Anomaly Based Intrusion Detection System
computers & security 28 (2009) 18–28
available at www.sciencedirect.com
journal homepage: www.elsevier.com/locate/cose
Anomaly-based network intrusion detection:
Techniques, systems and challenges
P. Garcı´a-Teodoroa,*, J. Dı´az-Verdejoa, G. Macia´-Ferna´ndeza, E. Va´zquezb a Department of Signal Theory, Telematics and Communications – Computer Science and Telecommunications Faculty,
University of Granada, Granada, Spain b Department of Telematic Engineering - Universidad Polite´cnica de Madrid, Madrid, Spain
article info
abstract
Article history:
The Internet and computer networks are exposed to an increasing number of security
Received 9 January 2008
threats. With new types of attacks appearing continually, developing flexible and adaptive
Accepted 13 August 2008
security oriented approaches is a severe challenge. In this context, anomaly-based network intrusion detection techniques are a valuable technology to protect target systems and
Keywords:
networks against malicious activities. However, despite the variety of such methods
Network security
described in the literature in recent years, security tools incorporating anomaly detection
Threat
functionalities are just starting to appear, and several important problems remain to be
Intrusion detection
solved. This paper begins with a review of the most well-known anomaly-based intrusion
Anomaly detection
detection techniques. Then, available platforms, systems under development and research
IDS systems and platforms
projects in the area are presented. Finally, we outline the main challenges to be dealt with
Assessment
for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues.
ª 2008 Elsevier Ltd. All rights reserved.
1.
Introduction
Intrusion Detection Systems (IDS) are security tools that, like other measures such as antivirus software, firewalls and access control schemes, are intended to strengthen the security of information and
available at www.sciencedirect.com
journal homepage: www.elsevier.com/locate/cose
Anomaly-based network intrusion detection:
Techniques, systems and challenges
P. Garcı´a-Teodoroa,*, J. Dı´az-Verdejoa, G. Macia´-Ferna´ndeza, E. Va´zquezb a Department of Signal Theory, Telematics and Communications – Computer Science and Telecommunications Faculty,
University of Granada, Granada, Spain b Department of Telematic Engineering - Universidad Polite´cnica de Madrid, Madrid, Spain
article info
abstract
Article history:
The Internet and computer networks are exposed to an increasing number of security
Received 9 January 2008
threats. With new types of attacks appearing continually, developing flexible and adaptive
Accepted 13 August 2008
security oriented approaches is a severe challenge. In this context, anomaly-based network intrusion detection techniques are a valuable technology to protect target systems and
Keywords:
networks against malicious activities. However, despite the variety of such methods
Network security
described in the literature in recent years, security tools incorporating anomaly detection
Threat
functionalities are just starting to appear, and several important problems remain to be
Intrusion detection
solved. This paper begins with a review of the most well-known anomaly-based intrusion
Anomaly detection
detection techniques. Then, available platforms, systems under development and research
IDS systems and platforms
projects in the area are presented. Finally, we outline the main challenges to be dealt with
Assessment
for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues.
ª 2008 Elsevier Ltd. All rights reserved.
1.
Introduction
Intrusion Detection Systems (IDS) are security tools that, like other measures such as antivirus software, firewalls and access control schemes, are intended to strengthen the security of information and