Approaches in Anomaly-based Network Intrusion Detection Systems

D. Bolzoni, Sandro Etalle

    Research output: Chapter in Book/Report/Conference proceedingChapterAcademic

    10 Citations (Scopus)
    3 Downloads (Pure)


    Anomaly-based network intrusion detection systems (NIDSs) can take into consideration packet headers, the payload, or a combination of both. We argue that payload-based approaches are becoming the most effective methods to detect attacks. Nowadays, attacks aim mainly to exploit vulnerabilities at application level: thus, the payload contains the most important information to differentiate normal traffic from anomalous activity. To support our thesis, we present a comparison between different anomaly-based NIDSs, focusing in particular on the data analyzed by the detection engine to discover possible malicious activities. Furthermore, we present a comparison of two payload and anomaly-based NIDSs: PAYL and POSEIDON.
    Original languageUndefined
    Title of host publicationIntrusion Detection Systems
    Place of PublicationLondon
    Number of pages15
    ISBN (Print)978-0-387-77265-3
    Publication statusPublished - Jun 2008

    Publication series

    NameAdvances in Information Security
    PublisherSpringer Verlag


    • EWI-12278
    • IR-62246
    • METIS-250953
    • SCS-Cybersecurity

    Cite this