSs: PAYL and POSEIDON.",

keywords = "EWI-12278, IR-62246, METIS-250953, SCS-Cybersecurity",

author = "D. Bolzoni and Sandro Etalle",

year = "2008",

month = jun,

doi = "10.1007/978-0-387-77265-3_1",

language = "Undefined",

isbn = "978-0-387-77265-3",

series = "Advances in Information Security",

publisher = "Springer",

number = "4952/38",

pages = "1--16",

booktitle = "Intrusion Detection Systems",

address = "Germany",

}

TY - CHAP

T1 - Approaches in Anomaly-based Network Intrusion Detection Systems

AU - Bolzoni, D.

AU - Etalle, Sandro

PY - 2008/6

Y1 - 2008/6

N2 - Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffic from anomalous activity. To support our thesis, we present a comparison between different anomaly-based NIDSs, focusing in particular on the data analyzed by the detection engine to discover possible malicious activities. Furthermore, we present a comparison of two payload and anomaly-based NIDSs: PAYL and POSEIDON.

AB - Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffic from anomalous activity. To support our thesis, we present a comparison between different anomaly-based NIDSs, focusing in particular on the data analyzed by the detection engine to discover possible malicious activities. Furthermore, we present a comparison of two payload and anomaly-based NIDSs: PAYL and POSEIDON.

KW - EWI-12278

KW - IR-62246

KW - METIS-250953

KW - SCS-Cybersecurity

U2 - 10.1007/978-0-387-77265-3_1

DO - 10.1007/978-0-387-77265-3_1

M3 - Chapter

SN - 978-0-387-77265-3

T3 - Advances in Information Security

SP - 1

EP - 16

BT - Intrusion Detection Systems

PB - Springer

CY - London

ER -