• Corpus ID: 27719286

Anomaly-based network intrusion detection : Techniques , systems and challenges

  title={Anomaly-based network intrusion detection : Techniques , systems and challenges},
  author={P. Garcı́a-Teodoroa and J. Dı́az-Verdejoa and G. Maci{\'a}-Fern{\'a}ndeza and E. V{\'a}zquezb},
The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. In this context, anomaly-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. However, despite the variety of such methods described in the literature in recent years, security tools… 

Figures and Tables from this paper

A Survey of Anomaly Detection Approaches in Internet of Things
This paper analyses, evaluates and classifies anomaly detection approaches and systems specific to the Internet of Things in terms of engine architecture, application position, and detection method and in each point of view, approaches are investigated considering the associated classification.
A Survey: Intelligent Intrusion Detection System in Computer Security
An evaluation of intrusion detection systems is presented that is then used to study and classify them, and the taxonomy involves of the detection principle, and another of positive working features of the intrusion detection system.
General study of intrusion detection system and survey of agent based intrusion detection system
  • A. Saxena, S. Sinha, P. Shukla
  • Computer Science
    2017 International Conference on Computing, Communication and Automation (ICCCA)
  • 2017
A review of the range of type of IDS like anomaly, misuse, host based, network based and hybrid IDS, specifically IDS based on the anomaly or behavior based IDS along with Agent based technology in real network.
Taxonomy of Anomaly Based Intrusion Detection System: A Review
A taxonomy of anomaly based intrusion detection systems is introduced that classifies all possible techniques according to their properties along with their advantages and disadvantages and includes various examples from the past and current projects.
A study on IDS for preventing Denial of Service attack using outliers techniques
The study of outlier detection technique and how it is used to develop the intrusion detection system to overcome the DOS attack is presented.
Comprehensive Review : Intrusion Detection System and Techniques
This paper gives review on different techniques of intrusion detection System, used to check the system vulnerabilities and to detect the behavior of the system, i.e. anomalous behavior.
A Survey on Secure Network: Intrusion Detection & Prevention Approaches
This survey focuses on presenting the different issues that must be addressed to build fully functional and practically usable intrusion detection systems (IDSs) and points out the state of the art in each area and suggests important open research issues.
Anomaly-based IDS to Detect Attack Using Various Artificial Intelligence & Machine Learning Algorithms: A Review
  • Alka Mishra, P. Yadav
  • Computer Science
    2nd International Conference on Data, Engineering and Applications (IDEA)
  • 2020
A description of AIDS for attack detection is delivered, which introduces avoidance techniques utilized by attackers to avoid detection in current Intrusion Detection System (IDS).
The paper presents a new approach to network traffic research and indicates the direction in the area of modernization and improvement of algorithms for detection of network anomalies and network intrusions.
Administrative evaluation of intrusion detection system
This research has developed a methodology to evaluate intrusion detection systems in a simulated environment and shows considerable differences among tested intrusion detection system.


Specification-based anomaly detection: a new approach for detecting network intrusions
Whereas feature selection was a crucial step that required a great deal of expertise and insight in the case of previous anomaly detection approaches, it is shown that the use of protocol specifications in the approach simplifies this problem.
Anomaly detection methods in wired networks: a survey and taxonomy
Research on Intrusion Detection and Response: A Survey
A review on current trends in intrusion detection together with a study on technologies implemented by some researchers in this research area are provided.
Identifying intrusions in computer networks with principal component analysis
  • Wei Wang, R. Battiti
  • Computer Science
    First International Conference on Availability, Reliability and Security (ARES'06)
  • 2006
A novel method for intrusion identification in computer networks based on principal component analysis (PCA), which is tested with network data from MIT Lincoln labs for the 1998 DARPA intrusion detection evaluation program and testing results show that the model is promising in terms of identification accuracy and computational efficiency.
Host-based intrusion detection using dynamic and static behavioral models
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
Three classes of attacks which exploit fundamentally problems with the reliability of passive protocol analysis are defined--insertion, evasion and denial of service attacks--and how to apply these three types of attacks to IP and TCP protocol analysis is described.
A Methodology for Testing Intrusion Detection Systems
The authors present the details of the methodology, including strategies for test-case selection and specific testing procedures, and an overview of the software platform that has been used to create user-simulation scripts for testing experiments.
Fuzzy network profiling for intrusion detection
  • J. Dickerson, J. Dickerson
  • Computer Science
    PeachFuzz 2000. 19th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.00TH8500)
  • 2000
This paper describes the components in the FIRE architecture and explains their roles, with particular attention given to explaining the benefits of data mining and how this can improve the meaningfulness of the fuzzy sets.
An Intrusion-Detection Model
  • D. Denning
  • Computer Science
    1986 IEEE Symposium on Security and Privacy
  • 1986
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that